Checking for Dirty Tables

Scenario

Configure a rule to detect operations on dirty tables. You can configure unnecessary databases, tables, and columns as dirty tables. Programs that access the dirty tables will be marked as suspicious programs.

In this way, you can detect the SQL statements that access dirty tables and detect data security risks in a timely manner.

Prerequisites

You have configured unnecessary databases, tables, or columns.

Procedure

Log in to the management console.
Select a region and click . Choose Security & Compliance > Database Security Service.
In the navigation pane, choose Rules.
In the Instance drop-down list, select an instance.
Click the Risky Operations tab.
In the Basic Information area, set Risk Level to High.
(Optional) Configure an IP address or IP address segment, or all the IP addresses will be checked by default.
Select Operation and All operations. Configure unnecessary databases, tables, or columns, as shown in Figure 1.

Figure 1 Adding a dirty table detection rule
Click Save.

Viewing Dirty Table Detection Results

Perform the following steps:

Log in to the management console.
Select a region and click . Choose Security & Compliance > Database Security Service.
In the navigation pane, choose Dashboard.
In the Instance drop-down list, select the instance whose data reduction statement information you want to view.
Click the Statements tab.
Set filter criteria to query SQL statements.
- Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time and end time. Click Submit to view SQL statements of the specified time range.
- Set Risk Severity (the default value in the dirty table detection rule is High) and click Submit.
- Click next to Advanced Settings. Configure parameters as shown in Figure 2. Click Search.
  
  A maximum of 10,000 records can be retrieved in a query.
  
  Figure 2 Advanced settings

In the Operation column of an SQL statement, click Details. For more information, see Table 1.

**Table 1** SQL statement parameters
Parameter	Description
Session ID	ID of an SQL statement, which is automatically generated
Database Instance	Database where an SQL statement is executed
Database Type	Type of the database where an SQL statement is executed
Database User	Database user for executing an SQL statement
Client MAC Address	MAC address of the client where an SQL statement is executed
Database MAC Address	MAC address of the database where an SQL statement is executed
Client IP Address	IP address of the client where an SQL statement is executed
Database IP Address	IP address of the database where an SQL statement is executed
Client Port	Port of the client where an SQL statement is executed
Database Port	Port of the database where the SQL statement is executed
Client Name	Name of the client where an SQL statement is executed
Operations	Type of an SQL statement operation
Operation Object Type	Type of an SQL statement operation object
Response Result	Response to an SQL statement
Affected Rows	Number of rows affected by executing an SQL statement
Started	Time when an SQL statement starts to be executed
Ended	Time when the SQL statement execution ends
SQL Statement	Name of an SQL statement
Request Result	Result of requesting for executing an SQL statement

View Dirty Table Detection Rules

Choose Rules and click the Risky Operations tab. Here you can perform the following operations.

Enable
In the row containing the dirty table detection rule, click Enable in the Operation column.
Edit
In the row containing the dirty table detection rule, click Edit in the Operation column.
Disable
In the row containing the dirty table detection rule, click Disable in the Operation column. Disabled rules will not be audited.
Delete
In the row containing the dirty table detection rule, click Delete in the Operation column. To add the rule again, follow the instructions in Adding Risky Operations.