This topic describes the security audit feature of Database Autonomy Service (DAS) and how to use this feature.

Prerequisites

A database instance is connected to DAS and the database instance is in the Accessed state. The security audit feature is available only for self-managed MySQL databases.
Note For more information, see Connect to other self-managed database instances.

Background information

Databases are crucial assets of enterprises, and are prone to external attacks, internal high-risk operations, and data leaks. The security audit feature of DAS uses the bypass technology to collect and analyze operations on database servers. DAS intelligently identifies risks from the operations in real time. Risks may arise from high-risk SQL statements, SQL injection, and new access sources.

SQL

High-risk SQL statements

DAS identifies the following three types of high-risk SQL statements based on preset rules:

  • Data definition language (DDL) statements such as the statements used to create a table, modify the schema of a table, modify an index, and rename a table.
  • Statements used to update or delete full tables.
  • Statements used for a large number of requests that meet one of the following conditions:
    • The number of scanned rows is greater than or equal to 1 million.
    • The number of returned rows is greater than or equal to 100,000.
    • The number of updated rows is greater than or equal to 100,000.

SQL injection

An SQL injection attack inserts malicious SQL statements into web forms or URL requests and prompts the server to execute the malicious statements. SQL injection can destroy your database. DAS continuously monitors and identifies whether SQL injection occurs in databases, and identifies access sources.

New access sources

DAS identifies new access sources by comparing them with the access source records to determine whether unknown sources are accessing or reading data from a database.

Note By default, access sources that show no presence within the last seven days are considered new access sources.

Procedure

  1. Log on to the DAS console .
  2. In the left-side navigation pane, click Instance Monitoring.
  3. On the Instance Monitoring page, find the instance that you want to view and click the instance ID to go to the instance details page.
  4. In the left-side navigation pane, click Security Audit.
  5. Click Enable. In the message that appears, click OK. You can click Disable Security Audit in the upper-right corner to disable security audit. If you disable security audit, the full SQL analysis feature is also disabled.