tencent cloud

Feedback

Modifying Rule Template

Last updated: 2024-06-07 16:09:14
    This document describes how to modify a database audit rule template in the console.
    Note:
    As of September 25, 2023, the relationship between rule templates and audit instances has been adjusted from initialization to strong association. Any modification to the content of a rule template will synchronously impact the audit rule applied to instances that are bound to the rule template.
    The same field of rule content can be configured with a maximum of 5 characteristic strings. And each string is separated by vertical bar"|".

    Directions

    1. Log in to the TDSQL-C for MySQL console.
    2. On the left sidebar, click Database Audit.
    3. Select Region and click Rule Template.
    
    4. Find the target rule template in the rule template list, or search for it by resource attribute in the search box, and click Edit in the Operation column.
    5. In the Edit Rule Template window, modify configuration items and click OK.
    
    Parameter
    Description
    Rule Template Name
    This field can contain up to 30 letters, digits, and symbols -_./()[]()+=::@,and cannot start with a digit.
    Rule Content
    This fields sets the rule content (parameter field, operator, characteristic string). For detailed instructions, see the following Rule content details and examples.
    Note:
    Click Add to add parameter fields in rule content.
    Click Delete in the Operation column in rule content to remove the unnecessary parameter field and condition. Note that at least one parameter field and condition should be reserved.
    Risk Level
    Select the risk level for this rule template, with options of Low risk, Medium risk, and High risk.
    Alarm Policy
    Select an alarm strategy for this rule template, with options of Do not send alarm notification and send alarm notification.
    Note:
    Please proceed to Tencent Cloud's Observability Platform > Alarm Management to configure alarm rules and notifications. For more details, refer to Post-Event Alarm Configuration.
    Rule Template Remarks
    This field can contain up to 200 letters, digits, and symbols -_./()[]()+=::@and cannot start with a digit.

    Rule content details and examples

    Note:
    You can configure one or multiple rules.
    Different rules are in AND relationship; that is, they need to be met at the same time.
    Different characteristic strings in a rule are in OR relationship; that is, at least one of them needs to be met.
    You can add only one operator for the same parameter field; for example, for the database name, the operator can be either Include or Exclude.
    Parameter Field
    Operator
    Characteristic String
    Client IP
    Include, Exclude, Equal to, Not equal to, Regex
    Up to 5 client IPs can be configured and should be separated by vertical bar "|".
    Database Account
    Include, Exclude, Equal to, Not equal to, Regex
    Up to 5 usernames can be configured and should be separated by vertical bar "|".
    Database Name
    Include, Exclude, Equal to, Not equal to, Regex
    Up to 5 database names can be configured and should be separated by vertical bar "|".
    SQL Details
    Include, Exclude
    Up to five SQL commands can be configured and should be separated by vertical bar "|".
    SQL Type
    Equal to, Not equal to
    Up to five SQL types can be selected. Valid options: ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGIN, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE.
    Affected Rows
    Greater than, Less than
    Select affected rows
    Returned Rows
    Greater than, Less than
    Select returned rows
    Scanned Rows
    Greater than, Less than
    Select scanned rows
    Execution Time
    Greater than, Less than
    Select execution time in microseconds
    Example If the following rule content is set: the database name should include a, b, or c, and the client IP should include IP1, 2 or 3, then the audit logs filtered by the rule are those where the database name includes a, b, or c and the client IP includes IP1, 2, or 3.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support