Current policies we have configured in McAfee Database Activity Monitoring are pointing to specific DB tables and threashold scenarios. I'm looking for a way to create automated user profiles based on user behaviour by monitoring all DB tables and alert on anomalies that will be detected without heaving to define specific rules for specific DB fields.
For example: Monitoring the DB over time will build a user profile for user A that tpyically connects from Germany between Mon-Fri, 08:00 AM & 17:00 PM local time and performs 20 DB transactions per day in average.
I would like McAfee DAM to learn this pattern and alert me on anything which doesn't fit.
For example, any of the following activities will trigger an alert: - User A connected from a different country - Connected during weekend hours - Performed 500 transactions on a specific day.
Can this be done on McAFee DAM? Does McAfee supports profiling? machine learning? UBA?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.