Database activity monitoring (DAM) : Alert group
 
Alert group
The Alerts Group page allows you to organize the security alerts that FortiDB’s monitoring activity generates.
You use the alert groups to filter the list of alerts displayed on the Security Alerts page and to filter the information in a DAM report.
Add, edit, or delete an alert group
Use the Alerts Group page to perform the following tasks:
To create new group, click Add.
To modify group settings, click the name of the group or the Edit icon in the Action column.
To delete a group, select the check box for one or more user-defined audit groups, and then click Delete.
Alternatively, you can create a new group when you search the list of alerts on the Security Alert page. (See “Filtering and searching alerts”.)
Pre-defined alert groups
FortiDB provides pre-defined alert groups that you can use to add and modify filtering criteria.
Pre-defined alert groups
Descriptions
Major and Critical Alerts
Alerts that have major and critical severities.
Metadata Changes
Alerts generated by triggering metadata policies.
Privilege Changes
Alerts generated by triggering privilege policies.
Security Violations
Alerts that are triggered by security violations.
Table changes
Alerts that are triggered by inserts, updates, or deletes on tables.
Unacknowledged Alerts
Alerts that have a status of 'Unacknowledged'.
Data filter for an alert group
The Filters tab allows you to define data filtering criteria for the group when you add or edit a group.
You can define one or more data filtering entries that specify the criteria to match. When an alert matches the specified criteria, it is included in the group.
Exclude following filters
Select to select alerts that do not match the criteria.
Operator
Values And and Or are not available for the first row.
Column
Specify a column value.
Operator
Specify an operator.
Value
Enter a value or select one from the list of available values.
- (minus) and + (plus)
Click to add or remove rows that define criteria.
If there are multiple filtering entries, combined both with "And" and "Or" operations, use the brackets "(" and ")" for the operations priority.
For example, to create a filter for the group "Table change by non-system user", use the following settings:
Row
Operator
Column
Operator
Value
1
-
Action Type
Equals
Delete, Insert, Truncate, Update
2
and
Database User
Not Equal
SYSTEM
3
and
Login Name
Not Equal
SYSTEM
To create a filter for a group that selects alerts generated when a specific user (scott) creates a table:
Row
Operator
Column
Operator
Value
1
-
Policy Type
Equals
Metadata Policies
2
and
Action Type
Equals
Create Table
3
and
Database User
Equals
scott
See also
Viewing alerts
Filtering report data