Powered by Zoomin Software. For more details please contactZoomin

Database Activity Monitoring User Guide

Source Type
Application Security
Data Security
Network Security
Application Performance
Product Versions
Hypervisor Installation
Document Type
Public Cloud
    Community Content Type
      Product Area
      This guide
      Table of Contents

      Understanding Violations

       Understanding Violations

      Violations contain details regarding a security event. Typically you are first alerted about this event in the Dashboard or Alerts window, then you can drill down to view the violations related to a specific alert. Violations provide detailed information regarding an attack to assist you in determining the circumstances surrounding the attack such as attacker IP, targeted service, and much more. This data can then be used to determine if the violation poses a risk to your data, or if the violation should not have been generated and you need to fine-tune SecureSphere. Fine tuning is conducted by editing a security policy, adding the violation as an exception, adding it to a profile, or generating a report of violations and consulting with the relevant SMEs (For example, database administrators).

      EXAMPLE: Understanding Violations

      Assume a policy determines that tampering with cookies is a violation that requires further action. If SecureSphere detects that a cookie has been modified, it generates a violation listing the details of the violation, such as the user’s IP address, the cookie content, or the name of the policy being violated. You can then analyze these details to determine whether an attack is taking place, or whether the cookie may be modified as part of its handling, and the policy that generated the violation should be fine-tuned.

      An integral part of analyzing violations is viewing them in aggregated alerts as described in Understanding Aggregated Alerts.

      Was this topic helpful?