After enabling database audit, add and configure risky operations for audit.
One piece of audited data can match only one risky operation rule.
Prerequisites
- You have applied for a database audit instance and the Status is Running.
- Database audit has been enabled.
Procedure
- In the navigation tree, choose Rules.
- In the Instance drop-down list, select an instance to add risky operations. Click the Risky Operations tab. Click Add above the risky operation list.
- On the Add Risky Operation page, set the basic information and client IP address, as shown in Figure 1. .
Table 1 Parameters Parameter
Description
Example Value
Name
Custom name of a risky operation
test
Risk Severity
Severity of a risky operation. The options are as follows:
- High
- Moderate
- Low
- No risks
High
Status
Status of a risky operation
: enabled
: disabled
Select Database
Database that the risky operation will be applied to
You can select ALL or a specific database.
-
Client IP Address or IP Range
IP address or IP address range of the client
The IP address can be an IPv4 address (for example, 192.168.1.1) or an IPv6 address (for example, fe80:0000:0000:0000:0000:0000:0000:0000).
192.168.0.0
- Set the operation type, operation object, and execution result, as shown in Figure 2. For details about related parameters, see Table 2.
Table 2 Parameters Parameter
Description
Example Value
Operations
Type of a risky operation, including Login and Operation
When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.
Operation
Objects
Enter the target database, target table, and field information after clicking Add Operation Object. Click OK to add an operation object.
-
Results
Set Affected Rows and Operation Duration. The operation conditions are as follows:
- Greater than
- Less than
- Equal To
- Equal to or greater than
- Less than or equal to
-
- Click Save.
