Thought it would be good to see everyone share their knowledge for Database Activity Monitor custom rules here. So many different ways of creating rules with different expressions. Here is mine, to monitor privileged access:
1. Go to Menu > Policies > Rule Objects > New Objects 2. Provide a new for the new item (e.g. “privileged_access”) 3. Type ‘user’ and under Value enter: ‘sys’, ‘dba’, ‘sa’ 4. In Comments enter “Logins with privileged access” 5. Save and exit.
Use the rule created in policies
1. Go to Menu > Policy > Policy Catalog 2. Under Product: select Database Activity Monitoring 3. Under My Default / Custom Rules click on Create New Rule 4. Give a name for the new rule "Monitor Privileged Access” 5. In Rule Text enter: user in $privileged_access (the object created previously)
6. Under Actions click on Create Event and select your level 7. Save changes in the Rule and Save Policy.
Please post yours, so many things to monitor, sure we can create cool thread here with great examples. Just to name a few:
catch all which collect ALL activity on database application access (apache, sql server management, epo)
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.