Updated on 2026-07-07 GMT+08:00

Audit Rule Overview

Database audit provides five types of audit rules: audit scope, SQL injection, risky operations, privacy data masking, and SQL whitelists. You can manage and prioritize these rules to detect risks, defend against attacks, enhance compliance, and minimize false positives.

You are advised to periodically check audit rules and logs to ensure that they meet the latest security and compliance requirements. In this way, you can effectively monitor database activities and detect and handle security threats in time.

Rule Description

Rule

Applicable Scenario

Description

Audit scope rules

By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance.

You can also add audit scope and specify the databases to be audited.

By default, the full audit rule takes effect even if other rules exist. To make another audit rule take effect, disable the full audit rule first.

SQL injection rules

You can add SQL injection rules to audit your databases.

SQL injection rules of database audit are enabled by default. You can disable, enable, edit, and set priorities for SQL injection rules.

One piece of audited data can match only one SQL injection rule.

Risky operation rules

Database audit has four built-in detection rules, including database reduction detection, slow SQL statements detection, batch data tampering detection, and batch data deletion detection, helping you detect database security risks in a timely manner.

You can also add risky operations and customize detection rules.

One piece of audited data can match only one risky operation rule.

Privacy protection rules

To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information leakage.

Only user-defined rules can be edited and deleted. Default rules can only be enabled and disabled.

SQL whitelist

You can add risky SQL statements to the whitelist. The SQL statements in the whitelist will be ignored during the audit.

You can edit, disable, and delete the added SQL statement whitelist.