The security audit (new version) feature of Database Autonomy Service (DAS) uses built-in security audit rules to identify potential risks in databases. This helps ensure your databases run securely. The feature also supports customization for different scenarios and application types to precisely control database access.
Supported regions and databases
Database | Region |
| China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Chengdu), and China (Hong Kong) |
RDS for PostgreSQL | China (Qingdao), China (Beijing), and China (Hong Kong) |
PolarDB-X 2.0 | China (Hangzhou), China (Shanghai), China (Shenzhen), China (Beijing), China (Zhangjiakou), and China (Hong Kong) |
PolarDB for PostgreSQL (Compatible with Oracle) | China (Hangzhou) and Malaysia (Kuala Lumpur) |
PolarDB for PostgreSQL | China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Ulanqab), China (Shenzhen), and China (Hong Kong) |
Billing
If DAS Enterprise Edition is not enabled for your instance, enabling the security audit (new version) feature automatically enables Enterprise Edition V3 and audit logs. You will then be charged for the corresponding log traffic and security audit fees.
If your instance already uses Enterprise Edition, you are charged only for security audit (SecurityAudit).
Full SQL details are stored in cold storage. DAS provides 30 days of free cold storage. After this period, you are charged additional cold storage fees.
Feature description
The security audit (new version) feature includes over 900 built-in rules for high-risk operations. These rules cover four main categories: abnormal operations, data breaches, SQL injection, and vulnerability attacks. This allows for more comprehensive and automatic detection of risks such as high-risk operations, SQL injection, and new access patterns. The security audit (new version) feature provides the following features:
Audit alerts: Provides alerts for five types of risks: abnormal operations, data breaches, SQL injection, vulnerability attacks, and new access.
Anomaly alerts: Uses built-in or custom detection models. Based on the configured models, DAS detects and sends alerts for abnormal operations related to sensitive data, such as abnormal data flow and behavior.
Alert rules: Allows you to manage built-in database audit rules and anomaly detection models. You can also create custom detection models based on different dimensions, such as databases, tables, fields, access sources, and instances. This provides more flexible security policies.
Whitelists: Allows you to add trusted accounts and IP addresses to a whitelist. This helps identify and isolate access sources to reduce false positive alerts.
Enable security audit
Method 1: Enable security audit for a single instance
You can enable security audit only for the current instance.
Log on to the DAS console.
In the navigation pane on the left, click Intelligent O&M Center > Instance Monitoring.
Find the target instance, click the instance ID, and then go to the instance details page.
In the navigation pane on the left, click Security Audit.
On the Security Audit page, click Enable Security Audit. Configure the features to enable, specify the audit data storage duration, and then click Submit.
Method 2: Enable security audit for multiple instances
You can enable security audit for one or more instances at a time. The feature is enabled for the instances that you select.
Log on to the DAS console.
In the navigation pane on the left, click Security Center > Security Audit.
Select the instances for which security audit is not enabled.
Click . Configure the security audit features and the audit data retention period, and then click Submit.