- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Optimization of Instance Storage Capacity, IOPS, and I/O Bandwidth
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Sales Suspension of Some General Specifications
- Announcement on Some APIs Integrated with CAM Authentication
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Announcement on Supplementary Charge for Clusters with Pay-as-You-Go Storage Billing Mode
- Announcement on New APIs Integrated with CAM Permissions
- Announcement on the Release of New Version of Database Proxy
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Practical Tutorial
- Classified Protection Practice for Database Audit of TDSQL-C for MySQL
- Upgrading Database Version from MySQL 5.7 to 8.0 Through DTS
- Usage Instructions for TDSQL-C MySQL
- New Version of Console
- Implementing Multiple RO Groups with Multiple Database Proxy Connection Addresses
- Strengths of Database Proxy
- Selecting Billing Mode for Storage Space
- Creating Remote Disaster Recovery by DTS
- Creating VPC for Cluster
- Data Rollback
- Solution to High CPU Utilization
- How to Authorize Sub-Users to View Monitoring Data
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Billing APIs
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterDetail
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- SwitchClusterVpc
- OpenReadOnlyInstanceExclusiveAccess
- OpenClusterReadOnlyInstanceGroupAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- Service Agreement
- TDSQL-C Policy
- General References
- Glossary
- Contact Us
- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Optimization of Instance Storage Capacity, IOPS, and I/O Bandwidth
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Sales Suspension of Some General Specifications
- Announcement on Some APIs Integrated with CAM Authentication
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Announcement on Supplementary Charge for Clusters with Pay-as-You-Go Storage Billing Mode
- Announcement on New APIs Integrated with CAM Permissions
- Announcement on the Release of New Version of Database Proxy
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Practical Tutorial
- Classified Protection Practice for Database Audit of TDSQL-C for MySQL
- Upgrading Database Version from MySQL 5.7 to 8.0 Through DTS
- Usage Instructions for TDSQL-C MySQL
- New Version of Console
- Implementing Multiple RO Groups with Multiple Database Proxy Connection Addresses
- Strengths of Database Proxy
- Selecting Billing Mode for Storage Space
- Creating Remote Disaster Recovery by DTS
- Creating VPC for Cluster
- Data Rollback
- Solution to High CPU Utilization
- How to Authorize Sub-Users to View Monitoring Data
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Billing APIs
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterDetail
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- SwitchClusterVpc
- OpenReadOnlyInstanceExclusiveAccess
- OpenClusterReadOnlyInstanceGroupAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- Service Agreement
- TDSQL-C Policy
- General References
- Glossary
- Contact Us
Classified Protection Practice for Database Audit of TDSQL-C for MySQL
Last updated: 2024-10-25 09:53:56
To assist enterprises with classified protection compliance of cybersecurity, this document describes the relationship between the capabilities of TDSQL-C for MySQL Database Audit and the related clauses of Classified Protection, to help enterprises to provide targeted supporting materials.
Prerequisites
Database Audit service has been enabled.
Classified Protection Level 3
a) The database audit feature should be enabled, auditing each user and covering important user behaviors and significant security events;
This clause primarily assesses the following three points:
Whether the Database Audit feature is enabled
1.1 Log in to the TDSQL-C for MySQL console, and select Database Audit from the left navigation bar. Enabled should be displayed under the Audit Status field, indicating that the Database Audit feature is enabled for the instances in the specified region for the current account.
1.2. Click to view audit logs, which will redirect you to the Audit Log page of the corresponding instance. You should see audit log records (audit log records should be generated), proving that Database Audit is running normally.
Whether the audit scope covers each user
On the Audit Log page, you can query the user account corresponding to an operation under the User Account field, supporting audit for each username.
Whether important user behaviors and significant security events are audited
By configuring post-event alarms, you can set audit rules and risk levels for alarms, helping you to receive risk alarms in a timely manner. On the Audit Log page, you can quickly locate problems and view related audit logs.
b) The audit records should include the date and time of an event, user account, SQL type, SQL command details, and other relevant audit information;
On the Audit Log page, by filtering through time and related search items, you can locate the target audit logs. Click the download icon to download the audit logs to a local computer and query the related information.
c) The audit records should be protected to prevent unexpected deletion, modification, or overwriting;
After the Database Audit feature is enabled, the deletion button is not provided for audit logs, preventing you from deleting or modifying audit logs by mistake. Audit records will only be cleared when the Database Audit feature is disabled.
d) Others: The Cybersecurity Law requires that network logs be retained for 6 months or longer.
On the Audit Log page, select a 6-month time period in the time box to view the logs for the selected 6 months.
Yes
No
Was this page helpful?