Configuring Risky Operation Rules

Prerequisites

The database audit instance is in the Running state.

Constraints and Limitations

• Before enabling the risky operation, ensure that its status is Disabled.
• Before disabling the risky operation, ensure that its status is Enabled.
• If the risky operation is a system rule, setting priorities, editing, or deleting operations are not supported.

Adding a Risky Operation Rule

1. Log in to the management console.
2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
3. In the navigation tree, choose Rules.
4. In the Instance drop-down list, select an instance to add risky operations.
5. Click the Risky Operation tab.
6. Click Add above the risky operation list.
7. On the Add Risky Operation page, set the basic information and IP address or IP range. For details about related parameters, see Table 1.
   Figure 1 Configuring basic information and IP addresses or IP address segments
   

   Table 1 Parameters

   Parameter	Description	Example Value
   Name	Custom name of a risky operation	test
   Risk Severity	Severity of a risky operation. The options are as follows: High Moderate Low No risks	High
   Status	Status of a risky operation : Enabled : Disabled
   Select Database	Database that the risky operation will be applied to You can select ALL or a specific database.	-
   Exception Client IP Address or IP Range	To report risky operation alarms set by users, configure the client IP address or IP address range that is not in the trusted client IP address or IP address range. The IP address can be an IPv4 address (for example, 192.168.1.2) or an IPv6 address (for example, fe80:0000:0000:0000:0000:0000:0000:0000).	192.168.xx.xx
   Client IP Address or IP Range	IP address or IP address range of the client The IP address can be an IPv4 address (for example, 192.168.1.1) or an IPv6 address (for example, fe80:0000:0000:0000:0000:0000:0000:0000).	192.168.xx.xx

8. Set the operation type, operation object, and execution result. For details about related parameters, see Table 2.
   Figure 2 Setting the operation type, operation object, and execution result
   

   Table 2 Parameters for adding a risk rule

   Parameter	Description	Example Value
   Operations	Type of a risky operation, including Login and Operation When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.	Operation
   Objects	Enter the target database, target table, and field information after clicking Add Operation Object. Click OK to add an operation object.	-
   Results	Set Affected Rows and Operation Duration. The operation conditions are as follows: Greater than Less than Equal To Greater than or equal to Less than or equal to	Greater than or equal to

9. Click Save.

Viewing Risk Operation Rules

1. Log in to the management console.
2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
3. In the navigation tree, choose Rules.
4. In the Instance drop-down list, select an instance to view risky operations.
5. Click the Risky Operations tab.
6. View the risky operation information. For details about related parameters, see Table 3.

   You can select an attribute from the search box above the list or enter a keyword to search for a specified risky operation.

   Figure 3 Viewing the risky operation
   

   Table 3 Parameters

   Parameter	Description
   Name	Name of the risky operation
   Rule Category	Risky operation type. The options are as follows: Custom rules System rules
   Priority	Priority of a risky operation.
   Category	Category of the risky operation
   Feature	Feature of the risky operation
   Risk Level	Risk level of a risky operation. The options are as follows: High Medium Low No risks
   Status	Status of the risky operation. The options are as follows: Enabled Disabled

   

   You can perform the following operations on risky operations as required:

   • Enable

     Locate the row that contains the risky operation to be enabled, and click Enable in the Operation column. The operation will be audited.

   • Edit

     Locate the row that contains the risky operation to be edited, click Edit in the Operation column, and modify the operation in the displayed dialog box.

   • Disable

     Locate the row that contains the risky operation to be disabled, click Disable in the Operation column, and click OK in the displayed dialog box. When a risky operation is disabled, the risky operation rule will not be executed in the audit.

   • Deleting

     Locate the row that contains the risky operation to be deleted, click Delete in the Operation column, and click OK in the displayed dialog box. You need to add the risky operation again if a risky operation is deleted and you need to audit its rule.

Setting the Risk Rule Priority

1. Log in to the management console.
2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
3. In the navigation tree, choose Rules.
4. In the Instance drop-down list, select an instance to set risky operation priority. Click the Risky Operations tab.
5. In the row containing the risky operation for which you want to set a priority, click in the Priority column.
   Figure 4 Setting the priority
   

6. Click OK.
   Figure 5 Setting the priority