Adding Risky Operations¶

After enabling database audit, add and configure risky operations for audit.

Important

One piece of audited data can match only one risky operation rule.

Prerequisites¶

You have applied for a database audit instance and the Status is Running.
Database audit has been enabled.

In the navigation tree, choose Rules.
In the Instance drop-down list, select an instance to add risky operations. Click the Risky Operations tab. Click Add above the risky operation list.

On the Add Risky Operation page, set the basic information and client IP address, as shown in Figure 1. .

**Table 1** Parameters¶
Parameter	Description	Example Value
Name	Custom name of a risky operation	test
Risk Severity	Severity of a risky operation. The options are as follows: High Moderate Low No risks	High
Status	Status of a risky operation : enabled : disabled
Select Database	Database that the risky operation will be applied to You can select ALL or a specific database.	`-`
Client IP Address or IP Range	IP address or IP address range of the client The IP address can be an IPv4 address (for example, 192.168.1.1) or an IPv6 address (for example, fe80:0000:0000:0000:0000:0000:0000:0000).	192.168.0.0

Set the operation type, operation object, and execution result, as shown in Figure 2. For details about related parameters, see Table 2.

**Table 2** Parameters¶
Parameter	Description	Example Value
Operations	Type of a risky operation, including Login and Operation When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.	Operation
Objects	Enter the target database, target table, and field information after clicking Add Operation Object. Click OK to add an operation object.	`-`
Results	Set Affected Rows and Operation Duration. The operation conditions are as follows: Greater than Less than Equal To Equal to or greater than Less than or equal to	`-`

last updated: 2024-11-13 13:56 UTC - commit: 0f1707055f410cccf5d3ea60adc44cdabb5e59b5