diff --git a/docs/dbss/umn/ALL_META.TXT.json b/docs/dbss/umn/ALL_META.TXT.json
new file mode 100644
index 00000000..f1c227b5
--- /dev/null
+++ b/docs/dbss/umn/ALL_META.TXT.json
@@ -0,0 +1,622 @@
+[
+ {
+ "uri":"dbss_01_0138.html",
+ "product_code":"dbss",
+ "code":"1",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Overview",
+ "title":"Overview",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0001.html",
+ "product_code":"dbss",
+ "code":"2",
+ "des":"Database Security Service (DBSS) is an intelligent database security service. Based on the machine learning mechanism and big data analytics technologies, it can audit yo",
+ "doc_type":"usermanual",
+ "kw":"DBSS,Overview,User Guide",
+ "title":"DBSS",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0237.html",
+ "product_code":"dbss",
+ "code":"3",
+ "des":"Database audit delivers functions such as user behavior detection and audit, multi-dimensional lead analysis, real-time alarms, and reports.User Behavior Detection and Au",
+ "doc_type":"usermanual",
+ "kw":"Functions,Overview,User Guide",
+ "title":"Functions",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0238.html",
+ "product_code":"dbss",
+ "code":"4",
+ "des":"Database audit provides you with the database audit function in out-of-path pattern, enabling the system to generate real-time alarms for risky operations. In addition, d",
+ "doc_type":"usermanual",
+ "kw":"Advantages,Overview,User Guide",
+ "title":"Advantages",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0181.html",
+ "product_code":"dbss",
+ "code":"5",
+ "des":"Database audit is deployed in out-of-path pattern. It can audit databases built on ECS, BMS and RDS on the management console.Figure 1 shows the database audit deployment",
+ "doc_type":"usermanual",
+ "kw":"Deployment Architecture,Overview,User Guide",
+ "title":"Deployment Architecture",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0268.html",
+ "product_code":"dbss",
+ "code":"6",
+ "des":"Database audit provides basic, professional, and advanced editions. You can select one of them as needed.Table 1 describes the database audit editions.Database audit edit",
+ "doc_type":"usermanual",
+ "kw":"Editions,Overview,User Guide",
+ "title":"Editions",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0313.html",
+ "product_code":"dbss",
+ "code":"7",
+ "des":"Database audit is subject to certain constraints.The following types of databases on the management console can be audited in out-of-path mode:RDS instancesDatabases buil",
+ "doc_type":"usermanual",
+ "kw":"Constraints,Overview,User Guide",
+ "title":"Constraints",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0185.html",
+ "product_code":"dbss",
+ "code":"8",
+ "des":"Before using the database audit function, you need to apply for a database audit instance.Ensure the VPC of the database audit instance is the same as that of the node (a",
+ "doc_type":"usermanual",
+ "kw":"Applying for a Database Audit Instance,User Guide",
+ "title":"Applying for a Database Audit Instance",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0186.html",
+ "product_code":"dbss",
+ "code":"9",
+ "des":"Database audit supports databases built on ECS, BMS, and RDS on the console. After applying for a database audit instance, you need to add the database to be audited to t",
+ "doc_type":"usermanual",
+ "kw":"Step 1: Add a Database,User Guide",
+ "title":"Step 1: Add a Database",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0356.html",
+ "product_code":"dbss",
+ "code":"10",
+ "des":"By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can enable audit a",
+ "doc_type":"usermanual",
+ "kw":"Step 2: Enable Database Audit,User Guide",
+ "title":"Step 2: Enable Database Audit",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0253.html",
+ "product_code":"dbss",
+ "code":"11",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Step 3: View Audit Results",
+ "title":"Step 3: View Audit Results",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0205.html",
+ "product_code":"dbss",
+ "code":"12",
+ "des":"After connecting the database to the database audit instance, view SQL statements of the database.You have applied for a database audit instance and the Status is Running",
+ "doc_type":"usermanual",
+ "kw":"Viewing SQL Statement Details,Step 3: View Audit Results,User Guide",
+ "title":"Viewing SQL Statement Details",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0206.html",
+ "product_code":"dbss",
+ "code":"13",
+ "des":"After connecting the database to the database audit instance, view session distribution of the database.You have applied for a database audit instance and the Status is R",
+ "doc_type":"usermanual",
+ "kw":"Viewing Session Distribution,Step 3: View Audit Results,User Guide",
+ "title":"Viewing Session Distribution",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0204.html",
+ "product_code":"dbss",
+ "code":"14",
+ "des":"After connecting the database to the database audit instance, view the audit statistics, including the overall audit statistics, risk distribution, session statistics, an",
+ "doc_type":"usermanual",
+ "kw":"Viewing the Audit Dashboard,Step 3: View Audit Results,User Guide",
+ "title":"Viewing the Audit Dashboard",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0248.html",
+ "product_code":"dbss",
+ "code":"15",
+ "des":"By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to the database audit instance. After con",
+ "doc_type":"usermanual",
+ "kw":"Viewing Audit Reports,Step 3: View Audit Results,User Guide",
+ "title":"Viewing Audit Reports",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0190.html",
+ "product_code":"dbss",
+ "code":"16",
+ "des":"By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to database audit. You can also add audit",
+ "doc_type":"usermanual",
+ "kw":"Adding Audit Scope,User Guide",
+ "title":"Adding Audit Scope",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0362.html",
+ "product_code":"dbss",
+ "code":"17",
+ "des":"You can add SQL injection rules to audit your databases.You have purchased a database audit instance and the Status is Running.You have added a database and enabled datab",
+ "doc_type":"usermanual",
+ "kw":"Adding an SQL Injection Rule,User Guide",
+ "title":"Adding an SQL Injection Rule",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0191.html",
+ "product_code":"dbss",
+ "code":"18",
+ "des":"SQL injection detection is enabled by default. You can disable or enable the detection rules.One piece of audited data can match only one SQL injection detection rule.You",
+ "doc_type":"usermanual",
+ "kw":"Enabling or Disabling SQL Injection Detection,User Guide",
+ "title":"Enabling or Disabling SQL Injection Detection",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0192.html",
+ "product_code":"dbss",
+ "code":"19",
+ "des":"After enabling database audit, add and configure risky operations for audit.One piece of audited data can match only one risky operation rule.You have applied for a datab",
+ "doc_type":"usermanual",
+ "kw":"Adding Risky Operations,User Guide",
+ "title":"Adding Risky Operations",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0266.html",
+ "product_code":"dbss",
+ "code":"20",
+ "des":"To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information ",
+ "doc_type":"usermanual",
+ "kw":"Configuring Privacy Data Protection Rules,User Guide",
+ "title":"Configuring Privacy Data Protection Rules",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0239.html",
+ "product_code":"dbss",
+ "code":"21",
+ "des":"After configuring alarm notifications, you can receive DBSS alarms on database risks. If this function is not enabled, you have to log in to the management console to vie",
+ "doc_type":"usermanual",
+ "kw":"Configuring Alarm Notifications,User Guide",
+ "title":"Configuring Alarm Notifications",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0208.html",
+ "product_code":"dbss",
+ "code":"22",
+ "des":"This section describes how to view the system monitoring of database audit and learn about system resources and traffic usage.You have applied for a database audit instan",
+ "doc_type":"usermanual",
+ "kw":"Viewing the System Monitoring,User Guide",
+ "title":"Viewing the System Monitoring",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0252.html",
+ "product_code":"dbss",
+ "code":"23",
+ "des":"This section describes how to view and confirm alarms of database audit.You have applied for a database audit instance and the Status is Running.Database audit has been e",
+ "doc_type":"usermanual",
+ "kw":"Viewing the Alarms,User Guide",
+ "title":"Viewing the Alarms",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0213.html",
+ "product_code":"dbss",
+ "code":"24",
+ "des":"Before restarting and disabling an instance, ensure that its Status is Running.You can click the name of an instance to view its overview.Select an instance status from t",
+ "doc_type":"usermanual",
+ "kw":"Managing Database Audit Instances,User Guide",
+ "title":"Managing Database Audit Instances",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0203.html",
+ "product_code":"dbss",
+ "code":"25",
+ "des":"This section describes how to view the instance overview, including the basic information, network settings and associated databases.You have applied for a database audit",
+ "doc_type":"usermanual",
+ "kw":"Viewing the Instance Overview,User Guide",
+ "title":"Viewing the Instance Overview",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0200.html",
+ "product_code":"dbss",
+ "code":"26",
+ "des":"After adding an audit scope, you can view, enable, edit, disable, or delete the audit scope.The audit scope has been added.Before enabling, editing, or deleting the audit",
+ "doc_type":"usermanual",
+ "kw":"Management an Audit Scope,User Guide",
+ "title":"Management an Audit Scope",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0207.html",
+ "product_code":"dbss",
+ "code":"27",
+ "des":"This section describes how to view SQL injection detection information of a database audit instance.Database audit has been enabled.Select a risk severity from the All ri",
+ "doc_type":"usermanual",
+ "kw":"Viewing Information About SQL Injection Detection,User Guide",
+ "title":"Viewing Information About SQL Injection Detection",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0201.html",
+ "product_code":"dbss",
+ "code":"28",
+ "des":"After adding a risky operation, you can view the risk, enable, edit, disable, or delete the risky operation, or set its priority.The risky operation has been added.Before",
+ "doc_type":"usermanual",
+ "kw":"Managing Risky Operations,User Guide",
+ "title":"Managing Risky Operations",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0267.html",
+ "product_code":"dbss",
+ "code":"29",
+ "des":"You can view, enable, edit, disable, or delete data masking rules.Store Result SetYou are advised to disable . After this function is disabled, database audit will not st",
+ "doc_type":"usermanual",
+ "kw":"Managing Privacy Data Protection Rules,User Guide",
+ "title":"Managing Privacy Data Protection Rules",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0196.html",
+ "product_code":"dbss",
+ "code":"30",
+ "des":"By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to the database audit instance. After con",
+ "doc_type":"usermanual",
+ "kw":"Managing Audit Reports,User Guide",
+ "title":"Managing Audit Reports",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0197.html",
+ "product_code":"dbss",
+ "code":"31",
+ "des":"After backing up audit logs, you can view or delete backup audit logs.Database audit has been enabled.You have backed up audit logs.Click in the upper right corner of th",
+ "doc_type":"usermanual",
+ "kw":"Managing Backup Audit Logs,User Guide",
+ "title":"Managing Backup Audit Logs",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0209.html",
+ "product_code":"dbss",
+ "code":"32",
+ "des":"This section describes how to view operation logs of a database audit instance.Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time a",
+ "doc_type":"usermanual",
+ "kw":"Viewing Operation Logs,User Guide",
+ "title":"Viewing Operation Logs",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0409.html",
+ "product_code":"",
+ "code":"33",
+ "des":"You can add tags to database audit instances for easy management.You have applied for a database audit instance and the Status is Running.Up to 10 tags can be added to ea",
+ "doc_type":"",
+ "kw":"Adding a Database Instance Tag,User Guide",
+ "title":"Adding a Database Instance Tag",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0144.html",
+ "product_code":"dbss",
+ "code":"34",
+ "des":"After you enable CTS, the system starts recording operations on DBSS. Operation records for the last seven days can be viewed on the CTS console.The following four filter",
+ "doc_type":"usermanual",
+ "kw":"Viewing Tracing Logs,User Guide",
+ "title":"Viewing Tracing Logs",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0142.html",
+ "product_code":"dbss",
+ "code":"35",
+ "des":"Cloud Trace Service (CTS) records all cloud service operations on DBSS, including requests initiated from the management console or open APIs and responses to the request",
+ "doc_type":"usermanual",
+ "kw":"Auditable Operations,User Guide",
+ "title":"Auditable Operations",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0097.html",
+ "product_code":"dbss",
+ "code":"36",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"FAQs",
+ "title":"FAQs",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0269.html",
+ "product_code":"dbss",
+ "code":"37",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Functions",
+ "title":"Functions",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0290.html",
+ "product_code":"dbss",
+ "code":"38",
+ "des":"No. Your databases are audited in out-of-path mode. Database audit neither affects your services nor conflicts with local audit tools.",
+ "doc_type":"usermanual",
+ "kw":"Does Database Audit (in Bypass Mode) Affect My Services?,Functions,User Guide",
+ "title":"Does Database Audit (in Bypass Mode) Affect My Services?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0215.html",
+ "product_code":"dbss",
+ "code":"39",
+ "des":"Monitors database login, operation type (data definition, operation, and control), and operation object based on risky operations to effectively audit the database.Analyz",
+ "doc_type":"usermanual",
+ "kw":"What Are the Functions of Database Audit?,Functions,User Guide",
+ "title":"What Are the Functions of Database Audit?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0221.html",
+ "product_code":"dbss",
+ "code":"40",
+ "des":"Yes. In bidirectional audit, both requests and responses to the database are audited.Bidirectional audit is used for database audit by default.",
+ "doc_type":"usermanual",
+ "kw":"Does Database Audit Support Bidirectional Audit?,Functions,User Guide",
+ "title":"Does Database Audit Support Bidirectional Audit?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0312.html",
+ "product_code":"dbss",
+ "code":"41",
+ "des":"No. Applications using TLS are encrypted.",
+ "doc_type":"usermanual",
+ "kw":"Can Applications Using TLS Connections Be Audited?,Functions,User Guide",
+ "title":"Can Applications Using TLS Connections Be Audited?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0225.html",
+ "product_code":"dbss",
+ "code":"42",
+ "des":"Database audit can store online and archived audit data for at least 180 days.",
+ "doc_type":"usermanual",
+ "kw":"How Long Is the Database Audit Data Stored by Default?,Functions,User Guide",
+ "title":"How Long Is the Database Audit Data Stored by Default?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0228.html",
+ "product_code":"dbss",
+ "code":"43",
+ "des":"When database audit is running properly, if an exception occurs, you will receive an alarm notification within 5 minutes.If you set alarm notifications, when database aud",
+ "doc_type":"usermanual",
+ "kw":"How Soon Can I Receive an Alarm Notification If an Exception Occurs in Database Audit?,Functions,Use",
+ "title":"How Soon Can I Receive an Alarm Notification If an Exception Occurs in Database Audit?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0229.html",
+ "product_code":"dbss",
+ "code":"44",
+ "des":"Yes. One alarm message corresponds to one email notification.",
+ "doc_type":"usermanual",
+ "kw":"Is the Total Number Of Alarms Every Day the Same as that of Emails?,Functions,User Guide",
+ "title":"Is the Total Number Of Alarms Every Day the Same as that of Emails?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0289.html",
+ "product_code":"dbss",
+ "code":"45",
+ "des":"To preview a report online, use Google Chrome or Mozilla FireFox.",
+ "doc_type":"usermanual",
+ "kw":"Why I Cannot Preview the Database Security Audit Report Online?,Functions,User Guide",
+ "title":"Why I Cannot Preview the Database Security Audit Report Online?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0347.html",
+ "product_code":"dbss",
+ "code":"46",
+ "des":"No.Middleware is a type of software deployed between applications and software including OSs, networks, and databases. Middleware provides an environment for application ",
+ "doc_type":"usermanual",
+ "kw":"If I Use Middleware at the Service Side, Will It Affect Database Audit?,Functions,User Guide",
+ "title":"If I Use Middleware at the Service Side, Will It Affect Database Audit?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0114.html",
+ "product_code":"dbss",
+ "code":"47",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Operations",
+ "title":"Operations",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0283.html",
+ "product_code":"dbss",
+ "code":"48",
+ "des":"If SSL is enabled for a database, the database cannot be audited. To use database audit, disable SSL first.The MySQL database client is used as an example. Perform the fo",
+ "doc_type":"usermanual",
+ "kw":"How Do I Disable SSL for a Database?,Operations,User Guide",
+ "title":"How Do I Disable SSL for a Database?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0233.html",
+ "product_code":"dbss",
+ "code":"49",
+ "des":"To check the version of database audit, perform the following steps:",
+ "doc_type":"usermanual",
+ "kw":"How Do I Check the Version of Database Audit?,Operations,User Guide",
+ "title":"How Do I Check the Version of Database Audit?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0234.html",
+ "product_code":"dbss",
+ "code":"50",
+ "des":"To check the alarms of database audit, perform the following steps:Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days for Time, and click to view alarms of the",
+ "doc_type":"usermanual",
+ "kw":"How Do I View All Alarms in Database Audit?,Operations,User Guide",
+ "title":"How Do I View All Alarms in Database Audit?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0300.html",
+ "product_code":"dbss",
+ "code":"51",
+ "des":"If your PC accesses RDS through a private line, you can install the agent on a proxy your set up. Access from the proxy to the database can be audited. Access from applic",
+ "doc_type":"usermanual",
+ "kw":"How Do I Audit an RDS Database Accessed through Intranet (by Applications Off the Cloud)?,Operations",
+ "title":"How Do I Audit an RDS Database Accessed through Intranet (by Applications Off the Cloud)?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0323.html",
+ "product_code":"dbss",
+ "code":"52",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Troubleshooting",
+ "title":"Troubleshooting",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0256.html",
+ "product_code":"dbss",
+ "code":"53",
+ "des":"The functions of the database audit instance are normal. When there is database traffic, audit information about the executed SQL statement cannot be found in the SQL sta",
+ "doc_type":"usermanual",
+ "kw":"Database Audit Is Running Properly But Generates No Audit Records,Troubleshooting,User Guide",
+ "title":"Database Audit Is Running Properly But Generates No Audit Records",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0235.html",
+ "product_code":"dbss",
+ "code":"54",
+ "des":"After the database traffic is triggered, you cannot find the audit information about an executed statement in the SQL statement list.In this case, perform the following o",
+ "doc_type":"usermanual",
+ "kw":"Database Audit Is Unavailable,Troubleshooting,User Guide",
+ "title":"Database Audit Is Unavailable",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0341.html",
+ "product_code":"dbss",
+ "code":"55",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Logs",
+ "title":"Logs",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0227.html",
+ "product_code":"dbss",
+ "code":"56",
+ "des":"No. Database audit does not support migrating database operation logs.You can view the operation logs of database audit. For details, see How Long Are the Operation Logs ",
+ "doc_type":"usermanual",
+ "kw":"Can the Operation Logs of Database Audit Be Migrated?,Logs,User Guide",
+ "title":"Can the Operation Logs of Database Audit Be Migrated?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0224.html",
+ "product_code":"dbss",
+ "code":"57",
+ "des":"The operation logs of database audit are permanently saved.",
+ "doc_type":"usermanual",
+ "kw":"How Long Are the Operation Logs of Database Audit Saved by Default?,Logs,User Guide",
+ "title":"How Long Are the Operation Logs of Database Audit Saved by Default?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0309.html",
+ "product_code":"dbss",
+ "code":"58",
+ "des":"To check the operation logs of database audit, perform the following steps:Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time and e",
+ "doc_type":"usermanual",
+ "kw":"How Do I Check the Operation Logs of Database Audit?,Logs,User Guide",
+ "title":"How Do I Check the Operation Logs of Database Audit?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0284.html",
+ "product_code":"dbss",
+ "code":"59",
+ "des":"Database audit logs are stored in a log database and processed based on disk usage.If the disk usage of the log database is 85% or higher, the system automatically delete",
+ "doc_type":"usermanual",
+ "kw":"How Does Database Audit Process Logs?,Logs,User Guide",
+ "title":"How Does Database Audit Process Logs?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_01_0226.html",
+ "product_code":"dbss",
+ "code":"60",
+ "des":"Database audit supports manual backup and automatic backup. Audit logs are backed up to OBS. Buckets will be automatically created and will incur a separate bill.Perform ",
+ "doc_type":"usermanual",
+ "kw":"How Do I Back Up the Database Audit Logs?,Logs,User Guide",
+ "title":"How Do I Back Up the Database Audit Logs?",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_03_0001.html",
+ "product_code":"dbss",
+ "code":"61",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Best Practices",
+ "title":"Best Practices",
+ "githuburl":""
+ },
+ {
+ "uri":"dbss_06_0020.html",
+ "product_code":"dbss",
+ "code":"62",
+ "des":"This section describes how to audit the security of a relational database instance. (Applications connected to this DB instance are deployed on ECS.) DBSS can audit certa",
+ "doc_type":"usermanual",
+ "kw":"Auditing an RDS DB Instance (Without Agents),Best Practices,User Guide",
+ "title":"Auditing an RDS DB Instance (Without Agents)",
+ "githuburl":""
+ }
+]
\ No newline at end of file
diff --git a/docs/dbss/umn/CLASS.TXT.json b/docs/dbss/umn/CLASS.TXT.json
new file mode 100644
index 00000000..f1abd249
--- /dev/null
+++ b/docs/dbss/umn/CLASS.TXT.json
@@ -0,0 +1,560 @@
+[
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"dbss",
+ "title":"Overview",
+ "uri":"dbss_01_0138.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"1"
+ },
+ {
+ "desc":"Database Security Service (DBSS) is an intelligent database security service. Based on the machine learning mechanism and big data analytics technologies, it can audit yo",
+ "product_code":"dbss",
+ "title":"DBSS",
+ "uri":"dbss_01_0001.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"2"
+ },
+ {
+ "desc":"Database audit delivers functions such as user behavior detection and audit, multi-dimensional lead analysis, real-time alarms, and reports.User Behavior Detection and Au",
+ "product_code":"dbss",
+ "title":"Functions",
+ "uri":"dbss_01_0237.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"3"
+ },
+ {
+ "desc":"Database audit provides you with the database audit function in out-of-path pattern, enabling the system to generate real-time alarms for risky operations. In addition, d",
+ "product_code":"dbss",
+ "title":"Advantages",
+ "uri":"dbss_01_0238.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"4"
+ },
+ {
+ "desc":"Database audit is deployed in out-of-path pattern. It can audit databases built on ECS, BMS and RDS on the management console.Figure 1 shows the database audit deployment",
+ "product_code":"dbss",
+ "title":"Deployment Architecture",
+ "uri":"dbss_01_0181.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"5"
+ },
+ {
+ "desc":"Database audit provides basic, professional, and advanced editions. You can select one of them as needed.Table 1 describes the database audit editions.Database audit edit",
+ "product_code":"dbss",
+ "title":"Editions",
+ "uri":"dbss_01_0268.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"6"
+ },
+ {
+ "desc":"Database audit is subject to certain constraints.The following types of databases on the management console can be audited in out-of-path mode:RDS instancesDatabases buil",
+ "product_code":"dbss",
+ "title":"Constraints",
+ "uri":"dbss_01_0313.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"7"
+ },
+ {
+ "desc":"Before using the database audit function, you need to apply for a database audit instance.Ensure the VPC of the database audit instance is the same as that of the node (a",
+ "product_code":"dbss",
+ "title":"Applying for a Database Audit Instance",
+ "uri":"dbss_01_0185.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"8"
+ },
+ {
+ "desc":"Database audit supports databases built on ECS, BMS, and RDS on the console. After applying for a database audit instance, you need to add the database to be audited to t",
+ "product_code":"dbss",
+ "title":"Step 1: Add a Database",
+ "uri":"dbss_01_0186.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"9"
+ },
+ {
+ "desc":"By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can enable audit a",
+ "product_code":"dbss",
+ "title":"Step 2: Enable Database Audit",
+ "uri":"dbss_01_0356.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"10"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"dbss",
+ "title":"Step 3: View Audit Results",
+ "uri":"dbss_01_0253.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"11"
+ },
+ {
+ "desc":"After connecting the database to the database audit instance, view SQL statements of the database.You have applied for a database audit instance and the Status is Running",
+ "product_code":"dbss",
+ "title":"Viewing SQL Statement Details",
+ "uri":"dbss_01_0205.html",
+ "doc_type":"usermanual",
+ "p_code":"11",
+ "code":"12"
+ },
+ {
+ "desc":"After connecting the database to the database audit instance, view session distribution of the database.You have applied for a database audit instance and the Status is R",
+ "product_code":"dbss",
+ "title":"Viewing Session Distribution",
+ "uri":"dbss_01_0206.html",
+ "doc_type":"usermanual",
+ "p_code":"11",
+ "code":"13"
+ },
+ {
+ "desc":"After connecting the database to the database audit instance, view the audit statistics, including the overall audit statistics, risk distribution, session statistics, an",
+ "product_code":"dbss",
+ "title":"Viewing the Audit Dashboard",
+ "uri":"dbss_01_0204.html",
+ "doc_type":"usermanual",
+ "p_code":"11",
+ "code":"14"
+ },
+ {
+ "desc":"By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to the database audit instance. After con",
+ "product_code":"dbss",
+ "title":"Viewing Audit Reports",
+ "uri":"dbss_01_0248.html",
+ "doc_type":"usermanual",
+ "p_code":"11",
+ "code":"15"
+ },
+ {
+ "desc":"By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to database audit. You can also add audit",
+ "product_code":"dbss",
+ "title":"Adding Audit Scope",
+ "uri":"dbss_01_0190.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"16"
+ },
+ {
+ "desc":"You can add SQL injection rules to audit your databases.You have purchased a database audit instance and the Status is Running.You have added a database and enabled datab",
+ "product_code":"dbss",
+ "title":"Adding an SQL Injection Rule",
+ "uri":"dbss_01_0362.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"17"
+ },
+ {
+ "desc":"SQL injection detection is enabled by default. You can disable or enable the detection rules.One piece of audited data can match only one SQL injection detection rule.You",
+ "product_code":"dbss",
+ "title":"Enabling or Disabling SQL Injection Detection",
+ "uri":"dbss_01_0191.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"18"
+ },
+ {
+ "desc":"After enabling database audit, add and configure risky operations for audit.One piece of audited data can match only one risky operation rule.You have applied for a datab",
+ "product_code":"dbss",
+ "title":"Adding Risky Operations",
+ "uri":"dbss_01_0192.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"19"
+ },
+ {
+ "desc":"To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information ",
+ "product_code":"dbss",
+ "title":"Configuring Privacy Data Protection Rules",
+ "uri":"dbss_01_0266.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"20"
+ },
+ {
+ "desc":"After configuring alarm notifications, you can receive DBSS alarms on database risks. If this function is not enabled, you have to log in to the management console to vie",
+ "product_code":"dbss",
+ "title":"Configuring Alarm Notifications",
+ "uri":"dbss_01_0239.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"21"
+ },
+ {
+ "desc":"This section describes how to view the system monitoring of database audit and learn about system resources and traffic usage.You have applied for a database audit instan",
+ "product_code":"dbss",
+ "title":"Viewing the System Monitoring",
+ "uri":"dbss_01_0208.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"22"
+ },
+ {
+ "desc":"This section describes how to view and confirm alarms of database audit.You have applied for a database audit instance and the Status is Running.Database audit has been e",
+ "product_code":"dbss",
+ "title":"Viewing the Alarms",
+ "uri":"dbss_01_0252.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"23"
+ },
+ {
+ "desc":"Before restarting and disabling an instance, ensure that its Status is Running.You can click the name of an instance to view its overview.Select an instance status from t",
+ "product_code":"dbss",
+ "title":"Managing Database Audit Instances",
+ "uri":"dbss_01_0213.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"24"
+ },
+ {
+ "desc":"This section describes how to view the instance overview, including the basic information, network settings and associated databases.You have applied for a database audit",
+ "product_code":"dbss",
+ "title":"Viewing the Instance Overview",
+ "uri":"dbss_01_0203.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"25"
+ },
+ {
+ "desc":"After adding an audit scope, you can view, enable, edit, disable, or delete the audit scope.The audit scope has been added.Before enabling, editing, or deleting the audit",
+ "product_code":"dbss",
+ "title":"Management an Audit Scope",
+ "uri":"dbss_01_0200.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"26"
+ },
+ {
+ "desc":"This section describes how to view SQL injection detection information of a database audit instance.Database audit has been enabled.Select a risk severity from the All ri",
+ "product_code":"dbss",
+ "title":"Viewing Information About SQL Injection Detection",
+ "uri":"dbss_01_0207.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"27"
+ },
+ {
+ "desc":"After adding a risky operation, you can view the risk, enable, edit, disable, or delete the risky operation, or set its priority.The risky operation has been added.Before",
+ "product_code":"dbss",
+ "title":"Managing Risky Operations",
+ "uri":"dbss_01_0201.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"28"
+ },
+ {
+ "desc":"You can view, enable, edit, disable, or delete data masking rules.Store Result SetYou are advised to disable . After this function is disabled, database audit will not st",
+ "product_code":"dbss",
+ "title":"Managing Privacy Data Protection Rules",
+ "uri":"dbss_01_0267.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"29"
+ },
+ {
+ "desc":"By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to the database audit instance. After con",
+ "product_code":"dbss",
+ "title":"Managing Audit Reports",
+ "uri":"dbss_01_0196.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"30"
+ },
+ {
+ "desc":"After backing up audit logs, you can view or delete backup audit logs.Database audit has been enabled.You have backed up audit logs.Click in the upper right corner of th",
+ "product_code":"dbss",
+ "title":"Managing Backup Audit Logs",
+ "uri":"dbss_01_0197.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"31"
+ },
+ {
+ "desc":"This section describes how to view operation logs of a database audit instance.Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time a",
+ "product_code":"dbss",
+ "title":"Viewing Operation Logs",
+ "uri":"dbss_01_0209.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"32"
+ },
+ {
+ "desc":"You can add tags to database audit instances for easy management.You have applied for a database audit instance and the Status is Running.Up to 10 tags can be added to ea",
+ "product_code":"dbss",
+ "title":"Adding a Database Instance Tag",
+ "uri":"dbss_01_0409.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"33"
+ },
+ {
+ "desc":"After you enable CTS, the system starts recording operations on DBSS. Operation records for the last seven days can be viewed on the CTS console.The following four filter",
+ "product_code":"dbss",
+ "title":"Viewing Tracing Logs",
+ "uri":"dbss_01_0144.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"34"
+ },
+ {
+ "desc":"Cloud Trace Service (CTS) records all cloud service operations on DBSS, including requests initiated from the management console or open APIs and responses to the request",
+ "product_code":"dbss",
+ "title":"Auditable Operations",
+ "uri":"dbss_01_0142.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"35"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"dbss",
+ "title":"FAQs",
+ "uri":"dbss_01_0097.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"36"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"dbss",
+ "title":"Functions",
+ "uri":"dbss_01_0269.html",
+ "doc_type":"usermanual",
+ "p_code":"36",
+ "code":"37"
+ },
+ {
+ "desc":"No. Your databases are audited in out-of-path mode. Database audit neither affects your services nor conflicts with local audit tools.",
+ "product_code":"dbss",
+ "title":"Does Database Audit (in Bypass Mode) Affect My Services?",
+ "uri":"dbss_01_0290.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"38"
+ },
+ {
+ "desc":"Monitors database login, operation type (data definition, operation, and control), and operation object based on risky operations to effectively audit the database.Analyz",
+ "product_code":"dbss",
+ "title":"What Are the Functions of Database Audit?",
+ "uri":"dbss_01_0215.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"39"
+ },
+ {
+ "desc":"Yes. In bidirectional audit, both requests and responses to the database are audited.Bidirectional audit is used for database audit by default.",
+ "product_code":"dbss",
+ "title":"Does Database Audit Support Bidirectional Audit?",
+ "uri":"dbss_01_0221.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"40"
+ },
+ {
+ "desc":"No. Applications using TLS are encrypted.",
+ "product_code":"dbss",
+ "title":"Can Applications Using TLS Connections Be Audited?",
+ "uri":"dbss_01_0312.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"41"
+ },
+ {
+ "desc":"Database audit can store online and archived audit data for at least 180 days.",
+ "product_code":"dbss",
+ "title":"How Long Is the Database Audit Data Stored by Default?",
+ "uri":"dbss_01_0225.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"42"
+ },
+ {
+ "desc":"When database audit is running properly, if an exception occurs, you will receive an alarm notification within 5 minutes.If you set alarm notifications, when database aud",
+ "product_code":"dbss",
+ "title":"How Soon Can I Receive an Alarm Notification If an Exception Occurs in Database Audit?",
+ "uri":"dbss_01_0228.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"43"
+ },
+ {
+ "desc":"Yes. One alarm message corresponds to one email notification.",
+ "product_code":"dbss",
+ "title":"Is the Total Number Of Alarms Every Day the Same as that of Emails?",
+ "uri":"dbss_01_0229.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"44"
+ },
+ {
+ "desc":"To preview a report online, use Google Chrome or Mozilla FireFox.",
+ "product_code":"dbss",
+ "title":"Why I Cannot Preview the Database Security Audit Report Online?",
+ "uri":"dbss_01_0289.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"45"
+ },
+ {
+ "desc":"No.Middleware is a type of software deployed between applications and software including OSs, networks, and databases. Middleware provides an environment for application ",
+ "product_code":"dbss",
+ "title":"If I Use Middleware at the Service Side, Will It Affect Database Audit?",
+ "uri":"dbss_01_0347.html",
+ "doc_type":"usermanual",
+ "p_code":"37",
+ "code":"46"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"dbss",
+ "title":"Operations",
+ "uri":"dbss_01_0114.html",
+ "doc_type":"usermanual",
+ "p_code":"36",
+ "code":"47"
+ },
+ {
+ "desc":"If SSL is enabled for a database, the database cannot be audited. To use database audit, disable SSL first.The MySQL database client is used as an example. Perform the fo",
+ "product_code":"dbss",
+ "title":"How Do I Disable SSL for a Database?",
+ "uri":"dbss_01_0283.html",
+ "doc_type":"usermanual",
+ "p_code":"47",
+ "code":"48"
+ },
+ {
+ "desc":"To check the version of database audit, perform the following steps:",
+ "product_code":"dbss",
+ "title":"How Do I Check the Version of Database Audit?",
+ "uri":"dbss_01_0233.html",
+ "doc_type":"usermanual",
+ "p_code":"47",
+ "code":"49"
+ },
+ {
+ "desc":"To check the alarms of database audit, perform the following steps:Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days for Time, and click to view alarms of the",
+ "product_code":"dbss",
+ "title":"How Do I View All Alarms in Database Audit?",
+ "uri":"dbss_01_0234.html",
+ "doc_type":"usermanual",
+ "p_code":"47",
+ "code":"50"
+ },
+ {
+ "desc":"If your PC accesses RDS through a private line, you can install the agent on a proxy your set up. Access from the proxy to the database can be audited. Access from applic",
+ "product_code":"dbss",
+ "title":"How Do I Audit an RDS Database Accessed through Intranet (by Applications Off the Cloud)?",
+ "uri":"dbss_01_0300.html",
+ "doc_type":"usermanual",
+ "p_code":"47",
+ "code":"51"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"dbss",
+ "title":"Troubleshooting",
+ "uri":"dbss_01_0323.html",
+ "doc_type":"usermanual",
+ "p_code":"36",
+ "code":"52"
+ },
+ {
+ "desc":"The functions of the database audit instance are normal. When there is database traffic, audit information about the executed SQL statement cannot be found in the SQL sta",
+ "product_code":"dbss",
+ "title":"Database Audit Is Running Properly But Generates No Audit Records",
+ "uri":"dbss_01_0256.html",
+ "doc_type":"usermanual",
+ "p_code":"52",
+ "code":"53"
+ },
+ {
+ "desc":"After the database traffic is triggered, you cannot find the audit information about an executed statement in the SQL statement list.In this case, perform the following o",
+ "product_code":"dbss",
+ "title":"Database Audit Is Unavailable",
+ "uri":"dbss_01_0235.html",
+ "doc_type":"usermanual",
+ "p_code":"52",
+ "code":"54"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"dbss",
+ "title":"Logs",
+ "uri":"dbss_01_0341.html",
+ "doc_type":"usermanual",
+ "p_code":"36",
+ "code":"55"
+ },
+ {
+ "desc":"No. Database audit does not support migrating database operation logs.You can view the operation logs of database audit. For details, see How Long Are the Operation Logs ",
+ "product_code":"dbss",
+ "title":"Can the Operation Logs of Database Audit Be Migrated?",
+ "uri":"dbss_01_0227.html",
+ "doc_type":"usermanual",
+ "p_code":"55",
+ "code":"56"
+ },
+ {
+ "desc":"The operation logs of database audit are permanently saved.",
+ "product_code":"dbss",
+ "title":"How Long Are the Operation Logs of Database Audit Saved by Default?",
+ "uri":"dbss_01_0224.html",
+ "doc_type":"usermanual",
+ "p_code":"55",
+ "code":"57"
+ },
+ {
+ "desc":"To check the operation logs of database audit, perform the following steps:Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time and e",
+ "product_code":"dbss",
+ "title":"How Do I Check the Operation Logs of Database Audit?",
+ "uri":"dbss_01_0309.html",
+ "doc_type":"usermanual",
+ "p_code":"55",
+ "code":"58"
+ },
+ {
+ "desc":"Database audit logs are stored in a log database and processed based on disk usage.If the disk usage of the log database is 85% or higher, the system automatically delete",
+ "product_code":"dbss",
+ "title":"How Does Database Audit Process Logs?",
+ "uri":"dbss_01_0284.html",
+ "doc_type":"usermanual",
+ "p_code":"55",
+ "code":"59"
+ },
+ {
+ "desc":"Database audit supports manual backup and automatic backup. Audit logs are backed up to OBS. Buckets will be automatically created and will incur a separate bill.Perform ",
+ "product_code":"dbss",
+ "title":"How Do I Back Up the Database Audit Logs?",
+ "uri":"dbss_01_0226.html",
+ "doc_type":"usermanual",
+ "p_code":"55",
+ "code":"60"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"dbss",
+ "title":"Best Practices",
+ "uri":"dbss_03_0001.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"61"
+ },
+ {
+ "desc":"This section describes how to audit the security of a relational database instance. (Applications connected to this DB instance are deployed on ECS.) DBSS can audit certa",
+ "product_code":"dbss",
+ "title":"Auditing an RDS DB Instance (Without Agents)",
+ "uri":"dbss_06_0020.html",
+ "doc_type":"usermanual",
+ "p_code":"61",
+ "code":"62"
+ }
+]
\ No newline at end of file
diff --git a/docs/dbss/umn/PARAMETERS.txt b/docs/dbss/umn/PARAMETERS.txt
new file mode 100644
index 00000000..6da8d5f0
--- /dev/null
+++ b/docs/dbss/umn/PARAMETERS.txt
@@ -0,0 +1,3 @@
+version=""
+language="en-us"
+type=""
\ No newline at end of file
diff --git a/docs/dbss/umn/dbss_01_0001.html b/docs/dbss/umn/dbss_01_0001.html
new file mode 100644
index 00000000..d126f7b6
--- /dev/null
+++ b/docs/dbss/umn/dbss_01_0001.html
@@ -0,0 +1,34 @@
+
+
+DBSS
+Database Security Service (DBSS) is an intelligent database security service. Based on the machine learning mechanism and big data analytics technologies, it can audit your databases, detect SQL injection attacks, and identify high-risk operations.
+
Supported Databases
Database audit provides the audit function in out-of-path mode for the following databases on the management console:
- RDS instances
- Databases built on ECS
- Databases built on BMS
+
+
Database audit supports the following database types and versions.
+
Table 1 Database types and versions supported by database auditDatabase Type
+ |
+Edition
+ |
+
|---|
+
+GaussDB(for MYSQL)
+ |
+MYSQL 8.0
+ |
+
+
+
+
+
+
+
Service Features
- Back up and restore database audit logs and meet the audit data retention requirements.
- Monitor risks, sessions, session distribution, and SQL distribution in real time.
- Report alarms for risky behaviors and attacks and responds to database attacks in real time.
- Locate internal violations and improper operations and keep data assets secure.
+
Deployed in out-of-path pattern, database audit can perform flexible audit on the database without affecting user services.
- Monitors database login, operation type (data definition, operation, and control), and operation object based on risky operations to effectively audit the database.
- Analyzes risks, sessions, and SQL injection to help you master the database situation in a timely manner.
- Provides a report template library to generate daily, weekly, or monthly audit reports according to your configurations. Sends real-time alarm notifications to help you obtain audit reports in a timely manner.
+
+
+
FAQs
+
+
+
diff --git a/docs/dbss/umn/dbss_01_0114.html b/docs/dbss/umn/dbss_01_0114.html
new file mode 100644
index 00000000..93b384f7
--- /dev/null
+++ b/docs/dbss/umn/dbss_01_0114.html
@@ -0,0 +1,21 @@
+
+
+Operations
+
+
+
diff --git a/docs/dbss/umn/dbss_01_0138.html b/docs/dbss/umn/dbss_01_0138.html
new file mode 100644
index 00000000..6c2fdbed
--- /dev/null
+++ b/docs/dbss/umn/dbss_01_0138.html
@@ -0,0 +1,21 @@
+
+
+Overview
+
+
+
diff --git a/docs/dbss/umn/dbss_01_0142.html b/docs/dbss/umn/dbss_01_0142.html
new file mode 100644
index 00000000..705416a4
--- /dev/null
+++ b/docs/dbss/umn/dbss_01_0142.html
@@ -0,0 +1,55 @@
+
+
+Auditable Operations
+Cloud Trace Service (CTS) records all cloud service operations on DBSS, including requests initiated from the management console or open APIs and responses to the requests, for tenants to query, audit, and trace.
+
Table 1 lists DBSS operations recorded by CTS.
+
+
Table 1 DBSS operations that can be recorded by CTSOperation
+ |
+Resource Type
+ |
+Trace Name
+ |
+
|---|
+
+Creating an instance
+ |
+dbss
+ |
+createInstance
+ |
+
+Deleting an instance
+ |
+dbss
+ |
+deleteInstance
+ |
+
+Starting an instance
+ |
+dbss
+ |
+startInstance
+ |
+
+Stopping an instance
+ |
+dbss
+ |
+stopInstance
+ |
+
+Restarting an instance
+ |
+dbss
+ |
+rebootInstance
+ |
+
+
+
+
+
Viewing Tracing Logs
+After you enable CTS, the system starts recording operations on DBSS. Operation records for the last seven days can be viewed on the CTS console.
+
Viewing a DBSS Trace on the CTS Console
- Log in to the management console.
- In the navigation pane on the left, click
and choose Management & Deployment > Cloud Trace Service. - Choose Trace List in the navigation pane.
- Click Region at the top of the Trace List page to set the corresponding conditions.
The following four filters are available:
- Trace Type, Trace Source, Resource Type, and Search By
- Select the filter from the drop-down list. Set Trace Source to DBSS.
- When you select Trace name for Search By, you also need to select a specific trace name.
- When you select Resource ID for Search By, you also need to select or enter a specific resource ID.
- When you select Resource name for Search By, you also need to select or enter a specific resource name.
+ - Operator: Select a specific operator (a user other than tenant).
- Trace Rating: Available options include All trace status, normal, warning, and incident. You can only select one of them.
- In the upper right corner of the page, you can query traces in the last 1 hour, last 1 day, last 1 week, or within a customized period.
+
- Click Query.
- Click
on the left of a trace to expand its details.Figure 1 Expanding trace details
+ - Click View Trace in the Operation column. On the displayed View Trace dialog box shown in Figure 2, the trace structure details are displayed.
Figure 2 Viewing a trace
+
+
+
Deployment Architecture
+Database audit is deployed in out-of-path pattern. It can audit databases built on ECS, BMS and RDS on the management console.
+
Figure 1 shows the database audit deployment architecture.
+
Figure 1 Database audit deployment architecture
+
The agent deployment for database audit is as follows:
+
- For databases built on ECS or BMS, agents must be deployed on the database side.
- For relational databases, agents must be deployed on the application or proxy side.
+
Applying for a Database Audit Instance
+Before using the database audit function, you need to apply for a database audit instance.
+
Ensure the VPC of the database audit instance is the same as that of the node (application side or database side) where you plan to install the database audit agent. Otherwise, the instance will be unable to connect to the agent or perform audit.
+
Impact on the System
Database audit works in out-of-path mode, which neither affects user services nor conflicts with the local audit tools.
+
+
Procedure
- Log in to the management console.
- Select a region, click
, and choose . The Dashboard page is displayed. - In the upper right corner, click Apply for Database Audit.
- On the Apply for Database Audit page, select an AZ and a Type.
- AZ: If resources are sold out in an AZ, Sold out in this AZ will be displayed for the AZ. In this case, select another AZ.
- Type: For details about the supported editions, see Editions.
+ - Set database audit parameters. See Table 1.
+
Table 1 ParametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+VPC
+ |
+You can select an existing VPC, or click View VPC to create one.
+ NOTE: - Select the VPC of the node (application or database side) where you plan to install the agent.
- To change the VPC of a DBSS instance, unsubscribe from it and apply for a new one.
+
+For more information about VPC, see Virtual Private Cloud User Guide.
+ |
+vpc-sec
+ |
+
+Security Group
+ |
+The security group configured for the instance is displayed on the page. Once a security group is selected for an instance, the instance is protected by the access rules of this security group.
+For more information about security groups, see Virtual Private Cloud User Guide.
+ |
+sg
+ |
+
+Subnet
+ |
+The Subnet drop-down list displays all available subnets.
+For more information about subnets, see Virtual Private Cloud User Guide.
+ |
+public_subnet
+ |
+
+Instance Name
+ |
+Custom name of the instance
+ |
+DBSS-test
+ |
+
+
+
+
- Confirm the configuration and click Next.
- On the details confirmation page, you can click .
On the Instances page, you can view the created database audit instance.
+If the Status is Running, you have successfully applied for the database audit instance.
+
+
+
Step 1: Add a Database
+Database audit supports databases built on ECS, BMS, and RDS on the console. After applying for a database audit instance, you need to add the database to be audited to the instance.
+
Prerequisites
You have applied for a database audit instance and the Status is Running.
+
+
Adding a Database
- Log in to the management console.
- Select a region, click
, and choose . The Dashboard page is displayed. - In the navigation tree on the left, choose Databases.
- In the Instance drop-down list, select the instance whose database is to be added.
- Click Add Database.
- In the dialog box displayed, set the database information. In the dialog box displayed, set the database information, as shown in Figure 1. For details about related parameters, see Table 1.
Figure 1 Add Database dialog box
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+Example
+ |
+
|---|
+
+Database Type
+ |
+Supported database type. You can select RDS.
+ |
+RDS database
+ |
+
+Database Type
+ |
+Supported database type. You can select GaussDB(for MySQL).
+You do not need to install an agent on the database.
+ |
+GaussDB(for MySQL)
+ |
+
+
+
+
- Click OK. Then a database in the Disabled state has been added to the database list. See Figure 2. You do not need to manually install an agent.
Figure 2 Successfully adding a database
+
- After adding the database, confirm that the database information is correct. If the database information is incorrect, locate the target database and click Delete in the Operation column, and add the database again.
+
+
+
Adding Audit Scope
+By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to database audit. You can also add audit scope and specify the databases to be audited.
+
By default, the full audit rule takes effect even if other rules exist. To make another audit rule take effect, disable the full audit rule first.
+
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
+
- Database audit has been enabled.
+
+
Procedure
- Log in to the management console.
- Select a region, click , and choose . The Dashboard page is displayed.
- In the navigation tree, choose Rules.
- In the Instance drop-down list, select an instance to add audit scope.
- Add Audit Scope above the audit scope list.
- By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. This audit rule is enabled by default. You can disable it but cannot delete it.
- To make a custom rule take effect, disable the full audit rule first.
+
+ - In the displayed dialog box, set the audit scope, as shown in Figure 1. For details about related parameters, see Table 1.
Figure 1 Add Audit Scope dialog box
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Name
+ |
+Name of the custom audit scope
+ |
+audit00
+ |
+
+Database Name
+ |
+Database to be added to the audit scope
+ |
+db03
+ |
+
+Operations
+ |
+Audited operation type. It can be Login or Operation.
+When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.
+ |
+Login
+ |
+
+Database Account
+ |
+(Optional) Database username.
+You can specify multiple accounts, separated by commas (,).
+ |
+-
+ |
+
+Exception IP Address
+ |
+(Optional) IP addresses that do not need to be audited.
+ NOTE: If an IP address is set as both a source and an exception IP address, the IP address will not be audited.
+
+ |
+-
+ |
+
+Source IP Address
+ |
+(Optional) IP address or IP address range used for accessing the database to be audited
+ |
+-
+ |
+
+Source Port
+ |
+(Optional) Port number used for accessing the database to be audited
+ |
+-
+ |
+
+
+
+
- Click OK.
When the audit scope is added successfully, it is displayed in the audit scope list in the state of Enabled.
+
+
+
Related Operations
In addition to adding the audit scope, you can enable or disable SQL injection detection and add risky operations to set audit rules for database audit.
+
+
Enabling or Disabling SQL Injection Detection
+SQL injection detection is enabled by default. You can disable or enable the detection rules.
+
One piece of audited data can match only one SQL injection detection rule.
+
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- You can enable SQL injection detection when the status is Disabled.
- You can disable SQL injection detection when the status is Enabled.
+
+
Disabling SQL Injection Detection
SQL injection detection is enabled by default. You can disable the detection rules as required. When an SQL injection detection rule is disabled, the audit rule does not take effect.
+
- Log in to the management console.
- Select a region, click , and choose . The Dashboard page is displayed.
- In the navigation tree, choose Rules.
- In the Instance drop-down list, select the instance for which you want to disable SQL injection detection.
- Click the SQL Injection tab.
Only user-defined rules can be edited and deleted. Default rules can only be enabled and disabled.
+
+ - Locate the SQL injection rule you want to disable, and click Disable in the Operation column.
Figure 1 Disabling an SQL injection detection rule
+When the status of an SQL injection detection rule is Disabled, SQL injection detection is disabled successfully.
+ - In the Operation column of a rule, click Edit. Configure parameters and click OK.
Figure 2 Editing an SQL injection rule
+
+Table 1 SQL injection rule parametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Name
+ |
+Name of an SQL rule.
+ |
+Postal Code SQL injection Rule
+ |
+
+Risk Level
+ |
+Level of risks matching a SQL rule. Its value can be:
+
+ |
+Moderate
+ |
+
+Status
+ |
+Enables or disables an SQL injection rule.
+ : enabled : disabled
+ |
+
+ 
+ |
+
+Test Regular Expression
+ |
+Regular expression that checks for content in certain pattern.
+ |
+^\d{6}$
+ |
+
+Data
+ |
+Content that matches the regular expression.
+Enter content and click Test to verify that the regular expression works properly.
+ |
+628307
+ |
+
+Result
+ |
+Test result. It can be:
+- Hit
- Miss
NOTE: If the test result is Hit, the regular expression is correct.
+ If the test result is Miss, the regular expression is incorrect.
+
+
+ |
+Hit
+ |
+
+
+
+
- In the Operation column, click Delete.
+
+
Follow-Up Procedure
To restart an SQL injection detection rule, click
Enable in the
Operation column of the target rule.
Figure 3 Enabling an SQL injection detection rule
+
+
When the status of an SQL injection detection rule is Enabled, SQL injection detection is enabled successfully.
+
+
Adding Risky Operations
+After enabling database audit, add and configure risky operations for audit.
+
One piece of audited data can match only one risky operation rule.
+
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- Database audit has been enabled.
+
+
Procedure
- In the navigation tree, choose Rules.
- In the Instance drop-down list, select an instance to add risky operations. Click the Risky Operations tab. Click Add above the risky operation list.
- On the Add Risky Operation page, set the basic information and client IP address, as shown in Figure 1. .
Figure 1 Setting the basic information and client IP address
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Name
+ |
+Custom name of a risky operation
+ |
+test
+ |
+
+Risk Severity
+ |
+Severity of a risky operation. The options are as follows:
+
+ |
+High
+ |
+
+Status
+ |
+Status of a risky operation
+ : enabled : disabled
+ |
+
+
+ 
+ |
+
+Select Database
+ |
+Database that the risky operation will be applied to
+You can select ALL or a specific database.
+ |
+-
+ |
+
+Client IP Address or IP Range
+ |
+IP address or IP address range of the client
+The IP address can be an IPv4 address (for example, 192.168.1.1) or an IPv6 address (for example, fe80:0000:0000:0000:0000:0000:0000:0000).
+ |
+192.168.0.0
+ |
+
+
+
+
- Set the operation type, operation object, and execution result, as shown in Figure 2. For details about related parameters, see Table 2.
Figure 2 Setting the operation type, operation object, and execution result
+
+Table 2 ParametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Operations
+ |
+Type of a risky operation, including Login and Operation
+When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.
+ |
+Operation
+ |
+
+Objects
+ |
+Enter the target database, target table, and field information after clicking Add Operation Object. Click OK to add an operation object.
+ |
+-
+ |
+
+Results
+ |
+Set Affected Rows and Operation Duration. The operation conditions are as follows:
+- Greater than
- Less than
- Equal To
- Equal to or greater than
- Less than or equal to
+ |
+-
+ |
+
+
+
+
- Click Save.
+
+
Managing Audit Reports
+By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to the database audit instance. After connecting the database to the database audit instance, view report templates and report results.
+
Prerequisites
- Database audit has been enabled.
- Audit reports have been generated.
+
+
Viewing a Report
- Viewing reports
- Enter a report name in the upper right corner to search.
- A real-time report is automatically generated in PDF format.
- Locate the row that contains the report to be deleted, click Delete in the Operation column, and click OK in the displayed dialog box. When a report is deleted, you need to manually generate a report if you want to view the report result.
+
+
+
+
+
Viewing a Report Template
- View the report template information.
- Report types include Compliance report, Overview report, Database report, Client report, and Database operation report.
- You can enable or disable scheduled tasks, or set their frequency to daily, weekly, or monthly.
- To modify the scheduled task of a report template, click Schedule Task in the Operation column. Modify and save the settings, click Generate Report, and you can check the reports.
+
+
+
+
Managing Backup Audit Logs
+After backing up audit logs, you can view or delete backup audit logs.
+
Prerequisites
- Database audit has been enabled.
- You have backed up audit logs.
+
+
Viewing Backup Audit Logs
- View the backup audit log information. For details about related parameters, see Table 1.
Click 
in the upper right corner of the list and select the start time and end time to view backup logs in a specified time range.
+
+Table 1 Parameters of audit logsParameter
+ |
+Description
+ |
+
|---|
+
+Log Name
+ |
+Name of a log, which is automatically generated
+ |
+
+Backup Time
+ |
+Time when a log is backed up
+ |
+
+File Size
+ |
+Log file size
+ |
+
+Backup Mode
+ |
+Log backup mode.
+ |
+
+Backup Scope
+ |
+Backup time window
+ |
+
+Task Status
+ |
+Backup status of a log
+ |
+
+
+
+
Locate the row that contains the log to be deleted, click Delete in the Operation column, and click OK in the displayed dialog box.
+
+
+
+
Management an Audit Scope
+After adding an audit scope, you can view, enable, edit, disable, or delete the audit scope.
+
Prerequisites
- The audit scope has been added.
- Before enabling, editing, or deleting the audit scope, ensure that the status of audit scope is Disabled.
- Before disabling the audit scope, ensure that the status of audit scope is Enabled.
+
+
Precautions
By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. This audit rule is enabled by default. You can disable it but cannot delete it.
+
+
Viewing the Audit Scope
- View the audit scope information. For details about related parameters, see Table 1.
Figure 1 Viewing the audit scope
+ Enter the key word of an audit scope to search.
+
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Name of the audit scope
+ |
+
+Exception IP Address
+ |
+Whitelisted IP addresses within the audit scope
+ |
+
+Source IP Address
+ |
+IP address or IP address range used for accessing the database
+ |
+
+Source Port
+ |
+Port number of the IP address to be audited
+ |
+
+Database Name
+ |
+Database in the audit scope
+ |
+
+Database Account
+ |
+Database username
+ |
+
+Status
+ |
+Status of the audit scope. The options are as follows:
+
+ |
+
+
+
+
You can perform the following operations on audit scopes as required:
+
- Enable
Locate the row that contains the audit scope to be enabled, and click Enable in the Operation column. Databases within the scope will be audited.
+ - Edit (supported in customized audit scopes only)
Locate the row that contains the audit scope to be edited, click Edit in the Operation column, and modify the scope in the displayed dialog box.
+ - Disable
Locate the row that contains the audit scope to be disabled, click Disable in the Operation column, and click OK in the displayed dialog box. When the audit scope is disabled, the audit scope rule will not be executed in the audit.
+ - Delete (supported in customized audit scopes only)
Locate the row that contains the audit scope to be deleted, click Delete in the Operation column, and click OK in the displayed dialog box. You need to add the audit scope again if it is deleted and you want to audit it.
+
+
+
+
+
Managing Risky Operations
+After adding a risky operation, you can view the risk, enable, edit, disable, or delete the risky operation, or set its priority.
+
Prerequisites
- The risky operation has been added.
- Before enabling the risky operation, ensure that its status is Disabled.
- Before disabling the risky operation, ensure that its status is Enabled.
+
+
Sets the Priority of the Risky Operation
- Locate the target risky operation, and click Set Priority in the Operation column.
- In the displayed dialog box, select a priority and click OK.
+
+
Viewing the Risky Operation
- View the risky operation information. For details about related parameters, see Table 1.
Select a risk severity from the All risk severities drop-down list in the upper right corner of the list, or enter a key word of a risky operation name to search.
+
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Name of the risky operation
+ |
+
+Category
+ |
+Category of the risky operation
+ |
+
+Feature
+ |
+Feature of the risky operation
+ |
+
+Risk Severity
+ |
+Risk severity of the risky operation. The options are as follows:
+
+ |
+
+Status
+ |
+Status of the risky operation. The options are as follows:
+
+ |
+
+
+
+
You can perform the following operations on risky operations as required:
+
- Enable
Locate the row that contains the risky operation to be enabled, and click Enable in the Operation column. The operation will be audited.
+ - Edit
Locate the row that contains the risky operation to be edited, click Edit in the Operation column, and modify the operation in the displayed dialog box.
+ - Disable
Locate the row that contains the risky operation to be disabled, click Disable in the Operation column, and click OK in the displayed dialog box. When a risky operation is disabled, the risky operation rule will not be executed in the audit.
+ - Delete
Locate the row that contains the risky operation to be deleted, click Delete in the Operation column, and click OK in the displayed dialog box. You need to add the risky operation again if a risky operation is deleted and you need to audit its rule.
+
+
+
+
+
Viewing the Instance Overview
+This section describes how to view the instance overview, including the basic information, network settings and associated databases.
+
Prerequisites
You have applied for a database audit instance and the Status is Running.
+
+
Procedure
- View the basic information, network settings, and associated databases about the instance. See Figure 1. For details about related parameters, see Table 1.
Figure 1 Viewing the instance overview
+
+Table 1 Parameters of the instance overviewCategory
+ |
+Parameter
+ |
+Description
+ |
+
|---|
+
+Basic Info
+
+ |
+Name
+ |
+Instance name. You can click  next to to change it.
+ |
+
+Status
+ |
+Running status of an instance. The options are as follows:
+- Running
- Creating
- Faulty
- Disabled
- Frozen
- Frozen for legal management
- Frozen due to abuse
- Frozen due to lack of identity verification
- Frozen for partnership
- Creation failed
+ |
+
+ID
+ |
+Instance ID, which is automatically generated
+ |
+
+AZ
+ |
+Availability Zone (AZ) where an instance resides
+ |
+
+Version
+ |
+Version of the DBSS instance when you create the DBSS instance. The version of the DBSS instance created at different time may be different.
+Impact scope of DBSS instance versions:
+- Supported database types
- Supported database versions
+ |
+
+Remarks
+ |
+Remarks about an instance. You can click  next to Remarks to modify it.
+ |
+
+Edition
+ |
+Edition of an instance
+ |
+
+Created
+ |
+Time when an instance is created
+ |
+
+Network Settings
+ |
+VPC
+ |
+VPC where an instance resides
+ |
+
+Security Group
+ |
+Security group where an instance resides
+ |
+
+Subnet
+ |
+Subnet where an instance resides
+ |
+
+Private IP Address
+ |
+IP address of an instance
+ |
+
+Associated Database
+ |
+-
+ |
+Database information associated with an instance
+Click Manage Database, and the Databases page is displayed.
+ |
+
+
+
+
+
+
Viewing the Audit Dashboard
+After connecting the database to the database audit instance, view the audit statistics, including the overall audit statistics, risk distribution, session statistics, and SQL distribution.
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- Database audit has been enabled.
+
+
Procedure
- Log in to the management console.
- Select a region, click , and choose . The Dashboard page is displayed.
- In the navigation tree on the left, choose Data Reports. The Data Reports page is displayed.
- In the Instance drop-down list, select the instance whose audit information you want to view.
- View the overall audit statistics, risk distribution, session statistics, and SQL distribution.
- Select All databases or a specified database from the Database drop-down list to view the statistics about all databases in the instance or a specified database.
- Select Last 30 minutes, 1 hour, Today, 7 days, or 30 days, or click
to customize start time and end time to view the statistics of the specified time range.
+Figure 1 Viewing the audit statistics
+Figure 2 Risk distribution
+Figure 3 Session statistics
+
+
+
Viewing SQL Statement Details
+After connecting the database to the database audit instance, view SQL statements of the database.
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- Database audit has been enabled.
+
+
+
Procedure
- Log in to the management console.
- Select a region, click , and choose . The Dashboard page is displayed.
- In the navigation tree on the left, choose Data Reports. The Data Reports page is displayed.
- In the Instance drop-down list, select the instance whose SQL statement information you want to view.
- Click the Statements tab.
- View SQL statement information.
Figure 1 Querying SQL statements
+To query a specified SQL statement, perform the following steps:
+- Select All, Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days for Time and click
to view SQL statements of the specified time range. - Select All, High, Moderate, Low, or Trusted for Risk Severity and click
. SQL statements of specified severity are displayed in the list. A maximum of 10,000 records can be retrieved in a query.
+
+
+ - In the row containing the desired SQL statement, click Details in the Operation column.
- View the SQL statement information in the Details dialog box. For details about related parameters, see Table 1.
The maximum length of an audit statement or result set is 10,240 bytes. Excessive parts are not recorded in audit logs.
+
+
+Table 1 Parameters for details of SQL statementsParameter
+ |
+Description
+ |
+
|---|
+
+Session ID
+ |
+ID of an SQL statement, which is automatically generated
+ |
+
+Database Instance
+ |
+Database where an SQL statement is executed
+ |
+
+Database Type
+ |
+Type of the database where an SQL statement is executed
+ |
+
+Database User
+ |
+Database user for executing an SQL statement
+ |
+
+Client MAC Address
+ |
+MAC address of the client where an SQL statement is executed
+ |
+
+Database MAC Address
+ |
+MAC address of the database where an SQL statement is executed
+ |
+
+Client IP Address
+ |
+IP address of the client where an SQL statement is executed
+ |
+
+Database IP Address/Domain Name
+ |
+IP address or the domain name of the database where an SQL statement is executed
+ |
+
+Client Port
+ |
+Port of the client where an SQL statement is executed
+ |
+
+Database Port
+ |
+Port of the database where the SQL statement is executed
+ |
+
+Client Name
+ |
+Name of the client where an SQL statement is executed
+ |
+
+Operation Type
+ |
+Type of an SQL statement operation
+ |
+
+Operation Object Type
+ |
+Type of an SQL statement operation object
+ |
+
+Response Result
+ |
+Response by executing an SQL statement
+ |
+
+Affected Rows
+ |
+Number of rows affected by executing an SQL statement
+ |
+
+Started
+ |
+Time when an SQL statement starts to be executed
+ |
+
+Ended
+ |
+Time when the SQL statement execution ends
+ |
+
+SQL Statement
+ |
+Name of an SQL statement
+ |
+
+Request Result
+ |
+Result of requesting for executing an SQL statement
+ |
+
+
+
+
+
+
Viewing Session Distribution
+After connecting the database to the database audit instance, view session distribution of the database.
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- Database audit has been enabled.
+
+
+
Procedure
- Log in to the management console.
- Select a region, click , and choose . The Dashboard page is displayed.
- In the navigation tree on the left, choose Data Reports. The Data Reports page is displayed.
- In the Instance drop-down list, select the instance whose session information you want to view.
- Click the Sessions tab.
- View the session distribution chart.
- Select All databases or a specified database from the Database drop-down list to view the sessions about all databases in the instance or a specified database.
- Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click
to set start time and end time to view the sessions of the specified time range.
+
+
+
Viewing Information About SQL Injection Detection
+This section describes how to view SQL injection detection information of a database audit instance.
+
Prerequisites
- Database audit has been enabled.
+
+
Procedure
- View information about SQL injection detection, as shown in Figure 1. For details about related parameters, see Table 1.
Figure 1 Viewing information about the SQL injection detection
+ - Select a risk severity from the All risk severities drop-down list in the upper right corner of the list, or enter a key word of an SQL injection rule name to search.
- Click Set Priority in the Operation column of an SQL injection rule to change its priority.
+
+
+Table 1 Parameters Parameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Name of the SQL injection detection
+ |
+
+Command Feature
+ |
+Command features of the SQL injection detection
+ |
+
+Risk Severity
+ |
+Risk level of the SQL injection detection. The options are as follows:
+
+ |
+
+Status
+ |
+Status of the SQL injection detection. The options are as follows:
+
+ |
+
+Operation
+ |
+Operations on an SQL injection rule. The options are as follows:
+- Set Priority
- Disable
- Edit
- Delete
+ |
+
+
+
+
+
+
Viewing the System Monitoring
+This section describes how to view the system monitoring of database audit and learn about system resources and traffic usage.
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- Database audit has been enabled.
+
+
Procedure
- In the navigation tree on the left, choose Instances.
- Click an instance name and then click the Monitoring tab. The System Monitoring page is displayed.
- View the system monitoring information, as shown inFigure 1.
Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click 
to customize start time and end time to view the system monitoring information of the specified time range.
+Figure 1 Viewing the system monitoring
+
+
+
Viewing Operation Logs
+This section describes how to view operation logs of a database audit instance.
+
Prerequisites
+
Procedure
- View operation logs. For details about related parameters, see Table 1.
Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click 
to set start time and end time to view the operation logs of a specified time range.
+
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+
|---|
+
+Username
+ |
+User who performs the operation
+ |
+
+Time
+ |
+Time when the operation was performed
+ |
+
+Function
+ |
+Function of the operation
+ |
+
+Action
+ |
+Action of the operation
+ |
+
+Operation Object
+ |
+Object of the operation
+ |
+
+Description
+ |
+Description of the operation
+ |
+
+Result
+ |
+Result of the operation
+ |
+
+
+
+
+
+
Managing Database Audit Instances
+Prerequisites
- Before restarting and disabling an instance, ensure that its Status is Running.
+
+
Viewing the Instance
- View the database audit instances information. For details about related parameters, see Table 1.
Figure 1 Viewing database audit instances
+ - You can click the name of an instance to view its overview.
- Select an instance status from the All statuses drop-down list in the upper right corner of the list, or enter a key word of an instance to search for it.
+
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+
|---|
+
+Instance Name/ID
+ |
+Name and ID of an instance. Instance ID is automatically generated.
+ |
+
+Specifications
+ |
+Edition of an instance
+ |
+
+Status
+ |
+Running status of an instance. The options are as follows:
+- Running
- Creating
- Faulty
- Disabled
- Frozen
- Frozen for legal management
- Frozen due to abuse
- Frozen due to lack of identity verification
- Frozen for partnership
- Creation failed
+ |
+
+Associated Databases/Total Databases
+ |
+Number of databases an instance has associated with and Number of databases an instance supports
+ |
+
+Operation
+ |
+Operations can be performed on the instance. The options are as follows:
+- Configure Rules
- Enable
- Disable
- Restart
- View Details
- Delete
+ |
+
+
+
+
You can perform the following operations on instances as required:
+
- Restart
Locate the row that contains the desired instance, choose More > Restart in the Operation column, and click OK in the displayed dialog box.
+ - Enable
Locate the row that contains the desired instance, choose More > Enable in the Operation column, and click OK in the displayed dialog box.
+ - Disable
Locate the row that contains the desired instance, choose More > Disable in the Operation column, and click OK in the displayed dialog box. When an instance is disabled, the audit function is disabled for the databases on the instance.
+ - Delete
Locate the row that contains the instance that failed to be created, choose More > Delete in the Operation column, and click Delete in the displayed dialog box. Deleted instances will not be displayed in the instance list.
+ - View Details
Locate the row that contains the instance that failed to be created, choose More > View Details in the Operation column. In the dialog box that is displayed, view the instance creation failure details.
+
+
+
+
+
What Are the Functions of Database Audit?
+
+
- Monitors database login, operation type (data definition, operation, and control), and operation object based on risky operations to effectively audit the database.
- Analyzes risks, sessions, and SQL injection to help you learn the database situation in a timely manner.
- Provides a report template library to generate daily, weekly, or monthly audit reports according to your configurations. Sends real-time alarm notifications to help you obtain audit reports in a timely manner.
+
+
Does Database Audit Support Bidirectional Audit?
+Yes. In bidirectional audit, both requests and responses to the database are audited.
+
Bidirectional audit is used for database audit by default.
+
How Long Are the Operation Logs of Database Audit Saved by Default?
+The operation logs of database audit are permanently saved.
+
How Long Is the Database Audit Data Stored by Default?
+Database audit can store online and archived audit data for at least 180 days.
+
How Do I Back Up the Database Audit Logs?
+Database audit supports manual backup and automatic backup. Audit logs are backed up to OBS. Buckets will be automatically created and will incur a separate bill.
+
Perform the following operations to automatically back up audit logs.
+
Automatically Backing Up Database Audit Logs
- Log in to the management console.
- In the navigation tree on the left, choose Settings.
- In the Instance drop-down list, select the required instance and click the Backup and Restoration tab.
- Click Configure. In the displayed dialog box, set the parameters, as shown in Figure 1. For details about related parameters, see Table 1.
Figure 1 Configure Automatic Backup dialog box
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Automatic Backup
+ |
+Status of automatic backup
+ : enabled : disabled
+ |
+
+
+
+ 
+ |
+
+Backup Period
+ |
+Automatic backup period. Its options are as follows:
+
+ |
+Daily
+ |
+
+Started
+ |
+Start time of the backup. Click  to configure.
+ |
+2020/01/14 20:27:08
+ |
+
+Bucket Name
+ |
+Name of the OBS bucket used for backup. Its options are as follows:
+- Create Default Bucket
- Select Bucket
+ NOTE: - If you click Create Default Bucket, you will be prompted to authorize OBS for exporting audit log backups.
- Audit logs can be exported only to the bucket created by DBSS.
+
+ |
+20f18-7a5a-4042
+ |
+
+Export Directory
+ |
+Directory for storing backup files in the OBS bucket.
+ |
+test
+ |
+
+
+
+
- Click OK.
After the automatic backup function is configured, new data in the database will be backed up one hour later. Then you can view the backup information.
+
+
+
+
Can the Operation Logs of Database Audit Be Migrated?
+No. Database audit does not support migrating database operation logs.
+
You can view the operation logs of database audit. For details, see How Long Are the Operation Logs of Database Audit Saved by Default?
+
How Soon Can I Receive an Alarm Notification If an Exception Occurs in Database Audit?
+When database audit is running properly, if an exception occurs, you will receive an alarm notification within 5 minutes.
+
If you set alarm notifications, when database audit is running properly, the system generates an alarm notification when a metric of a database audit instance resource (CPU, memory, or disk) exceeds the alarm threshold. You can receive the notification within about 5 minutes.
+
Is the Total Number Of Alarms Every Day the Same as that of Emails?
+Yes. One alarm message corresponds to one email notification.
+
How Do I Check the Version of Database Audit?
+To check the version of database audit, perform the following steps:
+
- Log in to the management console.
- Select a region, click , and choose . The Dashboard page is displayed.
- In the navigation tree on the left, choose Instances.
- Click the name of the instance whose information you want to view. The Overview page is displayed.
- View the instance version, as shown in Figure 1.
Figure 1 Viewing the instance version
+
+
How Do I View All Alarms in Database Audit?
+To check the alarms of database audit, perform the following steps:
+
- To query specified alarms, perform the following steps:
- Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days for Time, and click
to view alarms of the specified time range. - Select All, High, Moderate, or Low for Risk Severity. Alarms of specified severity are displayed in the list.
- Select an alarm type, and alarms of specified alarm type is displayed in the list.
+
+
Database Audit Is Unavailable
+Symptom
After the database traffic is triggered, you cannot find the audit information about an executed statement in the SQL statement list.
+
In this case, perform the following operations to troubleshoot the problem:
+
+
+
Checking Database Information and Audit Function Settings
- Check whether the database information is correct.
- If the database information is correct, go to 2.
- If the database information is incorrect, click Delete to delete the database, and then click Add Database to add the database again.
- If the fault is rectified, no further operation is required.
- If the problem persists, go to 2.
+
+ - Check whether the database audit function is enabled.
+
+
+
Checking Audited Database Settings
- If Status is Enabled, go to Checking Database Agent Status.
- If Status is Disabled, click Enable to enable the desired audit scope rule of the database.
+
+
+
Checking Database Agent Status
- Log in to the node where the agent is installed as user root by using a cross-platform remote access tool (for example, PuTTY) via SSH.
- Run the following command to view the running status of the agent program:
ps -ef|grep audit_agent- If the following information is displayed, the agent is running properly. Go to 4.
| /opt/dbss_audit_agent/bin/audit_agent
+ |
+
+
- If no information is displayed, the agent does not run properly. Go to 3.
+
+ - Run the following command to restart the agent:
service audit_agent restart
+- If the fault is rectified, no further operation is required.
- If the problem persists, go to 4.
+ - Run the following command to check the communication status between the agent and database audit instance:
tailf /opt/dbss_audit_agent/log/audit_agent.log
+
+
+
+
Checking the Security Group Rules of the Database Audit Instance
- Go to the Database Security Service page.
- In the navigation tree on the left, choose Database Audit > Databases. The Databases page is displayed.
- Select an instance where the database is located from the Instance drop-down list.
- Record the IP address of the agent node.
Click 
next to the database to view the information of its agent, and record Installing Node IP Address.
+ - Add an inbound rule for the installing node.
- Click OK.
+
+
+
Verifying the Result
In your database, run an SQL statement on the node where the agent is installed, and then search for the statement in the SQL statement list.
- If the SQL statement is found, the problem has been solved.
- If the SQL statement is not found, the problem persists. Contact customer service.
+
+
+
Functions
+Database audit delivers functions such as user behavior detection and audit, multi-dimensional lead analysis, real-time alarms, and reports.
+
- User Behavior Detection and Audit
- Associates access operations in the application layer with those in the database layer.
- Uses built-in or user-defined privacy data protection rules to mask private data (such as accounts and passwords) in audit logs displayed on the console.
+ - Multi-dimensional Lead Analysis
- Behavior analysis
Supports analysis in multiple dimensions, such as audit duration, statement quantity, risk quantity, risk distribution, session statistics, and SQL distribution.
+ - Session analysis
Conducts analysis based on time, user, IP address, and client.
+ - Statement analysis
Provides multiple search criteria, such as time, risk severity, user, client IP address, database IP address, operation type, and rule.
+
+ - Real-time Alarms for Risky Operations and SQL Injection
- Risky operation
Defines a risky operation in fine-grained dimensions such as operation type, operation object, and risk severity.
+ - SQL injection
Provides an SQL injection library, which facilitates alarm reporting for database exceptions based on the SQL command feature or risk severity.
+ - System resource
Reports alarms when the usage of system resources (CPU, memory, and disk) reaches configured threshold.
+
+ - Fine-grained Reports for Various Abnormal Behaviors
+
+
Advantages
+Database audit provides you with the database audit function in out-of-path pattern, enabling the system to generate real-time alarms for risky operations. In addition, database audit generates compliance reports that meet data security standards. In this way, it locates internal violations and improper operations, protecting your data assets.
+
- Simple to set up
Database audit is deployed in out-of-path pattern. It is simple to set up and operate.
+ - Comprehensive audit
Supports audit of databases built on RDS, ECS, and BMS on the management console.
+ - Quick identification
Implements 99%+ application association audit, complete SQL parsing, and accurate protocol analysis.
+ - Efficient analysis
Responds quickly for data query with 10,000 requests per second from massive volumes of data saved.
+ - Clear permission division
Clearly divides permissions among the system administrator, security administrator, and audit administrator, meeting audit security requirements.
+
+
Configuring Alarm Notifications
+After configuring alarm notifications, you can receive DBSS alarms on database risks. If this function is not enabled, you have to log in to the management console to view alarms.
- Alarm notifications may be mistakenly blocked. If you have enabled notifications but not received any, check whether they have been blocked as spasms.
- The system collects alarm statistics every 5 minutes and sends alarm notifications (if any).
- You can also enable report notifications to get notified when the reports you subscribed to are generated. For details, see Viewing Audit Reports.
+
+
Prerequisites
You have applied for a database audit instance and the Status is Running.
+
+
Procedure
- In the navigation tree on the left, choose Settings.
- In the Instance drop-down list, select an instance to configure alarm notifications.
- Click the Alarm Notifications tab.
- Set alarm notifications. For details about related parameters, see Table 1.
Figure 1 Configuring alarm notifications
+
+Table 1 Alarm notification parametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Message Notifications
+ |
+Enables or disables notifications.
+ |
+ |
+
+Daily Alarm Notifications
+ |
+Total number of alarms allowed to be sent every day
+ NOTICE: - If the number of alarms exceeds this value on a day, no more notification will be sent on that day.
- There is no fixed time point for sending alarm notifications. The system collects statistics every 5 minutes and sends alarm notifications (if any).
+
+ |
+30
+ |
+
+Alarm Risk Severity
+ |
+Risk severity of the risk log. The options are as follows:
+
+ |
+High
+ |
+
+CPU Alarm Threshold (%)
+ |
+CPU alarm threshold of an audit instance. When the threshold is exceeded, an alarm notification is generated.
+ |
+80
+ |
+
+Memory Alarm Threshold (%)
+ |
+Memory alarm threshold of an audit instance. When the threshold is exceeded, an alarm notification is generated.
+ |
+80
+ |
+
+Disk Alarm Threshold (%)
+ |
+Disk alarm threshold of an audit instance. When the threshold is exceeded, an alarm notification is generated.
+ |
+80
+ |
+
+
+
+
- Click Apply.
+
+
Viewing Audit Reports
+By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to the database audit instance. After connecting the database to the database audit instance, generate an audit report and preview online or download it.
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- Database audit has been enabled.
+
+
+
Report Types
Database audit provides eight types of report templates. Table 1 lists the report names. You can generate reports and set report tasks as needed.
+
+
Table 1 DescriptionTemplate Name
+ |
+Report Types
+ |
+Description
+ |
+
|---|
+
+Database Security General Report
+ |
+Overview report
+ |
+Provides the overall audit status of the database, including risks, sessions, and login status to better manage databases.
+ |
+
+Database Security Compliance Report
+ |
+Compliance report
+ |
+This report helps database administrators and auditors detect abnormal behaviors, locate problems, and manage information.
+ |
+
+SOX Report
+ |
+Compliance report
+ |
+Complies with the Sarbanes-Oxley Act (SOX) to provide statics on and evaluate database operations. This report helps database administrators and auditors detect abnormal behaviors, locate problems, and manage information.
+ |
+
+Database Server Analysis Report
+ |
+Database report
+ |
+Provides statistics and analysis on active users, user IP addresses, database logins and requests, database usage duration, and database performance.
+ |
+
+Client IP Address Analysis Report
+ |
+Client report
+ |
+Provides statistics on client applications, database users, and SQL statements collected from user IP addresses.
+ |
+
+DML Command Report
+ |
+Database operation report
+ |
+Analyzes user and privileged operations based on DML commands.
+ |
+
+DDL Command Report
+ |
+Database operation report
+ |
+Analyzes user and privileged operations based on DDL commands.
+ |
+
+DCL Command Report
+ |
+Database operation report
+ |
+Analyzes user and privileged operations based on DCL commands.
+ |
+
+
+
+
+
+
Step 1: Generating a Report
You can generate reports immediately or periodically. You can also customize the generation time, frequency, and format of reports.
+
- Method 1: Generating a Report Immediately
+
- Log in to the management console.
- Select a region, click
, and choose . The Dashboard page is displayed. - In the Instance drop-down list, select the instance whose instance report you want to generate.
- Click the Report Management tab.
- In the Operation column of a report template, click Generate Report, as shown in Figure 1.
Figure 1 Report template list
+ - In the displayed dialog box, click
to set the start time and end time of the report, and select the database for which you want to generate a report, as shown in Figure 2.Figure 2 Generate Report
+ - Click OK.
+
- Method 2: Setting Periodic Report Release
+
- Log in to the management console.
- Select a region, click , and choose . The Dashboard page is displayed.
- In the Instance drop-down list, select the instance for which you want to set a report task.
- Locate the target template and click Schedule Task in the Operation column, as shown in Figure 3.
Figure 3 Setting a task
+ - In the displayed dialog box, set the parameters of the scheduled task, as shown in Figure 4. For details about related parameters, see Table 2.
Figure 4 Setting a scheduled task
+
+Table 2 Parameters for setting a taskParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Enable Task
+ |
+Status of a scheduled task.
+ : disabled : enabled
+ |
+
+
+ 
+ |
+
+Message Notifications
+ |
+Enables or disables notifications.
+ : enabled
+ : disabled
+ |
+
+ 
+ |
+
+SMN Topic
+ |
+For details about topics and subscriptions, see Simple Message Notification User Guide.
+ |
+-
+ |
+
+Report Type
+ |
+Type of a report. The options are as follows:
+
+ |
+Weekly
+ |
+
+Execution Mode
+ |
+Execution mode of the report. The options are as follows:
+
+ |
+Periodically
+ |
+
+Time
+ |
+Time when the report is executed
+ |
+10:00
+ |
+
+Format
+ |
+Only the PDF format is supported.
+ |
+PDF
+ |
+
+Database
+ |
+Database for which you want to execute the report task
+ |
+-
+ |
+
+
+
+
- Click OK.
+
+
Step 2: Previewing and Downloading Audit Reports
Before previewing or downloading an audit report, ensure that its Status is 100%.
+
To preview a report online, use Google Chrome or Mozilla FireFox.
+
+
- Select a region, click , and choose . The Dashboard page is displayed.
- In the navigation tree on the left, choose .
- In the Instance drop-down list, select the instance whose report you want to preview or download.
- Locate the target template, and click Preview or in the Operation column to preview or download the report. See Figure 5..
Figure 5 Previewing or downloading an audit report
+
+
+
Viewing the Alarms
+This section describes how to view and confirm alarms of database audit.
+
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- Database audit has been enabled.
- You have configured alarm notifications.
+
+
Procedure
- Click the name of an instance, click the Monitoring tab, and then the Alarm Monitoring tab.
- View the alarm information, as shown in Figure 1. For details about related parameters, see Table 1.
Figure 1 Viewing the alarms
+
+Table 1 Parameters of alarmsParameter
+ |
+Description
+ |
+
|---|
+
+Time
+ |
+Time when an alarm occurred.
+ |
+
+Type
+ |
+Alarm type. The options are as follows:
+- Risky operations
- CPU exceptions
- Memory exceptions
- Disk exceptions
- Insufficient audit log storage
- Log backup to OBS failed
- Agent exceptions
+ |
+
+Alarm Risk Severity
+ |
+Risk severity of an alarm. The options are as follows:
+
+ |
+
+Cleared
+ |
+Time when an alarm is cleared
+ |
+
+Confirmed Or Not
+ |
+Confirmation status of an alarm. Click  to filter alarms in Unconfirmed or Confirmed state.
+ |
+
+Description
+ |
+Description of an alarm
+ |
+
+
+
+
To query specified alarms, perform the following steps:
- Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days for Time, and click to view alarms of the specified time range.
- Select All, High, Moderate, or Low for Risk Severity. Alarms of specified severity are displayed in the list.
- Select an alarm type, and alarms of specified alarm type is displayed in the list.
+
+
+
Follow-Up Procedure
You can select multiple alarms to be confirmed and click Batch Confirm to batch confirm alarms.
+
+
+
+
Step 3: View Audit Results
+
+
+
diff --git a/docs/dbss/umn/dbss_01_0256.html b/docs/dbss/umn/dbss_01_0256.html
new file mode 100644
index 00000000..81cc840e
--- /dev/null
+++ b/docs/dbss/umn/dbss_01_0256.html
@@ -0,0 +1,52 @@
+
+
+Database Audit Is Running Properly But Generates No Audit Records
+Symptom
The functions of the database audit instance are normal. When there is database traffic, audit information about the executed SQL statement cannot be found in the SQL statement list.
+
+
Possible Causes
- SSL is enabled for the database.
- ForceEncryption is enabled for the SQL Server database protocol.
- The data volume is too large. As a result, the Agent process is suspended. You are advised to restart the container or optimize audit rules to reduce the data volume.
+
- If SSL is enabled for a database, the database cannot be audited.
- If ForceEncryption is enabled for a database, database audit cannot obtain file content from the database for analysis.
+
+
+
Disabling Database SSL
The MySQL database client is used as an example. Perform the following steps:
+
- Log in to the MySQL database client as user root.
- Run the following command to check the connection mode of the MySQL database:
\s
+- If information similar to the following is displayed, SSL has been disabled for the MySQL database. Go to 4.
+
- If information similar to the following is displayed, SSL has been enabled for the MySQL database. Go to 3.
| SSL: Cipher in use is XXX-XXX-XXXXXX-XXX
+ |
+
+
+ - Log in to the MySQL database in SSL mode.
- Run the following command to exit from the MySQL database:
exit
+ - Log in to the MySQL database as user root.
Add the following parameters at the end of the login command:
+--ssl-mode=DISABLED
+or
+--ssl=0
+ If you log in to the MySQL database in SSL mode, you can only disable SSL for this login. To use the database audit function, log in to the MySQL database in the mode described in 3.b.
+
+ - Run the following command to check the connection mode of the MySQL database:
\s
+If information similar to the following is displayed, SSL has been disabled for the MySQL database. Go to
4.
+
+ - Run an SQL statement and search for it in the SQL statement list.
+
+
+
+
+
Disabling ForceEncryption for the SQL Server Protocol
- Open the SQL Server Configuration Manager dialog box.
- Select SQL Server Network Configuration.
- Right-click Protocols for MSSQLSERVER and choose Properties.
- Click the Flags tab. Set ForceEncryption to No.
- Restart the SQL Server service for the modification to take effect.
- Run an SQL statement and search for it in the SQL statement list.
+
- If the SQL statement is found, the problem has been solved.
- If the SQL statement is not found, the problem persists. Contact customer service.
+
+
+
Configuring Privacy Data Protection Rules
+To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information leakage.
+
Prerequisites
- Database audit has been enabled.
+
+
Procedure
- In the navigation tree, choose Rules.
- In the Instance drop-down list, select the instance whose privacy data protection rule is to be configured.
- Click the Privacy Data Protection tab.
Only user-defined rules can be edited and deleted. Default rules can only be enabled and disabled.
+
+ - Enable or disable Store Result Set and Mask Privacy Data.
- Store Result Set
You are advised to disable 
. After this function is disabled, database audit will not store the result sets of user SQL statements.
+Do not enable this function if you want to prepare for PCI DSS/PCI 3DS CSS certification.
+ - Mask Privacy Data
You are advised to enable 
. After this function is enabled, you can configure masking rules to prevent privacy data leakage.
+
+ - Click Add Rule. In the displayed Add Rule dialog box, set the data masking rule, as shown in Figure 1. For details about related parameters, see Table 1.
Figure 1 Add Rule dialog box
+
+Table 1 Rule parametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Rule Name
+ |
+Name of a rule
+ |
+test
+ |
+
+Regular Expression
+ |
+Regular expression that specifies the sensitive data pattern
+ |
+-
+ |
+
+Substitution Value
+ |
+Value used to replace sensitive data specified by the regular expression
+ |
+###
+ |
+
+
+
+
- Click OK.
A masking rule in the Enabled status is added to the rule list.
+
+
+
Verifying a Rule
Perform the following steps to check whether a rule takes effect. The audit information about passport No. in a MySQL database is used as an example.
+
- Enable Mask Privacy Data, and ensure the "Passport NO." masking rule is enabled, as shown in Figure 2.
Figure 2 Enabling privacy data protection
+ - Log in to the database as user root through the MySQL database client.
- On the database client, enter an SQL statement.
select * from db where HOST="Passport NO.";
+ - In the navigation pane, choose Dashboard.
- In the navigation tree on the left, choose Data Reports. The Data Reports page is displayed.
- In the Instance drop-down list, select the instance whose SQL statement information you want to view. Click the Statements tab.
- Set filtering conditions to find the entered SQL statement.
- In the row containing the SQL statement, click Details in the Operation column.
- Check the SQL statement information in SQL Statement.
+
+
Common Operations
After adding a user-defined masking rule, you can perform the following operations on it:
+
- Disable
Locate the row that contains the rule to be disabled and click Disable in the Operation column. A disabled rule cannot be used.
+ - Edit
Locate the row that contains the rule to be modified, click Edit in the Operation column, and modify the rule in the displayed dialog box.
+ - Delete
Locate the row that contains the rule to be deleted, click Delete in the Operation column, and click OK in the displayed dialog box.
+
+
+
Managing Privacy Data Protection Rules
+You can view, enable, edit, disable, or delete data masking rules.
+
Prerequisites
+
Viewing Privacy Data Protection Rules
- View the rules. For details about related parameters, see Table 1.
- Store Result Set
You are advised to disable . After this function is disabled, database audit will not store the result sets of user SQL statements.
+Do not enable this function if you want to prepare for PCI DSS/PCI 3DS CSS certification.
+ - Mask Privacy Data
You are advised to enable . After this function is enabled, you can configure masking rules to prevent privacy data leakage.
+
+
+
+Table 1 Masking rule parametersParameter
+ |
+Description
+ |
+
|---|
+
+Rule Name
+ |
+Rule name
+ |
+
+Rule Type
+ |
+Rule type.
+
+ |
+
+Regular Expression
+ |
+Regular expression that specifies the sensitive data pattern
+ |
+
+Substitution Value
+ |
+Value used to replace sensitive data specified by the regular expression
+ |
+
+Status
+ |
+Status of a rule. Its value can be:
+
+ |
+
+
+
+
You can perform the following operations on a rule:
+
- Disable
Locate the row that contains the rule to be disabled and click Disable in the Operation column. A disabled rule cannot be used.
+ - Edit
Locate the row that contains the rule to be modified, click Edit in the Operation column, and modify the rule in the displayed dialog box.
+ - Delete
Locate the row that contains the rule to be deleted, click Delete in the Operation column, and click OK in the displayed dialog box.
+
+
+
+
+
Editions
+Database audit provides basic, professional, and advanced editions. You can select one of them as needed.
+
Table 1 describes the database audit editions.
+
Table 1 Database audit editionsVersion
+ |
+Maximum Databases
+ |
+System Resource
+ |
+Performance
+ |
+
|---|
+
+Basic
+ |
+3
+ |
+- CPU: 4 vCPUs
- Memory: 16 GB
- Disk: 500 GB
+ |
+- Peak QPS: 3,000 queries/second
- Database load rate: 3.6 million statements/hour
- Stores 400 million online SQL statements.
- Stores 5 billion archived SQL statements.
+ |
+
+Professional
+ |
+6
+ |
+- CPU: 8 vCPUs
- Memory: 32 GB
+ |
+- Peak QPS: 6,000 queries/second
- Database load rate: 7.2 million statements/hour
- Stores 600 million online SQL statements.
- Stores 10 billion archived SQL statements.
+ |
+
+Advanced
+ |
+30
+ |
+- CPU: 16 vCPUs
- Memory: 64 GB
+ |
+- Peak QPS: 30,000 queries/second
- Database load rate: 10.80 million statements/hour
- Stores 1.5 billion online SQL statements.
- Stores 60 billion archived SQL statements.
+ |
+
+
+
+
+
- A database instance is uniquely defined by its database IP address and port.
The number of database instances equals the number of database ports. If a database IP address has N database ports, there are N database instances.
+Example: A user has two database IP addresses, IP1 and IP2. IP1 has a database port. IP2 has three database ports. IP1 and IP2 have four database instances in total. To audit all of them, select professional edition DBSS, which supports a maximum of six database instances.
+ - To change the edition of a DBSS instance, unsubscribe from it and apply for a new one.
- Online SQL statements are counted based on the assumption that the capacity of an SQL statement is 1 KB.
+
+
+
Functions
+
+
+
diff --git a/docs/dbss/umn/dbss_01_0283.html b/docs/dbss/umn/dbss_01_0283.html
new file mode 100644
index 00000000..7d15d7d1
--- /dev/null
+++ b/docs/dbss/umn/dbss_01_0283.html
@@ -0,0 +1,37 @@
+
+
+How Do I Disable SSL for a Database?
+If SSL is enabled for a database, the database cannot be audited. To use database audit, disable SSL first.
+
The MySQL database client is used as an example. Perform the following steps:
+
- Log in to the MySQL database client as user root.
- Run the following command to check the connection mode of the MySQL database:
\s
+- If information similar to the following is displayed, SSL has been disabled for the MySQL database.
+
- If information similar to the following is displayed, SSL has been enabled for the MySQL database. Go to 3.
| SSL: Cipher in use is XXX-XXX-XXXXXX-XXX
+ |
+
+
+ - Log in to the MySQL database in SSL mode.
- Run the following command to exit from the MySQL database:
exit
+ - Log in to the MySQL database as user root.
Add the following parameters at the end of the login command:
+--ssl-mode=DISABLED
+Or
+--ssl=0
+ If you logged in to the MySQL database in SSL mode, you can disable SSL only for this login. To use the database audit function, log in to the MySQL database as instructed in this step.
+
+ - Run the following command to check the connection mode of the MySQL database:
\s
+If information similar to the following is displayed, SSL has been disabled for the MySQL database.
+
+
+
How Does Database Audit Process Logs?
+Database audit logs are stored in a log database and processed based on disk usage.
- If the disk usage of the log database is 85% or higher, the system automatically deletes the audit logs generated on the earliest date until the disk usage drops below 85%.
- If the disk usage is 90% or higher, database audit stops and the system no longer saves new audit logs.
+
+
Why I Cannot Preview the Database Security Audit Report Online?
+To preview a report online, use Google Chrome or Mozilla FireFox.
+
Does Database Audit (in Bypass Mode) Affect My Services?
+No. Your databases are audited in out-of-path mode. Database audit neither affects your services nor conflicts with local audit tools.
+
How Do I Audit an RDS Database Accessed through Intranet (by Applications Off the Cloud)?
+If your PC accesses RDS through a private line, you can install the agent on a proxy your set up. Access from the proxy to the database can be audited. Access from applications to the proxy cannot be audited.
+
How Do I Check the Operation Logs of Database Audit?
+To check the operation logs of database audit, perform the following steps:
+
- View operation logs. For details about related parameters, see Table 1.
Select Last 30 minutes, 1 hour, 24 hours, 7 days, or 30 days, or click to set start time and end time to view the operation logs of a specified time range.
+
+
+Table 1 ParametersParameter
+ |
+Description
+ |
+
|---|
+
+Username
+ |
+User who performs the operation
+ |
+
+Time
+ |
+Time when the operation was performed
+ |
+
+Function
+ |
+Function of the operation
+ |
+
+Action
+ |
+Action of the operation
+ |
+
+Operation Object
+ |
+Object of the operation
+ |
+
+Description
+ |
+Description of the operation
+ |
+
+Result
+ |
+Result of the operation
+ |
+
+
+
+
+
Can Applications Using TLS Connections Be Audited?
+No. Applications using TLS are encrypted.
+
Constraints
+Database audit is subject to certain constraints.
+
Supported Database Types
The following types of databases on the management console can be audited in out-of-path mode:
+
- RDS instances
- Databases built on ECS
- Databases built on BMS
+
+
Supported Database Versions
The following database versions can be audited.
+
+
Table 1 Database types and versions supported by database auditDatabase Type
+ |
+Edition
+ |
+
|---|
+
+GaussDB(for MYSQL)
+ |
+MYSQL 8.0
+ |
+
+
+
+
+
+
+
Supported OSs
To use database audit, you need to install its agent on database nodes or application nodes. The database audit agent can run on the 64-bit Linux.
- For more information, see Table 2.
+
Table 2 Supported Linux OS versionsSystem Name
+ |
+System version
+ |
+
|---|
+
+CentOS
+ |
+- CentOS 7.0 (64bit)
- CentOS 7.1 (64bit)
- CentOS 7.2 (64bit)
- CentOS 7.3 (64bit)
- CentOS 7.4 (64bit)
- CentOS 7.5 (64bit)
- CentOS 7.6 (64bit)
- CentOS 8.1 (64bit)
- CentOS 8.2 (64bit)
+ |
+
+Debian
+ |
+- Debian 7.5.0 (64bit)
- Debian 8.2.0 (64bit)
- Debian 8.8.0 (64bit)
- Debian 9.0.0 (64bit)
- Debian 10.0.0 (64bit)
+ |
+
+Fedora
+ |
+- Fedora 24 (64bit)
- Fedora 25 (64bit)
+ |
+
+SUSE
+ |
+- SUSE 11 SP4 (64bit)
- SUSE 12 SP1 (64bit)
- SUSE 12 SP2 (64bit)
+ |
+
+Ubuntu
+ |
+- Ubuntu 14.04 (64bit)
- Ubuntu 16.04 (64bit)
- Ubuntu 18.04 (64bit)
- Ubuntu 20.04 (64-bit)
+ |
+
+EulerOS
+ |
+- Euler 2.2 (64bit)
- Euler 2.3 (64bit)
+ |
+
+Oracle Linux
+ |
+- Oracle Linux 6.9 (64bit)
- Oracle Linux 7.4 (64bit)
+ |
+
+
+
+
+
+
+
Other Constraints
- If SSL is enabled for a database, the database cannot be audited. To use database audit, disable SSL first.
+
+
Troubleshooting
+
+
+
diff --git a/docs/dbss/umn/dbss_01_0341.html b/docs/dbss/umn/dbss_01_0341.html
new file mode 100644
index 00000000..798dde8a
--- /dev/null
+++ b/docs/dbss/umn/dbss_01_0341.html
@@ -0,0 +1,27 @@
+
+
+
+ Logs
+
+
+
+
+
diff --git a/docs/dbss/umn/dbss_01_0347.html b/docs/dbss/umn/dbss_01_0347.html
new file mode 100644
index 00000000..4e0a1adb
--- /dev/null
+++ b/docs/dbss/umn/dbss_01_0347.html
@@ -0,0 +1,15 @@
+
+
+If I Use Middleware at the Service Side, Will It Affect Database Audit?
+No.
+
Middleware is a type of software deployed between applications and software including OSs, networks, and databases. Middleware provides an environment for application operation and development, helping users flexibly and efficiently develop and integrate complex application software.
+
Database audit is deployed in out-of-path mode. The database audit agent (installed on database or application nodes) obtains database access traffic, uploads the traffic to the audit system, receives commands issued by the audit system, and reports database status.
+
Using middleware on the service side does not affect the agent during SQL listening or auditing.
+
If database audit cannot obtain any data, troubleshoot the problem by referring to:
+
Step 2: Enable Database Audit
+By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can enable audit and check audit results. For details, see Viewing the Audit Dashboard.
+
Enabling Database Audit
- Log in to the management console.
- Select a region, click
, and choose . The Dashboard page is displayed. - In the navigation tree on the left, choose Databases.
- Select a database audit instance from the Instance drop-down list.
- In the database list, click Enable in the Operation column of the database to be audited.
The Audit Status of the database is Enabled. You do not need to restart the database.
+Figure 1 Enabling database audit
+
+
+
Verifying Audit Results
- Run an SQL statement (for example, show databases) in the target database.
- Log in to the management console.
- Select a region, click
, and choose . The database audit service page is displayed. - In the left navigation pane, choose Dashboard.
- In the navigation tree on the left, choose Data Reports. The Data Reports page is displayed.
- In the Instance drop-down list, select the instance that audits the target database.
- Click the Statements tab.
- Click
next to Time to set the start and end time, and click Submit. The SQL statements entered in 1 will be displayed.
+
+
+
+
Adding an SQL Injection Rule
+You can add SQL injection rules to audit your databases.
+
Prerequisites
- You have purchased a database audit instance and the Status is Running.
- You have added a database and enabled database audit.
- A database has been added.
+
+
Procedure
- Log in to the management console.
- Click Add Rule and configure parameters.
Figure 1 Adding an SQL injection rule
+
+Table 1 SQL injection rule parametersParameter
+ |
+Description
+ |
+Example Value
+ |
+
|---|
+
+Name
+ |
+Name of an SQL rule.
+ |
+Postal Code SQL injection Rule
+ |
+
+Risk Level
+ |
+Level of risks matching a SQL rule. Its value can be:
+
+ |
+Moderate
+ |
+
+Status
+ |
+Enables or disables an SQL injection rule.
+- : enabled
- : disabled
+ |
+
+
+ |
+
+Test Regular Expression
+ |
+Regular expression that checks for content in certain pattern.
+ |
+^\d{6}$
+ |
+
+Data
+ |
+Content that matches the regular expression.
+Enter content and click Test to verify that the regular expression works properly.
+ |
+628307
+ |
+
+Result
+ |
+Test result. It can be:
+- Hit
- Miss
NOTE: If the test result is Hit, the regular expression is correct.
+ If the test result is Miss, the regular expression is incorrect.
+
+
+ |
+Hit
+ |
+
+
+
+
- Confirm the information and click OK.
+
+
Adding a Database Instance Tag
+You can add tags to database audit instances for easy management.
+
Prerequisites
You have applied for a database audit instance and the Status is Running.
+
Up to 10 tags can be added to each DB instance.
+
+
Procedure
- In the navigation tree on the left, choose Instances.
- Click the name of an instance. On the displayed page, click the Tag tab.
Figure 1 Tag management page
+ - Click Add Tag in the upper left corner. In the dialog box that is displayed, enter the tag key and tag value.
Figure 2 Adding a tag
+ - Click OK.
+
+
Best Practices
+
+
+
diff --git a/docs/dbss/umn/dbss_06_0020.html b/docs/dbss/umn/dbss_06_0020.html
new file mode 100644
index 00000000..a8d54ae7
--- /dev/null
+++ b/docs/dbss/umn/dbss_06_0020.html
@@ -0,0 +1,70 @@
+
+
+Auditing an RDS DB Instance (Without Agents)
+Overview
This section describes how to audit the security of a relational database instance. (Applications connected to this DB instance are deployed on ECS.) DBSS can audit certain types of relational databases without installing agents.
+
+
DBSS without agents is easy to configure and use, but the following functions are not supported:
+
- Successful and failed login sessions cannot be counted.
- The port number of the client for accessing the database cannot be obtained.
+
GaussDB(DWS) has the permission control policy for the log audit function. Only accounts and users with the Security Administrator permission can enable or disable the DWS database audit function.
+
+
+
Solution Architecture
The DBSS instance receives the logs sent from databases, such as certain GaussDB(for MySQL) or RDS for MySQL versions, and saves the logs to its log library for security analysis, aggregation statistics, and compliance analysis.
+
Figure 1 Auditing an RDS DB instance (without agents)
+
Take the GaussDB(for MySQL) database as an example. Assume you need to locate and track internal violations and improper operations in the database to meet compliance requirements. This section describes how to enable the database audit function and check audit results.
+
+
Table 1 Database exampleDatabase Type
+ |
+RDS database
+ |
+
|---|
+Database Type
+ |
+GaussDB(for MySQL)
+ |
+
|---|
+Version
+ |
+MySQL 8.0
+ |
+
|---|
+IP Address
+ |
+192.168.0.237
+ |
+
|---|
+Database Port
+ |
+3306
+ |
+
|---|
+
+
+
+
+
Limitations and Constraints
The database audit instance and the database to be audited must be in the same region.
+
+
Step 1: Apply for Database Audit
Configure and apply for the database audit service. For details, see the "Database Audit Instance" section.
+
+
Step 2: Add a Database and Enable Audit
After applying for database audit, add a database to the database audit instance and enable audit for the database.
+
- Log in to the management console.
- Select a region and click
. Choose Security > Database Security Service. The Dashboard page will be displayed. - In the navigation pane, choose .
- Select an instance from the Instance drop-down list. Click Add Database.
- In the displayed dialog box, set database parameters described in Table 1.
- Click OK. The database will be displayed in the database list and its Audit Status will be Disabled.
- In the database list, view the information in the Agent column.
- If the message No agent needs to be added is displayed, the database can be audited without installing agents. In this case, go to step 8.
+ - In the Operation column of the database, click Enable.
+
+
Step 3: Viewing the Audit Result
You can check audit results on the dashboard page, or generate, preview, or download reports.
+
- Check overview information.
In the navigation pane, choose Dashboard.
+The Dashboard page displays the audit duration, total number of SQL statements and risks, statements and risks today, and today's sessions of an instance.
+You can click the Statements or Sessions tab to view session distribution.
+ - Generate, download, or preview reports.
- In the navigation pane, choose Reports.
- Select an instance from the Instance drop-down list. Click the Report Management tab.
- In the Operation column of a report template, click Generate Report.
- In the displayed dialog box, click
to set the start time and end time of the report, and select the database for which you want to generate a report. - Click OK.
The Reports page will be displayed. You can view the report status on this page. After a report is generated, you can click Preview or choose . See Figure 2.
+ To preview a report online, use Google Chrome or Mozilla FireFox.
+
+Figure 2 Previewing or downloading an audit report
+
+
+
+
+
