Checking for Data Reduction

Scenario

Database audit provides a preconfigured rule to check audit logs for data security risks, such as SQL statements used for data breach.

You can learn the execution duration, number of affected rows, and database information of the SQL statements.

The following types of statements can be audited:

DDL:
- CREATE TABLE
- CREATE TABLESPACE
- DROP TABLE
- DROP TABLESPACE
DML:
- INSERT
- UPDATE
- DELETE
- SELECT
- SELECT FOR UPDATE
DCL:
- CREATE USER
- DROP USER
- GRANT

Configuring Data Reduction Detection

To check for data reduction, configure the database to be audited, client IP address or IP address segment, operation type, operation object, and execution result.

Log in to the management console.
Select a region and click . Choose Security & Compliance > Database Security Service.
In the navigation pane, choose Rules.
In the Instance drop-down list, select an instance.
Click the Risky Operations tab.
In the Operation column of a data reduction event, click Edit. The Edit Risky Operation page will be displayed.
(Optional) Configure an IP address or IP address segment, or all the IP addresses will be checked by default.
In the Operations area, select Operation and SELECT.

Figure 1 Operations
(Optional) Configure operation objects, or all the operation objects will be scanned by default.
1. Click an operation object. Enter the target database, target table, and field information.
2. Click OK.
In the Results area, configure Affected Rows and Operation Duration.

Figure 2 Results

If your application changes (for example, because of service upgrade or code changes), you need to modify Affected Rows to ensure the results are fully audited.
Click Save.

Viewing Data Reduction Check Results

Perform the following steps:

Log in to the management console.
Select a region and click . Choose Security & Compliance > Database Security Service.
In the navigation pane, choose Dashboard.
In the Instance drop-down list, select an instance.
Click the Statements tab.
Set filter criteria to query SQL statements.
- Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time and end time. Click Submit to view SQL statements of the specified time range.
- Set Risk Severity (the default value in the data reduction rule is High) and click Submit.
- Click next to Advanced Settings. Configure parameters, as shown in Figure 3, and click Search.
  
  A maximum of 10,000 records can be retrieved in a query.
  
  Figure 3 Advanced settings
In the row containing the desired SQL statement, click Details in the Operation column.

In the Details dialog box, view the detailed information about the SQL statement. Table 1 describes the parameters.

**Table 1** SQL statement parameters
Parameter	Description
Session ID	ID of an SQL statement, which is automatically generated
Database Instance	Database where an SQL statement is executed
Database Type	Type of the database where an SQL statement is executed
Database User	Database user for executing an SQL statement
Client MAC Address	MAC address of the client where an SQL statement is executed
Database MAC Address	MAC address of the database where an SQL statement is executed
Client IP Address	IP address of the client where an SQL statement is executed
Database IP Address	IP address of the database where an SQL statement is executed
Client Port	Port of the client where an SQL statement is executed
Database Port	Port of the database where the SQL statement is executed
Client Name	Name of the client where an SQL statement is executed
Operation Type	Type of an SQL statement operation
Operation Object Type	Type of an SQL statement operation object
Response Result	Response to an SQL statement
Affected Rows	Number of rows affected by executing an SQL statement
Started	Time when an SQL statement starts to be executed
Ended	Time when the SQL statement execution ends
SQL Statement	Name of an SQL statement
Request Result	Result of requesting for executing an SQL statement

Viewing Data Reduction Check Rules

Choose Rules and click the Risky Operations tab. Here you can manage slow SQL settings.

Enable
In the row containing the data reduction detection rule, click Enable in the Operation column.
Edit
In the row containing the data reduction detection rule, click Edit in the Operation column.
Disable
In the row containing the data reduction detection rule, click Disable in the Operation column. Disabled rules will not be audited.
Delete
In the row containing the data reduction detection rule, click Delete in the Operation column. To add the rule again, follow the instructions in Adding Risky Operations.

Previous topic: Checking for Slow SQL Statements

Next topic: Checking for Dirty Tables

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot