2 Replies Latest reply on Apr 9, 2014 12:35 AM by stickman

    database activity monitor custom rules

    stickman

      Hi guys,

       

      Thought it would be good to see everyone share their knowledge for Database Activity Monitor custom rules here. So many different ways of creating rules with different expressions.  Here is mine, to monitor privileged access:

       

      1.    Go to Menu > Policies > Rule Objects > New Objects
      2.    Provide a new for the new item (e.g. “privileged_access”)
      3.    Type ‘user’ and under Value enter: ‘sys’, ‘dba’, ‘sa’
      4.    In Comments enter “Logins with privileged access”
      5.    Save and exit.

       

      Use the rule created in policies

       

      1.    Go to Menu > Policy > Policy Catalog
      2.    Under Product: select Database Activity Monitoring
      3.    Under My Default / Custom Rules click on Create New Rule
      4.    Give a name for the new rule "Monitor Privileged Access”
      5.    In Rule Text enter: user in $privileged_access (the object created previously)

      6.    Under Actions click on Create Event and select your level
      7.    Save changes in the Rule and Save Policy.

       

      Please post yours, so many things to monitor, sure we can create cool thread here with great examples. Just to name a few:

      catch all which collect ALL activity on database
      application access (apache, sql server management, epo)

      actions (ddl)
      objects (employees)
      monitor ddl (grant, alter, drop)

       

      Looking forward seeing replies on this thread!