DAM QuickStart (Data policy)

This guide leads you through the process that monitors your target database and results in generating alerts and exporting alerts to a report.

Note: All GUI fields marked with an asterisk (*) must be filled in or specified.
The example used in this guide assumes you will monitor an Oracle target database with the audit_trail parameter set to DB_EXTENDED. You will apply a Data-Table policy and generate alerts for the Security Violation rule and Suspicious Databases Users rule. Before starting a target connection, you mustmake sure that your target database is configured properly to be monitored by FortiDB. For details about configuring Oracle target databases, see Configuring the Oracle Target Database

Depending on the setting of the audit_trail parameter in your target database, you must select a different FortiDB collection method as shown below:

Audit_trail setting in your Oracle target database FortiDB Collection Method
XML, EXTENDED XML File Agent: For this option, you mustrun the FortiDB XML file agent. To run the FortiDB XML file agent, see Running the Oracle XML File Agent
DB, EXTENDED (used in this example) DB, EXTENDED
DB DB, EXTENDED: for Oracle 9i only.
  1. Login to FortiDB as the FortiDB admin user using fortidb1!$ for the password .
  2. Create a target database connection.
    1. Go to Target Database Server > Targets.
    2. Select the Add button. The Target page will display. The General tab is selected.
    3. Enter the information in the text boxes marked with an asterisk (*) with settings appropriate to your target database. Assume an Oracle target with these parameters:
      • Name: Enter your target_name
      • Type:Select your database type (Oracle)
      • DB Host Name/IP: Enter IP address or computer name on your system that contains the Oracle target database (ex. test_machie or 172.30.12.112)
      • Port: Enter the port number or leave the default (1521)
      • DB Name: Enter the name of your target database. (ex. orcl).
      • User Name: Enter the name of the your target database.
      • Password: Enter the password of your target database.
      • DB Activity Monitoring: Verify that the 'Allow' check box is selected.
    4. Select the Test Connection button to verify that your target database is reachable and that your connection parameters are correct. You should see a 'Success' message.
    5. Select the Save. target_name and related information should appear on the Targets page.
  3. Configure a Data-Table policy.
    1. Go to DB Activity Monitoring > Monitoring Management. You will see your target database listed in the Target Monitors page.
    2. Click on the name of the target.
    3. In the General tab, confirm the collection method and polling frequency.
      • In the Collection Method field, DB, EXTENDED is selected (for this example).
      • Set the polling frequency (60 seconds by default).
    4. Click the Test button to test the collection method. The "Success" message should be shown at the top of the page.
    5. Go to the Alert Policies tab.
    6. Select the Table from the Data Policies dropdown list at the button of the screen.
    7. Click the Add. The Target Monitor:<target name> page will display.
    8. Configure a Table policy.
      • Enter a policy name or use the default name.
      • Enter a description if necessary.
      • Select the Enable check box (checked by default). If checked, the policy will be enabled.
      • Select the Create new policy group for policy check box (checked by default). If checked, a policy group will be created.
      • Select a severity from the Severity dropdown or use the default.
    9. Click the triangle icon of the Audit Settings section to expand it.
    10. In the Select Objects to Audit section, configure the following fields:
      • Select the Browse Object by Target check box. (checked by default). If this is checked, you can select the item from the dropdown list.
      • Select a schema from the Schema dropdown list (ex. SCOTT)
      • Select a table or multiple tables you want to monitor from the Tables box (ex. EMP or DEPT)
      • Select both Read and/or Write check boxes in the Audit Actions filed.
      • Click the right arrow to move your selection to the Selected Objects table.
    11. Click the triangle icon of the Alert Rule section to expand it.
    12. Configure the following fields:
      • Confirm that "Issue alert if ANY of the enabled rules are triggered"(default) is selected.
      • Select the Security Violation check box (checked by default).
      • Check the check box of Suspicious Database Users.
      • Click the triangle icon of Suspicious Database Users to expand the field.
      • Select user name(s) and click the right arrow to move the selection to the Selected users box.
      • Check the Alert any successful access if the database user is in the list check box.
    13. Select the Save. Verify that that the policy you created is listed with the green up-arrow (policy is enabled) in the Status column.
  4. Confirm the table policy group has been automatically created and associated to the target database.
    1. Select the Alert Policy Groups tab.
    2. Confirm the table policy group which is names as "<your policy name> Group" is created and listed in the right box.
  5. Start monitoring your target.
    1. Go to the General tab.
    2. Click the Start Monitoring. Monitor status will show "Starting" and then "Running".
  6. Execute SQL statements in your target database to generate alerts.
    Note: To generate alerts for the Data-Table policy that you configured, execute several SQL statements.
  7. Check alerts.
    1. Go to DB Activity Monitoring > Security Alerts. You should see a single or multiple alerts in the Alerts table.
    2. To display the alert details, click on each alert. To close the alert details, click the triangle icon of Alert Details.
  8. Create a user-defined DAM report.
    1. Go to Report Management > User-Defined DAM Reports.
    2. Select the Add.
    3. Enter a name in the Name field, and a description in the Description field (optional).
    4. Go to the Columns tab to specify the columns to include in the report.
      • Select columns you want to include in the report, and click the right arrow to move the selections to the Columns in Report box.
        Note: PDF report is limited to 5 columns if you select the Portrait radio button, 8 columns if you select the Landscape radio button.
      • Click the Save.
    5. Select the formats from the Export as dropdown list.
      Note: The following file formats are supported:
      • PDF
      • Excel
      • Tab-delimited
      • Comma-separated values
    6. Select the Export. The File Download dialog displays. You can open or save the report to a file.
Parent topic: FortiDB Quick Start


FortiDB 5.0.0 Handbook
1st Edition , July 11 2013
© Copyright 2013 Fortinet Inc. All rights reserved.
Latest documentation: http://docs.fortinet.com/fdb.html