Parameter | Description |
Rule Template Name | This field can contain up to 30 letters, digits, and symbols -_./()[]()+=::@,and cannot start with a digit. |
Rule Content | This fields sets the rule content (parameter field, operator, characteristic string). For detailed instructions, see the following Rule content details and examples. Note: Click Add to add parameter fields in rule content. Click Delete in the Operation column in rule content to remove the unnecessary parameter field and condition. Note that at least one parameter field and condition should be reserved. |
Risk Level | Select the risk level for this rule template, with options of Low risk, Medium risk, and High risk. |
Alarm Policy | Select an alarm strategy for this rule template, with options of Do not send alarm notification and send alarm notification. Note: Please proceed to Tencent Cloud's Observability Platform > Alarm Management to configure alarm rules and notifications. For more details, refer to Post-Event Alarm Configuration. |
Rule Template Remarks | This field can contain up to 200 letters, digits, and symbols -_./()[]()+=::@and cannot start with a digit. |
Parameter Field | Operator | Characteristic String |
Client IP | Include, Exclude, Equal to, Not equal to, Regex | Up to 5 client IPs can be configured and should be separated by vertical bar "|". |
Database Account | Include, Exclude, Equal to, Not equal to, Regex | Up to 5 usernames can be configured and should be separated by vertical bar "|". |
Database Name | Include, Exclude, Equal to, Not equal to, Regex | Up to 5 database names can be configured and should be separated by vertical bar "|". |
SQL Details | Include, Exclude | Up to five SQL commands can be configured and should be separated by vertical bar "|". |
SQL Type | Equal to, Not equal to | Up to five SQL types can be selected. Valid options: ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGIN, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE. |
Affected Rows | Greater than, Less than | Select affected rows |
Returned Rows | Greater than, Less than | Select returned rows |
Scanned Rows | Greater than, Less than | Select scanned rows |
Execution Time | Greater than, Less than | Select execution time in microseconds |
a
, b
, or c
, and the client IP should include IP1, 2 or 3, then the audit logs filtered by the rule are those where the database name includes a
, b
, or c
and the client IP includes IP1, 2, or 3.
Was this page helpful?