Fortinet FortiDB manual Policy Settings for Suspicious Login Time

Page 17


Rule Chaining	Chaining with Parameterized User-Defined Rules

Policy Settings for Suspicious Login Time

2Create a UBM Session Policy, our Source rule, in order to monitor BAD_GUY and generate an alert to trigger our Target rule, a PUDR. We will pass the Session ID from the Source to the Target rule.

3Create a Target PUDR, in the UBM module, which will contain the following kill- session code. That code, in turn, will accept our passed Session ID parameter (shown in red):

FortiDB Version 3.2 Utilities	User Guide
15-32000-81369-20081219	15

Image 17

Contents Utilities User Guide Trademarks FortiDB Utilities User GuideTable of Contents Index FortiDB MA Utilities Selecting Addresses for Auto-Discovery Auto DiscoveryResults from Auto-Discovery Selecting Non-Standard Ports for Auto-DiscoveryDiscovered Database Information Populating Connection Form MS-SQLMS-SQL Connection Summary Button Connection Summary Output Connection SummaryRule Chaining Rule Chaining Setting ScreenRule Chaining Chaining with Parameterized User-Defined Rules General Pudr Steps Parameterized User-Defined Rule Flow DiagramValidating the Pudr before Saving Disabled Parameter CheckboxesExample of Chaining to a PL/SQL-based Pudr Item Setting for Session PolicyPolicy Settings for Suspicious Login Time Immediate Resulting Killed Session Table Columns That Could Appear in AlertsChained-Rule Alerts UBM Session Policy and Pudr DB Example Multiple Source-Rule-Violation BehaviorRule Chaining Alert Report Manager Setting a Report ScheduleSetting a Timer-based Schedule Setting a Calendar-based Schedule Deleting a Previously Set Timer ScheduleSetting a Timer-Based Schedule Deleting a Timer ScheduleSetting a Randomized Interval Setting a Combined ScheduleSetting a Calendar-Based Schedule Setting a Randomized IntervalEnabling Email Recipients Reporting by TimeSpecifying Report Parameters ARM Reporting by Time ARM Reporting by Time Calendar Pop-upNew Reports Menu New Report Setting Screen topNew Report Setting Screen bottom Using the Select Checkbox to Affect Multiple Reports Saved and Enabled ReportRunning and Analyzing Reports Activating ARMStatus Menu Status Dialog View Reports Dropdown List on Current Reports ScreenReport Summary Action Current Report ConfigurationChoosing Summary Report Action Summary-Action Output TypesReport Size Archiving Reports Report Detailed ActionLimitation Custom Reports Using This FeatureScheduling Custom ReportsTime-only Schedule Settings Daily Schedule Settings Customer and Company Information Weekly Schedule SettingsMonthly Schedule Settings Custom Reports Main Report and Template Generation and ManagementCompany Information Dialog Adding a Report Adding ReportsModifying Reports Deleting a Report Deleting ReportsModifying a Report Modifying Report Templates Templates Manager Modifying a Template Generating ReportsReport Result Generated Html Report Example Report History Report HistoryUser Administration for Custom Reports and SOX Reports Licensing and AdministrationReports radio button on the User Administration screen Property Purpose Possible Values DefaultLimitations Property Purpose Possible Values Default1SOX Reports within Custom Reports Manager SOX Compliance ReportsReports and Acronyms General Setup InstructionsCommon Report Header Fields Report Name AcronymHistory of Privilege Changes Report HPC Cobit Objectives and Setup RequirementsReport Body Columns HPC Report SampleAUC Report Sample Abnormal or Unauthorized Changes to Data Report AUCAUS Report Sample Abnormal Use of Service Accounts Report AUSATD Report Sample Abnormal Termination of Database Activity Report ATDEPA Report Sample End of Period Adjustments Report EPASettings Dialog for the EPA Report Assumptions CaseVAS Report Sample Verification of Audit Settings Report VASReport Size Licensing and AdministrationArchiving Reports Verification of Audit Settings Report VAS Index