Fortinet FortiDB manual Immediate

Page 18

Chaining with Parameterized User-Defined Rules

Rule Chaining

DECLARE

v_str VARCHAR2(80) := 'ALTER SYSTEM KILL SESSION 'chr(39);

v_statementVARCHAR2(80);

sesid NUMBER;

serial NUMBER; usernameVARCHAR(50);

osuser VARCHAR(50);

machine VARCHAR(50);

program VARCHAR(50);

BEGIN

SELECT sid, serial#,username,osuser,machine,program INTO sesid,serial,username,osuser,machine,program FROM v$session

WHERE audsid =$sessionid;

v_statement := v_strsesid','serialchr(39)'

IMMEDIATE';

EXECUTE IMMEDIATE v_statement;

DBMS_OUTPUT.PUT_LINE (TO_CHAR

(SYSDATE,'YYYY/MM/DD HH24:MI:SS')

'A suspicious session has been killed.'

'[Username]'username

'[Osuser]'osuser' [Machine]'machine

'[Program]'program) ;

EXCEPTION

WHEN no_data_found THEN DBMS_OUTPUT.PUT_LINE

(TO_CHAR

(SYSDATE,'YYYY/MM/DD HH24:MI:SS')

' A suspicious session is not found at this moment.');

END;

4Login as BAD_GUY at an "abnormal" time (Here, that is anytime except between 3 and 4 AM)

	FortiDB Version 3.2 Utilities User Guide
16	15-32000-81369-20081219

Image 18

Contents Utilities User Guide FortiDB Utilities User Guide TrademarksTable of Contents Index FortiDB MA Utilities Auto Discovery Selecting Addresses for Auto-DiscoverySelecting Non-Standard Ports for Auto-Discovery Results from Auto-DiscoveryMS-SQL Discovered Database Information Populating Connection FormMS-SQL Connection Summary Connection Summary Button Connection Summary OutputRule Chaining Setting Screen Rule ChainingRule Chaining Chaining with Parameterized User-Defined Rules Parameterized User-Defined Rule Flow Diagram General Pudr StepsDisabled Parameter Checkboxes Validating the Pudr before SavingItem Setting for Session Policy Example of Chaining to a PL/SQL-based PudrPolicy Settings for Suspicious Login Time Immediate Table Columns That Could Appear in Alerts Chained-Rule Alerts UBM Session Policy and PudrResulting Killed Session Multiple Source-Rule-Violation Behavior DB ExampleRule Chaining Setting a Report Schedule Setting a Timer-based ScheduleAlert Report Manager Setting a Timer-Based Schedule Deleting a Previously Set Timer ScheduleSetting a Calendar-based Schedule Deleting a Timer ScheduleSetting a Calendar-Based Schedule Setting a Combined ScheduleSetting a Randomized Interval Setting a Randomized IntervalSpecifying Report Parameters Reporting by TimeEnabling Email Recipients ARM Reporting by Time ARM Reporting by Time Calendar Pop-upNew Report Setting Screen top New Reports MenuNew Report Setting Screen bottom Saved and Enabled Report Using the Select Checkbox to Affect Multiple ReportsStatus Menu Status Dialog Activating ARMRunning and Analyzing Reports View Reports Dropdown List on Current Reports ScreenChoosing Summary Report Action Current Report ConfigurationReport Summary Action Summary-Action Output TypesReport Detailed Action LimitationReport Size Archiving Reports Scheduling Using This FeatureCustom Reports Custom ReportsTime-only Schedule Settings Daily Schedule Settings Weekly Schedule Settings Monthly Schedule SettingsCustomer and Company Information Report and Template Generation and Management Company Information DialogCustom Reports Main Adding Reports Modifying ReportsAdding a Report Deleting Reports Modifying a ReportDeleting a Report Modifying Report Templates Generating Reports Report ResultTemplates Manager Modifying a Template Generated Html Report Example Report History Report HistoryReports radio button on the User Administration screen Licensing and AdministrationUser Administration for Custom Reports and SOX Reports Property Purpose Possible Values DefaultProperty Purpose Possible Values Default1 LimitationsSOX Compliance Reports SOX Reports within Custom Reports ManagerCommon Report Header Fields General Setup InstructionsReports and Acronyms Report Name AcronymReport Body Columns Cobit Objectives and Setup RequirementsHistory of Privilege Changes Report HPC HPC Report SampleAbnormal or Unauthorized Changes to Data Report AUC AUC Report SampleAbnormal Use of Service Accounts Report AUS AUS Report SampleAbnormal Termination of Database Activity Report ATD ATD Report SampleEnd of Period Adjustments Report EPA Settings Dialog for the EPA ReportEPA Report Sample Case AssumptionsVerification of Audit Settings Report VAS VAS Report SampleLicensing and Administration Archiving ReportsReport Size Verification of Audit Settings Report VAS Index