Auditing DB Activity in IRI Chakra Max
One of the most important, and powerful, features of the IRI Chakra Max database firewall is its ability to audit access and activity from all types of connections. Chakra Max supports real-time monitoring and searching in, and subsequent reporting from, these logging categories:
- ✔ Database – including all SQL activity, plus their origin and graphical trend analyses
- ✔ System – to review login attempts and terminal commands
- ✔ FTP – for file transfers to/from the DB
- ✔ Alert – showing policy-defined alerts and blocks
- ✔ Approval – to reveal ‘safe SQL’ and other activity requests and their outcome
- ✔ Statistics – to review defined policies, their status, and enforcement
- ✔ Client – for DB activity transacted through the Chakra Max client app
- ✔ Work History – tasks the security administrator configured, performed, or changed
- ✔ RDP – Windows Terminal Service activity
Chakra Max also provides DBAs, data governance officers, and security teams with valuable information about changes to conditions and data in the databases, as well as what data was actually seen.
Ad Hoc Log Queries
Information in the Chakra Max logs can be queried very granularly in the Search windows. For example, SQL activity revealing user requests, or updates to the database, can be reviewed:
Similarly, work history (like the assignment of database users), will show before and after states:
Similar information can also be reviewed and shared through a number of predefined, or custom-defined, report formats.
Chakra Max audit logs also reveal the state of data in the database before and after changes were made, if the policy is set to record it. That same policy can also be configured to issue an alert in the event of a change, and warn a user that their change(s) will be recorded:
Once the changes are made, they are accessible in the audit log in summary and detail form:
Chakra Max also allows auditors to see the first 64KB of data that a query user (or hacker) saw:
The Chakra Max audit log is powered by a columnar, multi-core database called PetaSQL. Managers can fully administer this encrypted database, which is also secure from deletion.
Chakra Max Manager supports policy-based configuration of the log back-up schedule, and the ability to review the status of, and restore, any given backup made.
If you have any questions about these and other DB auditing facilities in IRI Chakra Max, please email chakramax@iri.com.
2 COMMENTS
[…] application, and others. Logging policies can define which activities will be logged for future auditing, analysis, and […]
[…] functions. Chakra Max also supports policy-based block and kill actions, dynamic data masking, and auditing […]