TDSQL-C for MySQL
- Release Notes and Announcements
- Announcements
- Product Introduction
- Suggestions on Usage Specifications
- Kernel Features
- Kernel Version Release Notes
- Optimized Kernel Version
- Functionality Features
- Performance Features
- Security Features
- Stability Feature
- Analysis Engine Features
- Purchase Guide
- Value-Added Services Billing Overview
- Database Audit
- Audit Rule Template
- Serverless Service
- Serverless Introduction
- Serverless Resource Pack
- Configuration Change
- Operation Guide
- Database Connection
- Configuring Network Address
- Instance Management
- Configuration Adjustment
- Instance Mode Management
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Kernel Features
- Managing Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Console Account
- Database Account
- Configuring Custom Password Strength
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Utilization of Columnar Storage Indexes
- Read-Only Analysis Engine
- Feature Limits and Compatibility
- Description of Functions and Operators
- Read-Only Analysis Engine Management
- Data Loading
- Executing Queries
- Exclusive Features
- Performance Optimization
- Performance White Paper
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Performing Backup
- Managing Backup
- Rollback
- Restoring Data from Logical Backups
- Restoring Data Through the Console
- Restoring Data from Snapshot Backup
- Data Migration
- Parallel Query
- Setting Parallel Query
- Database Security and Encryption
- Access and Authorization
- Security Group Management
- TencentDB Security Group Management
- Monitoring and Alarms
- Monitoring
- Alarms
- Monitoring Metric Alarm
- Practical Tutorial
- Data Rollback
- Database/Table-Level Rollback
- Rolling back Entire Cluster
- White Paper
- Security White Paper
- Performance White Paper
- Troubleshooting
- Connection Issues
- API Documentation
- Making API Requests
- Instance APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- FAQs
- Service Agreement
- TDSQL-C Policy
- General References
DocumentationTDSQL-C for MySQLPractical TutorialClassified Protection Practice for Database Audit of TDSQL-C for MySQL
Classified Protection Practice for Database Audit of TDSQL-C for MySQL
Last updated: 2024-10-25 09:53:56
Classified Protection Practice for Database Audit of TDSQL-C for MySQL
Last updated: 2024-10-25 09:53:56
To assist enterprises with classified protection compliance of cybersecurity, this document describes the relationship between the capabilities of TDSQL-C for MySQL Database Audit and the related clauses of Classified Protection, to help enterprises to provide targeted supporting materials.
Prerequisites
Database Audit service has been enabled.
Classified Protection Level 3
a) The database audit feature should be enabled, auditing each user and covering important user behaviors and significant security events;
This clause primarily assesses the following three points:
Whether the Database Audit feature is enabled
1.1 Log in to the TDSQL-C for MySQL console, and select Database Audit from the left navigation bar. Enabled should be displayed under the Audit Status field, indicating that the Database Audit feature is enabled for the instances in the specified region for the current account.
1.2. Click to view audit logs, which will redirect you to the Audit Log page of the corresponding instance. You should see audit log records (audit log records should be generated), proving that Database Audit is running normally.
Whether the audit scope covers each user
On the Audit Log page, you can query the user account corresponding to an operation under the User Account field, supporting audit for each username.
Whether important user behaviors and significant security events are audited
By configuring post-event alarms, you can set audit rules and risk levels for alarms, helping you to receive risk alarms in a timely manner. On the Audit Log page, you can quickly locate problems and view related audit logs.
b) The audit records should include the date and time of an event, user account, SQL type, SQL command details, and other relevant audit information;
On the Audit Log page, by filtering through time and related search items, you can locate the target audit logs. Click the download icon to download the audit logs to a local computer and query the related information.
c) The audit records should be protected to prevent unexpected deletion, modification, or overwriting;
After the Database Audit feature is enabled, the deletion button is not provided for audit logs, preventing you from deleting or modifying audit logs by mistake. Audit records will only be cleared when the Database Audit feature is disabled.
d) Others: The Cybersecurity Law requires that network logs be retained for 6 months or longer.
On the Audit Log page, select a 6-month time period in the time box to view the logs for the selected 6 months.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No