The security audit feature automatically identifies risks, such as high-risk SQL statements, SQL injections, and new request sources. This topic describes how to perform security audits by using the SQL insight and audit feature.

Prerequisites

  • The database instance that you want to manage is Database Autonomy Service (DAS) and is in the Accessed state.
  • DAS Professional Edition is activated for the instance. For more information, see DAS Professional Edition.
  • DAS provides the security audit feature only for the following types of database instances:
    • ApsaraDB RDS for MySQL High-availability Edition and Enterprise Edition
    • Single Node Edition, Archive Database Edition, and Cluster Edition of the ApsaraDB PolarDB MySQL-compatible edition
    • Cluster Edition of the ApsaraDB PolarDB PostgreSQL-compatible edition

Procedure

  1. Log on to the DAS console.
  2. In the left-side navigation pane, click Instance Monitoring.
  3. In the left-side navigation pane, click Security Audit.
  4. Specify the time range for the security audit and click Search. The Security Risk Trend and Security Risks sections are displayed.
    Note You can click the security risk trend chart to view the security risk details of a specific period of time.
  5. In the Security Risks section, view the details about High-risk Requests and SQL Injections.
    Parameter Description
    High-risk Requests DAS identifies the following three types of high-risk SQL statements based on preset rules:
    • DDL statements used to create a table, modify the schema of a table, modify an index, rename a table, and perform other operations
    • Statements used to update and delete full tables
    • Statements that are used to run large queries that meet one of the following conditions by default:
      • The number of scanned rows is at least 1,000,000.
      • The number of returned rows is at least 100,000.
      • The number of updated rows is at least 100,000.
    SQL Injections SQL injections refer to attacks in which malicious SQL statements are inserted into web forms, domain names, or page requests to trick servers into executing these SQL statements. This type of attacks compromise database security.
    Note DAS continuously monitors and identifies whether SQL injections occur in databases, and identifies the access sources.
    New Access Sources DAS automatically identifies new access sources by comparing them with the access source records to determine whether the access requests originate from unknown servers.
    Note The access sources that do not access your database within the last seven days are considered new access sources.