|
|
Rule Chaining | Chaining with Parameterized |
After the database has been specified and you have clicked on [Add Item], you will be presented with the Create Rule Chaining Settings page.
Here, you need to:
•Name the Rule Chain
•Select the policy you want to use as the Source Rule
•Select the target rule (Chained Rule) you want to execute, once the first rule had been violated.
•Specify whether you want the chain to run immediately upon
•Decide whether you want to immediat1ely enable the chain or not. Unless you check the Enable Chain? checkbox, the chain won't be in effect. This allows you to create the chain and then only use it when needed.
You can see the Module and the name of the available guarded items for all policies. For example, 'PM' or 'UBM' preceding the rule name indicates the PM, or UBM module, respectively.
After the Rule Chain is invoked, alerts will appear with those of other policies.
Note: For UBM policies, which are indicated in green, you can pass parameters from the Source Rule to the Chained Rule, if the latter is a Parameterized User- Defined Rule (PUDR) and if the Chain meets certain other conditions. For more information on how to create a PUDR see the FortiDB MA User Behavior Monitor (UBM) User Guide. For more information on using PUDRs in a chain, see Chaining with Parameterized
Chaining with Parameterized User-Defined Rules
Parameters, specific to the RDBMS type of your target database, can be passed from the source to the target in order to permit the target to perform specific tasks, such as to kill the session of a suspicious user.
The source rule can be a UBM User, Object, or Session Policy. The target rule can only be a
When there is a violation of the source rule, the target UDR gets executed, with the parameters passed from the source rule. An alert is generated both for the source violation and for the PUDR execution.
1.A module schedule will be overridden by a
FortiDB Version 3.2 Utilities | User Guide |
11 |
