Fortinet black logo

Handbook (HTML)

Home FortiDB 5.1.14 Handbook (HTML)
5.1.14
5.1.14
5.1.13
5.1.12
5.1.11
5.1.10
5.1.9
5.1.8
5.1.7
5.1.6
5.1.5
5.1.2
5.1.1
5.0.0

Excluding policies from the Alert Policy settings (whitelist)

Excluding policies from the Alert Policy settings (whitelist)

Use the White List tab to specify Oracle or Microsoft SQL Server Server database activities that do not generate alerts.

The White List tab is available only when the collection method is DB, EXTENDED (for Oracle databases) or SQL Trace (for Microsoft SQL Server databases). Because FortiDB does not generate alerts for SQL actions that match the whitelist criteria, ensure that the SQL actions in the whitelist are known, secure actions.
To enable the whitelist
  1. Go to DB Monitoring Activity > Monitoring Management and click the name of the target to configure.
  2. On the White List tab, select Enable White List.
  3. Use the following settings to specify the whitelist criteria:
Setting Description
Object Settings

Excludes from alerts any successful access to the specified objects from alerts.

Select one of the following selection methods:

  • Manually Select Object
  • Browse Object by Target (default)

Use the following options to specify one or more objects:

  1. Select an item from the Target list.
  2. Select an item from the Schema list.
  3. In the Tables list, select one or more items and then click > (right arrow) to move your selections to the .

To remove objects, select them in the Selected Objects list and then click < (left arrow).
Login Name Settings

Excludes from alerts any successful access to the specified object by the specified login names.

To specify one or more login names:

  1. Select one or more login names from the login names list.
  2. Click the right arrow to move the selections to the Selected login names list.

Note: If you want to remove the login names from the selected login names list, select the login names you want to remove and click the left arrow.
DB User Settings

Excludes from alerts any successful access to selected object by certain database users.

You can specify one or more database users as follows:

  1. Select one or more database users from the login names list.
  2. Click the right arrow to move the selections to the Selected database users list.

Note:If you want to remove the database users from the selected database users list, select the database users you want to remove and click the left arrow.
OS User Settings

Exclude to alert any successful access to selected object by certain OS users.

You can specify one or more OS user names by typing the specific name or using a regular expression.

  1. Input one OS user into the textbox.
  2. Click the right arrow to move the selections to the Selected users List.

Note: If you want to remove the OS users from the selected OS users list, select the OS users you want to remove and click the left arrow.
Source Location Settings

Exclude to alert any successful access to selected object from certain locations.

You can specify one or more locations by typing the specific location or using a regular expression.

  1. Input one Hostname or ip address into the textbox.
  2. Click the right arrow to move the selections to the Selected source locations list.

Note: If you want to remove the users from the selected users list, select the users you want to remove and click the left arrow.
Application Settings

Exclude to alert any successful access to selected object by certain client applications.

You can specify one or more client applications by typing the specific client application or using a regular expression.

  1. Input one application name or client ID into the textbox.
  2. Click the right arrow to move the selections to the Selected applications list.

Note: If you want to remove the users from the selected users list, select the users you want to remove and click the left arrow.
See also
Previous
Next

Excluding policies from the Alert Policy settings (whitelist)

Use the White List tab to specify Oracle or Microsoft SQL Server Server database activities that do not generate alerts.

The White List tab is available only when the collection method is DB, EXTENDED (for Oracle databases) or SQL Trace (for Microsoft SQL Server databases). Because FortiDB does not generate alerts for SQL actions that match the whitelist criteria, ensure that the SQL actions in the whitelist are known, secure actions.
To enable the whitelist
  1. Go to DB Monitoring Activity > Monitoring Management and click the name of the target to configure.
  2. On the White List tab, select Enable White List.
  3. Use the following settings to specify the whitelist criteria:
Setting Description
Object Settings

Excludes from alerts any successful access to the specified objects from alerts.

Select one of the following selection methods:

  • Manually Select Object
  • Browse Object by Target (default)

Use the following options to specify one or more objects:

  1. Select an item from the Target list.
  2. Select an item from the Schema list.
  3. In the Tables list, select one or more items and then click > (right arrow) to move your selections to the .

To remove objects, select them in the Selected Objects list and then click < (left arrow).
Login Name Settings

Excludes from alerts any successful access to the specified object by the specified login names.

To specify one or more login names:

  1. Select one or more login names from the login names list.
  2. Click the right arrow to move the selections to the Selected login names list.

Note: If you want to remove the login names from the selected login names list, select the login names you want to remove and click the left arrow.
DB User Settings

Excludes from alerts any successful access to selected object by certain database users.

You can specify one or more database users as follows:

  1. Select one or more database users from the login names list.
  2. Click the right arrow to move the selections to the Selected database users list.

Note:If you want to remove the database users from the selected database users list, select the database users you want to remove and click the left arrow.
OS User Settings

Exclude to alert any successful access to selected object by certain OS users.

You can specify one or more OS user names by typing the specific name or using a regular expression.

  1. Input one OS user into the textbox.
  2. Click the right arrow to move the selections to the Selected users List.

Note: If you want to remove the OS users from the selected OS users list, select the OS users you want to remove and click the left arrow.
Source Location Settings

Exclude to alert any successful access to selected object from certain locations.

You can specify one or more locations by typing the specific location or using a regular expression.

  1. Input one Hostname or ip address into the textbox.
  2. Click the right arrow to move the selections to the Selected source locations list.

Note: If you want to remove the users from the selected users list, select the users you want to remove and click the left arrow.
Application Settings

Exclude to alert any successful access to selected object by certain client applications.

You can specify one or more client applications by typing the specific client application or using a regular expression.

  1. Input one application name or client ID into the textbox.
  2. Click the right arrow to move the selections to the Selected applications list.

Note: If you want to remove the users from the selected users list, select the users you want to remove and click the left arrow.
See also
Previous
Next