General Pudr Steps | Fortinet FortiDB guide

Chaining with Parameterized User-Defined Rules

Rule Chaining

General PUDR Steps

The general step for creating a chain that uses a PUDR are:

1In UBM, define an Object, User, or Session policy that will be your Source Rule.

2In UBM, define a PUDR that will be your Target Rule

3In the Rule Chaining module, define a chain which associates the UBM policy and the PUDR.

PUDR Process

Parameterized User-Defined Rule Flow Diagram

The PUDR process involves these steps.

1The source rule is violated and an alert is generated.

2FortiDB MA determines if there is a PUDR that is chained to the source rule.

•If a rule is chained, FortiDB MA fetches the information on the chain relationship

3FortiDB MA checks to see if the source rule is to be run immediately or not.

4FortiDB MA checks to see if the chained rule is a PUDR vs. a regular policy

aIf a regular UDR, FortiDB MA runs the UDR without passing any variables.

bIf the rule is a PUDR and is set to be run immediately, FortiDB MA passes the parameters defined in the rule chain to the PUDR.

cIf the rule is a PUDR and is set to be run with the schedule settings of the source rule, FortiDB MA indicates that parameters have to be passed for the successful execution of the PUDR.

5An alert is generated for the PUDR.

	FortiDB Version 3.2 Utilities User Guide
12	15-32000-81369-20081219

Image 14

Fortinet FortiDB manual General Pudr Steps, Parameterized User-Defined Rule Flow Diagram

Contents

Utilities User Guide FortiDB Utilities User Guide Trademarks Table of Contents Index FortiDB MA Utilities Auto Discovery Selecting Addresses for Auto-Discovery Selecting Non-Standard Ports for Auto-Discovery Results from Auto-Discovery MS-SQL Discovered Database Information Populating Connection Form MS-SQL Connection Summary Connection Summary Button Connection Summary Output Rule Chaining Setting Screen Rule Chaining Rule Chaining Chaining with Parameterized User-Defined Rules Parameterized User-Defined Rule Flow Diagram General Pudr Steps Disabled Parameter Checkboxes Validating the Pudr before Saving Item Setting for Session Policy Example of Chaining to a PL/SQL-based Pudr Policy Settings for Suspicious Login Time Immediate Resulting Killed Session Table Columns That Could Appear in AlertsChained-Rule Alerts UBM Session Policy and Pudr Multiple Source-Rule-Violation Behavior DB Example Rule Chaining Alert Report Manager Setting a Report ScheduleSetting a Timer-based Schedule Setting a Timer-Based Schedule Deleting a Previously Set Timer ScheduleSetting a Calendar-based Schedule Deleting a Timer Schedule Setting a Calendar-Based Schedule Setting a Combined ScheduleSetting a Randomized Interval Setting a Randomized Interval Specifying Report Parameters Reporting by TimeEnabling Email Recipients ARM Reporting by Time ARM Reporting by Time Calendar Pop-up New Report Setting Screen top New Reports Menu New Report Setting Screen bottom Saved and Enabled Report Using the Select Checkbox to Affect Multiple Reports Status Menu Status Dialog Activating ARMRunning and Analyzing Reports View Reports Dropdown List on Current Reports Screen Choosing Summary Report Action Current Report ConfigurationReport Summary Action Summary-Action Output Types Report Size Archiving Reports Report Detailed ActionLimitation Scheduling Using This FeatureCustom Reports Custom Reports Time-only Schedule Settings Daily Schedule Settings Customer and Company Information Weekly Schedule SettingsMonthly Schedule Settings Custom Reports Main Report and Template Generation and ManagementCompany Information Dialog Adding a Report Adding ReportsModifying Reports Deleting a Report Deleting ReportsModifying a Report Modifying Report Templates Templates Manager Modifying a Template Generating ReportsReport Result Generated Html Report Example Report History Report History Reports radio button on the User Administration screen Licensing and AdministrationUser Administration for Custom Reports and SOX Reports Property Purpose Possible Values Default Property Purpose Possible Values Default1 Limitations SOX Compliance Reports SOX Reports within Custom Reports Manager Common Report Header Fields General Setup InstructionsReports and Acronyms Report Name Acronym Report Body Columns Cobit Objectives and Setup RequirementsHistory of Privilege Changes Report HPC HPC Report Sample Abnormal or Unauthorized Changes to Data Report AUC AUC Report Sample Abnormal Use of Service Accounts Report AUS AUS Report Sample Abnormal Termination of Database Activity Report ATD ATD Report Sample EPA Report Sample End of Period Adjustments Report EPASettings Dialog for the EPA Report Case Assumptions Verification of Audit Settings Report VAS VAS Report Sample Report Size Licensing and AdministrationArchiving Reports Verification of Audit Settings Report VAS Index