Excluding policies from the Alert Policy settings (whitelist)
Use the White List tab to specify Oracle or Microsoft SQL Server Server database activities that do not generate alerts.
The White List tab is available only when the collection method is DB, EXTENDED (for Oracle databases) or SQL Trace (for Microsoft SQL Server databases). Because FortiDB does not generate alerts for SQL actions that match the whitelist criteria, ensure that the SQL actions in the whitelist are known, secure actions. |
To enable the whitelist
- Go to DB Monitoring Activity > Monitoring Management and click the name of the target to configure.
- On the White List tab, select Enable White List.
- Use the following settings to specify the whitelist criteria:
Setting | Description |
---|---|
Object Settings |
Excludes from alerts any successful access to the specified objects from alerts. Select one of the following selection methods:
Use the following options to specify one or more objects:
To remove objects, select them in the Selected Objects list and then click < (left arrow). |
Login Name Settings |
Excludes from alerts any successful access to the specified object by the specified login names. To specify one or more login names:
Note: If you want to remove the login names from the selected login names list, select the login names you want to remove and click the left arrow. |
DB User Settings |
Excludes from alerts any successful access to selected object by certain database users. You can specify one or more database users as follows:
Note:If you want to remove the database users from the selected database users list, select the database users you want to remove and click the left arrow. |
OS User Settings |
Exclude to alert any successful access to selected object by certain OS users. You can specify one or more OS user names by typing the specific name or using a regular expression.
Note: If you want to remove the OS users from the selected OS users list, select the OS users you want to remove and click the left arrow. |
Source Location Settings |
Exclude to alert any successful access to selected object from certain locations. You can specify one or more locations by typing the specific location or using a regular expression.
Note: If you want to remove the users from the selected users list, select the users you want to remove and click the left arrow. |
Application Settings |
Exclude to alert any successful access to selected object by certain client applications. You can specify one or more client applications by typing the specific client application or using a regular expression.
Note: If you want to remove the users from the selected users list, select the users you want to remove and click the left arrow. |