Types of DAM policies
There are two types of DAM policies:
- Alert — Policies that generate an alert when database activity violates a policy rule.
- Audit — Policies that generate an audit record when FortiDB detects the database activity specified in the policy rules. FortiDB uses these policies only when it monitors target databases with the TCP/IP sniffer.
The following sub-types are available for both alert and audit policies:
- Metadata Policies — Pre-defined policies that generate alerts or audit logs when FortiDB detects metadata activity.
- Privilege Policies — Pre-defined policies that generate alerts or audit logs when FortiDB detects privilege activity.
- Sys Operations Policy — Pre-defined policy that generate alerts or audit logs when FortiDB detects SYS user operations.
- Data Policy — Policies that you create to generate alert or audit logs when FortiDB detects data manipulation activity.
The following table describes the differences between the two types of DAM policy.
Alert Policy | Audit Policy | |
---|---|---|
Used For | Generates an alert if an activity violates a policy rule | Logs the specified activity |
Available With | All DAM collection methods | TCP/IP sniffer collection method only |
Types of Data Policies |
Table Table and Column Session User Database Query Policy |
Database Table Table and Column Session User |
Data Policy Configuration Options |
"Read and Write" audit actions for Table, Table and Column "Alert Rule" for violations “SQL query” for "Database Query Policy" |
"Select/Insert/Update/Delete/Truncate" audit actions for Table "Select/Insert/Update/Delete" audit actions for Database, Table and Column No "Alert Rule" settings |
PCI, SOX, and HIPAA Policies | Yes | No |
Severity Attribute | Yes | No |