Abnormal Use of Service Accounts Report AUS | Fortinet FortiDB

Abnormal Use of Service Accounts Report (AUS)

SOX Report Specifics

Abnormal Use of Service Accounts Report (AUS)

AUS Report Sample

COBIT Objectives and Setup Requirements

Objective		FortiDB MA Module
Number(s)	Objective Description	Setup Requirement

DS5.3	Database transactions from unauthorized sources	PM: using the Audit data
	are tracked and reviewed by IT Management on a	retrieval method
	weekly basis.	MM: using the Audit data
		MM: using the Audit data
		retrieval method
		UBM: Object or User
		policies

Report Body Columns

The following columns are displayed in the report body:

Column	Description

User ID	The ID of the database user that conducted the flagged activity.

Terminal Name	The terminal IP address or name.

Origin Application	The name, or other identifier, for the originating application, if the activity
	originated from an external application or from an application server.

# of Actions	The number of actions attempted by the account associated with the User ID.

Time Stamp	The exact time the flagged activity was conducted.

	Note: If you are using an Oracle internal database and use the Limit Rows
	checkbox in the report's Settings dialog in order to limit the number of report
	rows, the limit that you specify applies to the number of actions and not to the the
	number of rows.

	FortiDB Version 3.2 Utilities User Guide
46	15-32000-81369-20081219

Image 48

Fortinet FortiDB manual Abnormal Use of Service Accounts Report AUS, AUS Report Sample

Contents

Utilities User Guide FortiDB Utilities User Guide Trademarks Table of Contents Index FortiDB MA Utilities Auto Discovery Selecting Addresses for Auto-Discovery Selecting Non-Standard Ports for Auto-Discovery Results from Auto-Discovery MS-SQL Discovered Database Information Populating Connection Form MS-SQL Connection Summary Connection Summary Button Connection Summary Output Rule Chaining Setting Screen Rule Chaining Rule Chaining Chaining with Parameterized User-Defined Rules Parameterized User-Defined Rule Flow Diagram General Pudr Steps Disabled Parameter Checkboxes Validating the Pudr before Saving Item Setting for Session Policy Example of Chaining to a PL/SQL-based Pudr Policy Settings for Suspicious Login Time Immediate Table Columns That Could Appear in Alerts Chained-Rule Alerts UBM Session Policy and PudrResulting Killed Session Multiple Source-Rule-Violation Behavior DB Example Rule Chaining Setting a Report Schedule Setting a Timer-based ScheduleAlert Report Manager Deleting a Previously Set Timer Schedule Setting a Calendar-based ScheduleSetting a Timer-Based Schedule Deleting a Timer Schedule Setting a Combined Schedule Setting a Randomized IntervalSetting a Calendar-Based Schedule Setting a Randomized Interval Reporting by Time Enabling Email RecipientsSpecifying Report Parameters ARM Reporting by Time ARM Reporting by Time Calendar Pop-up New Report Setting Screen top New Reports Menu New Report Setting Screen bottom Saved and Enabled Report Using the Select Checkbox to Affect Multiple Reports Activating ARM Running and Analyzing ReportsStatus Menu Status Dialog View Reports Dropdown List on Current Reports Screen Current Report Configuration Report Summary ActionChoosing Summary Report Action Summary-Action Output Types Report Detailed Action LimitationReport Size Archiving Reports Using This Feature Custom ReportsScheduling Custom Reports Time-only Schedule Settings Daily Schedule Settings Weekly Schedule Settings Monthly Schedule SettingsCustomer and Company Information Report and Template Generation and Management Company Information DialogCustom Reports Main Adding Reports Modifying ReportsAdding a Report Deleting Reports Modifying a ReportDeleting a Report Modifying Report Templates Generating Reports Report ResultTemplates Manager Modifying a Template Generated Html Report Example Report History Report History Licensing and Administration User Administration for Custom Reports and SOX ReportsReports radio button on the User Administration screen Property Purpose Possible Values Default Property Purpose Possible Values Default1 Limitations SOX Compliance Reports SOX Reports within Custom Reports Manager General Setup Instructions Reports and AcronymsCommon Report Header Fields Report Name Acronym Cobit Objectives and Setup Requirements History of Privilege Changes Report HPCReport Body Columns HPC Report Sample Abnormal or Unauthorized Changes to Data Report AUC AUC Report Sample Abnormal Use of Service Accounts Report AUS AUS Report Sample Abnormal Termination of Database Activity Report ATD ATD Report Sample End of Period Adjustments Report EPA Settings Dialog for the EPA ReportEPA Report Sample Case Assumptions Verification of Audit Settings Report VAS VAS Report Sample Licensing and Administration Archiving ReportsReport Size Verification of Audit Settings Report VAS Index