One of the first and most popular things that IRI Chakra Max users want to do is monitor database accesses and activities as they happen. The information displayed is helpful in assessing resource needs and security vulnerabilities. It also provides insight for creating policies.
Policies can be used to generate alerts about — or even block — certain operations, and to dynamically mask returned data values. Alerts and blocks may be filtered by such variables as user, source IP, date, time, application, and others. Logging policies can also define which activities will be saved for future audit, analysis, and forensic use.
To interact with Chakra Max monitoring facilities, click on the Monitor tab in the Chakra Max Manager application. Click the Session tab below it to review current database server and instance-specific user activity:
Active client connections and SQL commands can be seen in this view, along with a snapshot breakdown by command type. Such specifics are critical for taking immediate action, but do not show the larger picture which is needed to define broader security policies.
To analyze activity in a more abstract way, click on the Trend tab, for different views of aggregate information for a particular database and time ranges:
Another set of interesting views in the Monitor section is the Security Dashboard. This reveals the number of alerts issued for a given database instance and time range (“today” in the case below):
Shown are the top 5 IP addresses accessing the various databases and triggering alerts, as well specific users and the policies they are violating.
Alerts are issued on the basis of specific policies defined in the Policy view:
You can customize alerts in the ways mentioned above, combine them with blocking actions, and define brand new policies.
If you have any questions about Chakra Max monitoring or alert functionality, email firstname.lastname@example.org.