Updated on 2024-04-16 GMT+08:00

Adding Risky Operations

Database audit has built-in rules for detecting data reduction and slow SQL statements. You can also add risky operations and customize detection rules.

One piece of audited data can match only one risky operation rule.

Prerequisites

  • You have purchased a database audit instance and the Status is Running.
  • Database audit has been enabled.

Procedure

  1. Log in to the management console.
  2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the navigation tree, choose Rules.
  4. In the Instance drop-down list, select an instance to add risky operations. Click the Risky Operations tab. Click Add above the risky operation list.
  5. In the Instance drop-down list, select an instance to add risky operations.
  6. Click the Risky Operation tab.
  7. Click Add above the risky operation list.
  8. On the Add Risky Operation page, set the basic information and client IP address, as shown in Figure 1.

    Figure 1 Setting the basic information and client IP address
    Table 1 Parameters

    Parameter

    Description

    Example Value

    Name

    Custom name of a risky operation

    test

    Risk Severity

    Severity of a risky operation. The options are as follows:

    • High
    • Moderate
    • Low
    • No risks

    High

    Status

    Status of a risky operation

    • : enabled
    • : disabled

    Select Database

    Database that the risky operation will be applied to

    You can select ALL or a specific database.

    -

    Client IP Address or IP Range

    IP address or IP address range of the client

    The IP address can be an IPv4 address (for example, 192.168.1.1) or an IPv6 address (for example, fe80:0000:0000:0000:0000:0000:0000:0000).

    192.168.0.0

  9. Set the operation type, operation object, and execution result, as shown in Figure 2. For details about related parameters, see Table 2.

    Figure 2 Setting the operation type, operation object, and execution result
    Table 2 Parameters

    Parameter

    Description

    Example Value

    Operations

    Type of a risky operation, including Login and Operation

    When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.

    Operation

    Objects

    Enter the target database, target table, and field information after clicking Add Operation Object. Click OK to add an operation object.

    -

    Results

    Set Affected Rows and Operation Duration. The operation conditions are as follows:

    • Greater than
    • Less than
    • Equal To
    • Equal to or greater than
    • Less than or equal to

    -

  10. Click Save.