Powered by Zoomin Software. For more details please contactZoomin

Database Activity Monitoring User Guide

Source Type
Application Security
Data Security
Network Security
Application Performance
Product Versions
Hypervisor Installation
Document Type
Public Cloud
    Community Content Type
      Product Area
      This guide

      Understanding Audit Views and Filters

      Table of Contents

      Understanding Audit Views and Filters

       Understanding Audit Views and Filters

      The ability to drill down and analyze audit data in SecureSphere is derived from the filters and views built into the audit feature. SecureSphere provides a hierarchal set of filters that enables you to select a specific cross-section of data, then drill down to view individual events. If the view does not provide enough granularity, you can apply a filter or configure a more specific time frame (according to your local time zone), then view the data again. Once you’ve obtained the data you require, you can drill down on that data and view specific events. SecureSphere auditing provides four basic tools that defines what data to display on the screen, as illustrated below.

      The following table lists the available audit tools.

      Audit Viewing Filters

      Name

      Description

      Policy

      Selects the policy whose data you want to view and displays the number of events currently in the system for each policy.

      Note: To update the number of events, click refresh.

      Enables you to select different policies for viewing that include:

      Applied Policies: Lists all policies currently applied to elements in your network.

      Loaded Archives: Lists all policies related to data that has been imported into SecureSphere from an archive. For information on how to import archived data, see Importing Audit Archives for Analysis.

      Unapplied Policies: List all policies that are not currently applied. If a policy is selected here and has not been previously applied, no data is displayed.

      Time Frame

      Determines the time frame (according to your local time zone) of data to be displayed.

      • If no time frame is selected, data is displayed according to the settings configured for Fast Viewing.
      • When Last X Time is selected, queries data until the current time.
      • When Custom time frame is selected, enables you to configure a from and to date and time. For information about how the time is interpreted across time zones, see Date and Time of Audit Events.

      Note: When selecting Last Month, queries data for last 30 days. When selecting Last Week, queries data for last 7 days.

      For further information on Fast Viewing, see How Audit Data is Maintained by Imperva DAM.

      View Pane

      Lists the available views used to display audit data. Views provide an easily readable cross-section of data in standard layouts.

      For a list of DB audit views, see Understanding DB Audit Views (per Policy).

      Filters

      Uses standard SecureSphere filter capabilities to drill down and select particular criteria to display. For example, you can select all records that relate to a specific database user. Applied filters are retained when switching between views. Filters are only removed when you select clear or log out of the system.

      Was this topic helpful?