Creating Rule Template

This document describes how to create a rule template via the console.
Note:
As of September 25, 2023, the relationship between rule templates and audit instances has been adjusted from initialization to strong association. Any modification to the content of a rule template will synchronously impact the audit rule applied to instances that are bound to the rule template.
The same field of rule content can be configured with a maximum of 5 characteristic strings. And each string is separated by vertical bar"|".  
Directions
1. Log in to the TDSQL-C for MySQL console.    
2. On the left sidebar, click Database Audit.
3. Select Region and click Rule Template.
4. In the template list, click Create Rule Template.
﻿
5. In the Create Rule Template window, set the following configuration items and click OK.
﻿
Parameter
Description
Rule Template Name
This field can contain up to 30 letters, digits, and symbols -_./()[]（）+=：:@and cannot start with a digit.
Rule Content
This fields sets the rule content (parameter field, operator, characteristic string). For detailed instructions, see the following Rule content details and examples.
Note:
Click Add to add parameter fields in rule content.
Click Delete in the Operation column in rule content to remove the unnecessary parameter field and condition. Note that at least one parameter field and condition should be reserved. 
Risk Level
Select a risk level for the created rule template, with options of Low risk, Medium risk, and High risk. 
Alarm Policy
Select an alarm policy for the created rule template, with options of Do not send alarm notification or Send alarm notification.
Note:
Please proceed to Tencent Cloud Observability Platform > Alarm Management to configure alarm rules and notifications. For more information, please refer to Post-Event Alarm Configuration. 
Rule Template Remarks
This field can contain up to 200 letters, digits, and symbols-_./()[]（)+=：:@and cannot start with a digit.             
Rule content details and examples            
Note:
You can configure one or multiple rules.
Different rules are in AND relationship; that is, they need to be met at the same time.
Different characteristic strings in a rule are in OR relationship; that is, at least one of them needs to be met.
You can add only one operator for the same parameter field; for example, for the database name, the operator can be either Include or Exclude.
Parameter Field
Operator
Characteristic String
Client IP
Include, Exclude, Equal to, Not equal to, Regex
Up to 5 client IPs can be configured and should be separated by vertical bar "|".
Database Account
Include, Exclude, Equal to, Not equal to, Regex
Up to 5 usernames can be configured and should be separated by vertical bar "|".
Database Name
Include, Exclude, Equal to, Not equal to, Regex
Up to 5 database names can be configured and should be separated by vertical bar "|".
SQL Details
Include, Exclude
Up to five SQL commands can be configured and should be separated by vertical bar "|".
SQL Type
Equal to, Not equal to
Up to five SQL types can be selected. Valid options: ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGIN, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE.
Affected Rows
Greater than, Less than
Select affected rows.
Returned Rows
Greater than, Less than
Select returned rows.
Scanned Rows
Greater than, Less than
Select scanned rows.
Execution Time
Greater than, Less than
Select execution time in milliseconds.
Example
If the following rule content is set: the database name should include a, b, or c, and the client IP should include IP1, 2 or 3, then the audit logs filtered by the rule are those where the database name includes a, b, or c and the client IP includes IP1, 2, or 3.  

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Parameter	Description
Rule Template Name	This field can contain up to 30 letters, digits, and symbols -_./()[]（）+=：:@and cannot start with a digit.
Rule Content	This fields sets the rule content (parameter field, operator, characteristic string). For detailed instructions, see the following Rule content details and examples. Note: Click Add to add parameter fields in rule content. Click Delete in the Operation column in rule content to remove the unnecessary parameter field and condition. Note that at least one parameter field and condition should be reserved.
Risk Level	Select a risk level for the created rule template, with options of Low risk, Medium risk, and High risk.
Alarm Policy	Select an alarm policy for the created rule template, with options of Do not send alarm notification or Send alarm notification. Note: Please proceed to Tencent Cloud Observability Platform > Alarm Management to configure alarm rules and notifications. For more information, please refer to Post-Event Alarm Configuration.
Rule Template Remarks	This field can contain up to 200 letters, digits, and symbols-_./()[]（)+=：:@and cannot start with a digit.

Parameter Field	Operator	Characteristic String
Client IP	Include, Exclude, Equal to, Not equal to, Regex	Up to 5 client IPs can be configured and should be separated by vertical bar "\|".
Database Account	Include, Exclude, Equal to, Not equal to, Regex	Up to 5 usernames can be configured and should be separated by vertical bar "\|".
Database Name	Include, Exclude, Equal to, Not equal to, Regex	Up to 5 database names can be configured and should be separated by vertical bar "\|".
SQL Details	Include, Exclude	Up to five SQL commands can be configured and should be separated by vertical bar "\|".
SQL Type	Equal to, Not equal to	Up to five SQL types can be selected. Valid options: ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGIN, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE.
Affected Rows	Greater than, Less than	Select affected rows.
Returned Rows	Greater than, Less than	Select returned rows.
Scanned Rows	Greater than, Less than	Select scanned rows.
Execution Time	Greater than, Less than	Select execution time in milliseconds.

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

Financial Services

Financial Services Solution

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Real Estate

Tencent Cloud LinkBase(Weiling)

E-commerce

E-commerce retail solutions

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha