DSAuditor 4.
Copyright © 1994-2008 Embarcadero Technologies, Inc. Embarcadero Technologies, Inc. 100 California Street, 12th Floor San Francisco, CA 94111 U.S.A. All rights reserved. All brands and product names are trademarks or registered trademarks of their respective owners. This software/documentation contains proprietary information of Embarcadero Technologies, Inc.; it is provided under a license agreement containing restrictions on use and disclosure and is also protected by copyright law.
Contents Welcome to DSAuditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Additional Product Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Embarcadero Technologies Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Dashboard Charts. .
C O N TE N TS > Add a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Change Another User’s Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Create a New Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Welcome to DSAuditor DSAuditor helps to secure critical data, ensure data privacy, and enable regulatory compliance by monitoring database access and activity. DSAuditor's ability to detect suspicious behavior in real time minimizes the threat of data theft and tampering. Historical data auditing capabilities deliver detailed reports to comply with stringent internal policies and external regulatory requirements.
WE L CO ME T O D S A UD I T O R > E M BA R C A DE RO TE C H N O L O G I E S TE CH N I C A L S U P P O RT To save you time, Embarcadero Technologies maintains a Knowledge Base of commonly-encountered issues and hosts Discussion Forums that allow users to discuss their experiences using our products and any quirks they may have discovered. To speak directly with Embarcadero Technical Support, see Contacting Embarcadero Technologies Technical Support below.
WE L CO ME T O D S A UD I T O R > E M BA R C A DE RO TE C H N O L O G I E S TE CH N I C A L S U P P O RT The Embarcadero Technologies Technical Support fax number is (415) 495-4418. EMEA Embarcadero Technologies Technical Support phone number is +44 (0)1628 684 499. The hours are Monday to Friday, 9 A.M. to 5:30 P.M. U.K. time. For licensing issues, including Product Unlock Codes, call +44 (0)1628-684 494. The hours are Monday to Friday, 9 A.M. to 5:30 P.M. U.K.
Dashboard Charts View Charts DSAuditor includes 29 “dashboard” charts for commonly required performance-, privacy-, and security-related auditing tasks. NOTE: Several shared filters must be modified before these charts will be accurate and useful. For details, see Modify Default FIlters Used by Charts.
Modify a Chart To change the date range of a chart, change from chart to table view or vice-versa, or select a different chart type, click the Configure (wrench) icon in the upper-right corner of the chart. NOTE: If you set the date range so as to return an enormous amount of data, for example by selecting All Dates Through Today, after you save the configuration it may take several minutes for the chart to be updated. If the results are too dense to be readable, try switching to table view.
Top 25 Largest Data Returns: Queries returning a large amount of data can affect performance. Use a detailed report to analyze these queries and determine if they can be optimized. Top 25 Longest Running Queries: Long running queries affect application performance. By analyzing the full SQL statements in a detailed report you may be able to better optimize the queries for improved transaction times.
Large Selects by Non-Privileged Users: Every organization will have a different definition of “large” and some databases will have a wider variation in their activity. However, once you have monitored SELECT activity for several weeks it should be relatively clear as to a threshold that represents an unusually large dataset return. This represents a likely download of the data to a local database or even Excel spreadsheet.
D AS HB O AR D C HA R TS > CH A R T DE S C R I P T I O N S In the case of privileged users this represents a likely download of the data, possibly to use for testing purposes. In the case of sensitive data, communicate with the user to ensure they have a legitimate need for the data and understand the protection requirements for that data.
D AS HB O AR D C HA R TS > CH A R T DE S C R I P T I O N S Login Source Information: This table provides you with metrics to spot likely use of a shared account. User IDs with a significant number of logins in one day or coming from multiple network users, multiple source IP addresses or multiple source applications are highly suspicious and should be investigated. It is also highly unlikely that a single user would log in from multiple domains during a single 24-hour period.
D AS HB O AR D C HA R TS > CH A R T DE S C R I P T I O N S Database account activity should be monitored including provisioning and deprovisioning users. When OS accounts are deprovisioned, the matching database accounts should be removed as well. If your organization is not growing, but you see many more roles and users created than dropped, you should review your de-provisioning process.
R E P O RTS > U N DE RS TA N D I N G R E P O RTS Reports Understanding Reports For auditing requirements not met by the dashboard charts, you may create reports. These reports may include more detailed data, and allow you to “drill down” from summary to detailed data, in some cases all the way down to the individual query level.
R E P O RTS > C R E A T E A ND P UB L I S H A N E W R E P O RT • Content: Selects which fields will be included in each row of the subreport body. Which fields are available depends on the Type setting. For more information on these fields, see Subreport Attribute Value Descriptions. • Sort Order: Controls how the rows in the subreport body are sorted. Which sort options are available depends on the Type setting. For more information on these options, see Subreport Attribute Value Descriptions.
R E P O RTS > S C H E D U L E A R E P O RT 3 Use the Table of Contents to navigate through the report and “drill down.” To view detailed metadata and statistics for an individual query, plus (if allowed by the DSAuditor server administrator) its SQL query text, click the contents of the first field of its row (typically the client application name). To update the report with the most recent data, under Actions click Refresh. To view the SQL query that generated the report, under Actions click Show SQL.
R E P O RTS > I M P O R T O R E X P O RT A U S A G E TR A CK E R TE M P L AT E 6 If you wish to modify a subreport, click its name; under Operations, click Edit; set the subreport options as appropriate (for more information, see Understanding Reports); then click Save. (By default, the Edit command is available only when logged in with Power User or Administrator privileges; for more information, see Understanding Role-Based Security.
F I L TE RS > CR E AT E O R E D I T A S H AR E D F I L T E R Filters Create or Edit a Shared Filter If the same filter will be used multiple subreports, you may define it once using the Filters tool. You may then modify the filters of all the subreports at once by editing the single predefined filter. The Web client includes many default filters that can easily be adapted to meet your filtering needs. NOTE: Some of the sample filters must be edited to meet your company’s requirements.
F I L TE RS > MO DI F Y DE F AU L T F I L TE R S U S E D B Y C H A RTS 5 When done setting the above options, click Save to create or modify the filter. Then test the filter by running or creating a report that uses it. Modify Default FIlters Used by Charts Many of the charts use default shared filters. (For details, see Shared Filters Used in Dashboard Charts.
MI S C E L L AN E O U S TA S K S > C U S T O M I Z E T H E WE B C L I E N T Miscellaneous Tasks Customize the Web Client CAUTION: If you use the tools discussed in this section to modify the default client configuration, the instructions in the online help and DSAuditor User Guide may no longer be accurate. Consequently, we do recommend you not use this feature. The DSAuditor Web client is based on Liferay Portal, a highly customizable open-source framework based on the JSR-168 portlet specification.
MI S C E L L AN E O U S TA S K S > C H A NG E YO U R P A S S W O R D Change Your Password 1 Select User Profiles. 2 Under My Profile, click Change Password. 3 Enter the old password once and the new password twice, then click Save. E M B AR C A DE R O TE C H N O L O G I E S > D S A U DI T O R 4 .
WE B C L I E NT A D MI N I S TR A T I O N A ND S E C U RI T Y > U N D E R S TAN D I N G R O L E - B AS E D S E CU R I T Y Web Client Administration and Security The commands discussed in this section are available only to users with Administrator privileges. Understanding Role-Based Security What you can do with the Web client is determined by which role is assigned to your login.
WE B C L I E NT A D MI N I S TR A T I O N A ND S E C U RI T Y > A D D A U S E R Add a User 1 Log in with a user ID that has Administrator privileges. 2 Select User Profiles. 3 Under Users, click Add User. 4 Enter the Login Name and password and select one or more roles for the user (see Understanding Role-Based Security). Optionally, enter contact information. Then click Save. Change Another User’s Password When users forget their passwords, an administrator can assign a new one.
WE B C L I E NT A D MI N I S TR A T I O N A ND S E C U RI T Y > VI E W O R MO D I FY A RO LE View or Modify a Role NOTE: You can view but not modify the standard User, Power User, and Administrator roles, so their Edit Role commands are disabled. 1 Log in with a user ID that has Administrator privileges. 2 Select User Profiles. 3 Under Roles, click the name of the role you wish to modify. 4 Click Edit Role.
WE B C L I E NT A D MI N I S TR A T I O N A ND S E C U RI T Y > STA R T O R ST O P T HE WE B C L I E N T S E R V E R • User: a valid user ID for the repository database (by default, admin) • Password: the password corresponding to the user ID 4 Click Test Connection. 5 If a “Connection Successful” message appears, click Save.
R E F E R E N C E > S U B R E P O RT A T T RI B U T E VA L U E D E S C R I P T I O NS Reference Subreport Attribute Value Descriptions The following values are among those used to specify content, sort order, and grouping properties. This is not a comprehensive list; self-explanatory properties such as Today and Query Count are omitted. NOTE: Hour, Day, Month, and other time-related values refer to the time the activity occurred.
R E F E R E N C E > A T TR I B U T E VA LU E - S UB R E P O R T TY P E C O N CO RD A N CE Attribute Value - Subreport Type Concordance This table shows which subreport attribute values are available for use in each subreport type.
R E F E R E N C E > A T TR I B U T E VA LU E - S UB R E P O R T TY P E C O N CO RD A N CE Column Dormant Dormant Query Query Repetitive Session Table Join Table Summary Column Table Detail Summary Query Detail Summary Summary Max First Seconds • • • • Max Packets • • • • Max Rows • • • • • • • • • • • • Month • • Network Packets • Network User • Order By Count • Other Count • • Parameter Text • Procedure Name • Procedure Type • Qualified Column Name • Qualified Ta
R E F E R E N C E > S H A R E D F I LT E RS U S E D I N D A S H BO AR D C H AR TS Column Dormant Dormant Query Query Repetitive Session Table Join Table Summary Column Table Detail Summary Query Detail Summary Summary Table Owner • • Timestamp • • • • Total Bytes • • • • Total End Seconds • • • • Total First Seconds • • • • Total Packets • • • • Total Rows • • • • • • • • • • • • • • • • Update Count • Week • Where Count • Year • Shared Filters Used in D
R E F E R E N C E > S H A R E D F I LT E RS U S E D I N D A S H BO AR D C H AR TS Filter Used by Report(s) Role and User Activity Role and User Account Activity Schema Changes Database Schema Change Summary Schema Changes by Unauthorized Applications Schema Changes by Unauthorized Applications Select Count Greater Than One Top 25 Column Accesses Select Queries Failed Selects By Privileged Users Table Accesses Table Accesses Select Queries - Non-Privileged Users Non-Privileged Select Activity b
