The security audit feature automatically identifies risks, such as high-risk SQL statements, SQL injections, and new access sources. This topic describes how to perform security audits in the SQL insight and audit feature.

Prerequisites

  • A database instance is connected to Database Autonomy Service (DAS) and is in the Accessed state.
  • DAS Professional Edition is activated for the instance. For more information, see DAS Professional Edition.
  • The database instance is an ApsaraDB RDS for MySQL instance of High-availability Edition or a PolarDB for MySQL instance of Cluster Edition.

Procedure

  1. Log on to the DAS console.
  2. In the left-side navigation pane, click Instance Monitoring. On the Instance Monitoring page, find the instance, and click its name. The instance details page appears.
    a
  3. In the left-side navigation pane, click SQL insight and audit. Click the Security Audit tab.
    0
  4. Specify the time range for the security audit and click Search. The Security Risk Trend and Security Risks sections are displayed.
    Note You can click the security risk trend chart to view the security risk details of a specific period.
  5. In the Security Risks section, view the details about High-risk Requests and SQL Injections.
    Parameter Description
    High-risk Requests DAS identifies the following three types of high-risk SQL statements based on preset rules:
    • Data definition language (DDL) statements used to create a table, modify the schema of a table, modify an index, rename a table, and perform other operations
    • Statements used to update and delete full tables
    • Statements that are used to run large queries that meet one of the following conditions by default:
      • The number of scanned rows is at least 1,000,000.
      • The number of returned rows is at least 100,000.
      • The number of updated rows is at least 100,000.
    SQL Injections SQL injections refer to attacks in which malicious SQL statements are inserted into web forms, domain names, or page requests to trick servers into executing these SQL statements. This type of attacks compromise database security.
    Note DAS continuously monitors and identifies whether SQL injections occur in databases, and identifies the access sources.
    New Access Sources DAS automatically identifies new access sources by comparing them with the access source records to determine whether access requests originate from unknown servers.
    Note Access sources that show no presence within the last seven days are considered new access sources.