cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

database activity monitor custom rules

Hi guys,

Thought it would be good to see everyone share their knowledge for Database Activity Monitor custom rules here. So many different ways of creating rules with different expressions.  Here is mine, to monitor privileged access:

1.    Go to Menu > Policies > Rule Objects > New Objects
2.    Provide a new for the new item (e.g. “privileged_access”)
3.    Type ‘user’ and under Value enter: ‘sys’, ‘dba’, ‘sa’
4.    In Comments enter “Logins with privileged access”
5.    Save and exit.

Use the rule created in policies

1.    Go to Menu > Policy > Policy Catalog
2.    Under Product: select Database Activity Monitoring
3.    Under My Default / Custom Rules click on Create New Rule
4.    Give a name for the new rule "Monitor Privileged Access”
5.    In Rule Text enter: user in $privileged_access (the object created previously)

6.    Under Actions click on Create Event and select your level
7.    Save changes in the Rule and Save Policy.

Please post yours, so many things to monitor, sure we can create cool thread here with great examples. Just to name a few:

catch all which collect ALL activity on database
application access (apache, sql server management, epo)

actions (ddl)
objects (employees)
monitor ddl (grant, alter, drop)

Looking forward seeing replies on this thread!

2 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 3

Re: database activity monitor custom rules

Love this idea! We are just starting deployment of this in production so I will be posting my additions down the road.

-d

Highlighted

Re: database activity monitor custom rules

Awesome dcobes. Must say we havent had much success with v5, considering going to v4 until v5 is stable.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community