Database Activity Monitoring (DAM) policies : Types of DAM policies
 
Types of DAM policies
There are two types of DAM policies:
Alert — Policies that generate an alert when database activity violates a policy rule.
Audit — Policies that generate an audit record when FortiDB detects the database activity specified in the policy rules. FortiDB uses these policies only when it monitors target databases with the TCP/IP sniffer.
The following sub-types are available for both alert and audit policies:
Metadata Policies — Pre-defined policies that generate alerts or audit logs when FortiDB detects metadata activity.
Privilege Policies — Pre-defined policies that generate alerts or audit logs when FortiDB detects privilege activity.
Sys Operations Policy — Pre-defined policy that generate alerts or audit logs when FortiDB detects SYS user operations.
Data Policy — Policies that you create to generate alert or audit logs when FortiDB detects data manipulation activity.
The following table describes the differences between the two types of DAM policy.
 
Alert Policy
Audit Policy
Used For
Generates an alert if an activity violates a policy rule
Logs the specified activity
Available With
All DAM collection methods
TCP/IP sniffer collection method only
Types of Data Policies
Table
Table and Column
Session
User
Database Query Policy
Database
Table
Table and Column
Session
User
Data Policy Configuration Options
"Read and Write" audit actions for Table, Table and Column
"Alert Rule" for violations
“SQL query” for "Database Query Policy"
"Select/Insert/Update/Delete/Truncate" audit actions for Table
"Select/Insert/Update/Delete" audit actions for Database, Table and Column
No "Alert Rule" settings
PCI, SOX, and HIPAA Policies
Yes
No
Severity Attribute
Yes
No
See also
Managing DAM policies
Data policies
Privilege policies
Metadata policies
PCI, SOX, and HIPAA alert policies
Alert and audit policy groups