Fortinet black logo

Handbook (HTML)

Home FortiDB 5.1.14 Handbook (HTML)
5.1.14
5.1.14
5.1.13
5.1.12
5.1.11
5.1.10
5.1.9
5.1.8
5.1.7
5.1.6
5.1.5
5.1.2
5.1.1
5.0.0

Adding user-defined policies

Adding user-defined policies

  1. Go to Policy > VA Policies of the left-side menu.
  2. Select the User-Defined Policies tab.
  3. Select the Add button.
  4. Fill in the appropriate fields. Some of the fields to note are:
    5. Field Name Descriptions
    ID Enter a unique designator that can include any character, including alphanumerics, special characters, and white spaces.
    SQL query Enter the query that will be used when this User-Defined Policy is applied during an assessment.
    Result Column Name(s)

    Entries in this field are the column names referred to in the SQL query field. Multiple entries are delimited by semicolons.

    The names can either be actual column names in your query, like empno in 'SELECT empno FROM scott.emp' or aliases like enumber in 'SELECT empno AS " enumber" FROM scott.emp'

    Leading or trailing spaces in the alias expression must also be specified in this field for the column's values to appear in your report. For example, if there are two leading spaces in " enumber", include both spaces in the Result Column Name(s) value.

    You can use the '*' column wild card in your queries; however, you must separately specify the name of each column for which you want report results. If, for example, you use 'SELECT * FROM scott.emp' against an Oracle target database, you must enter "empno;ename;job;mgr;hiredate;sal;comm;deptno" in this field in order to get a report on all columns in scott.emp

    Note: Do not put spaces before or after the semicolons unless your aliased column names also have leading or trailing spaces, respectively.
    Result Column Label(s)

    Entries in this field are the column names that you would like to see in your reports. Multiple entries are delimited by semicolons.

    Note: If you don't populate this field, your report's column headers will be the entries used for the Result Column Name(s) field.
    Keywords Entries in this field can be used when using a filter to create policy groups.
  5. Select the Save button.
  6. Here is an Oracle example, which assumes you have access to the SCOTT schema:
    1. Create a policy with these entries:
      • ID: unique designator
      • Database type: Oracle
      • SQL query: SELECT empno, ename from scott.emp
      • Result Column Name(s): empno;ename
      • Result Column Label(s): Employee Number;Employee Name
      • Severity: Informational
      • Classification: Unclassified
    2. Select Save to save myOracleUDP1.
    3. Create a policy group, myUDPGroup, containing the new policy.
    4. Create an assessment that runs against an Oracle target group and which uses myUDPGroup.
    5. Run a Detailed (Pre-Defined) Report against your assessment and you should see several rows of Scan Results like this in the Informational Vulnerabilities section:
      • Employee Number 7369 Employee Name: SMITH
  7. Here is another, slightly different, Oracle example, which uses column-name aliasing and, again, assumes you have access to the SCOTT schema:
    1. Create a policy with these entries:
      • ID: can be any value
      • Name: myOracleUDP2
      • Database type: Oracle
      • SQL query: SELECT empno as "EmpID", ename as "Worker" from scott.emp
      • Result Column Name(s): EmpID;Worker
      • Result Column Label(s): Employee Number;Employee Name
      • Severity: Informational
      • Classification: Unclassified
    2. Select the Save in order to save myOracleUDP1.
    3. Create a policy group, myUDPGroup, containing the new policy.
    4. Create an assessment that runs against an Oracle target group and which uses myUDPGroup.
    5. Run a Detailed (Pre-Defined) Report against your assessment and you should see several rows of Scan Results like this in the Informational Vulnerabilities section:
      • Employee Number 7369 Employee Name: SMITH
See also
Previous
Next

Adding user-defined policies

  1. Go to Policy > VA Policies of the left-side menu.
  2. Select the User-Defined Policies tab.
  3. Select the Add button.
  4. Fill in the appropriate fields. Some of the fields to note are:
    5. Field Name Descriptions
    ID Enter a unique designator that can include any character, including alphanumerics, special characters, and white spaces.
    SQL query Enter the query that will be used when this User-Defined Policy is applied during an assessment.
    Result Column Name(s)

    Entries in this field are the column names referred to in the SQL query field. Multiple entries are delimited by semicolons.

    The names can either be actual column names in your query, like empno in 'SELECT empno FROM scott.emp' or aliases like enumber in 'SELECT empno AS " enumber" FROM scott.emp'

    Leading or trailing spaces in the alias expression must also be specified in this field for the column's values to appear in your report. For example, if there are two leading spaces in " enumber", include both spaces in the Result Column Name(s) value.

    You can use the '*' column wild card in your queries; however, you must separately specify the name of each column for which you want report results. If, for example, you use 'SELECT * FROM scott.emp' against an Oracle target database, you must enter "empno;ename;job;mgr;hiredate;sal;comm;deptno" in this field in order to get a report on all columns in scott.emp

    Note: Do not put spaces before or after the semicolons unless your aliased column names also have leading or trailing spaces, respectively.
    Result Column Label(s)

    Entries in this field are the column names that you would like to see in your reports. Multiple entries are delimited by semicolons.

    Note: If you don't populate this field, your report's column headers will be the entries used for the Result Column Name(s) field.
    Keywords Entries in this field can be used when using a filter to create policy groups.
  5. Select the Save button.
  6. Here is an Oracle example, which assumes you have access to the SCOTT schema:
    1. Create a policy with these entries:
      • ID: unique designator
      • Database type: Oracle
      • SQL query: SELECT empno, ename from scott.emp
      • Result Column Name(s): empno;ename
      • Result Column Label(s): Employee Number;Employee Name
      • Severity: Informational
      • Classification: Unclassified
    2. Select Save to save myOracleUDP1.
    3. Create a policy group, myUDPGroup, containing the new policy.
    4. Create an assessment that runs against an Oracle target group and which uses myUDPGroup.
    5. Run a Detailed (Pre-Defined) Report against your assessment and you should see several rows of Scan Results like this in the Informational Vulnerabilities section:
      • Employee Number 7369 Employee Name: SMITH
  7. Here is another, slightly different, Oracle example, which uses column-name aliasing and, again, assumes you have access to the SCOTT schema:
    1. Create a policy with these entries:
      • ID: can be any value
      • Name: myOracleUDP2
      • Database type: Oracle
      • SQL query: SELECT empno as "EmpID", ename as "Worker" from scott.emp
      • Result Column Name(s): EmpID;Worker
      • Result Column Label(s): Employee Number;Employee Name
      • Severity: Informational
      • Classification: Unclassified
    2. Select the Save in order to save myOracleUDP1.
    3. Create a policy group, myUDPGroup, containing the new policy.
    4. Create an assessment that runs against an Oracle target group and which uses myUDPGroup.
    5. Run a Detailed (Pre-Defined) Report against your assessment and you should see several rows of Scan Results like this in the Informational Vulnerabilities section:
      • Employee Number 7369 Employee Name: SMITH
See also
Previous
Next