Database Audit Overview
Database Audit is an auditing product independently developed by Tencent Cloud that can provide professional, efficient, comprehensive, and real-time monitoring of database security. It enables real-time logging of Tencent Cloud database activities, performs compliance management for database operations through fine-grained audit, triggers alarms when the database experiences risky behaviors, and records database risky behaviors such as database SQL injection and abnormal operations. It provides comprehensive security diagnosis and management features for your cloud database to improve data asset security.
Database Audit can help you handle the following risks:
Audit risks: difficulty in tracing and locating security events due to incomplete audit logs; inability to meet the requirements defined by China's Cybersecurity Classified Protection Certification (Level 3); inability to meet the compliance documentation requirements for industry information security
Management risks: misoperations, operations against rules, and unauthorized operations by technical staff that damage the safe operation of business systems; misoperations, malicious operations, and tampering by third-party development and maintenance personnel; excessive permissions granted to the super admin, which cannot be audited and monitored
Technical challenges: database system SQL injections that maliciously pull data from databases and tables; inability to troubleshoot the sudden increase in database requests that are not slow queries
Audit Advantages
Comprehensive audit
Database access and SQL statement execution are comprehensively recorded to meet user audit requirements and guarantee database security to the maximum extent.
Efficient audit
Unlike the bypass audit method, Tencent Cloud database makes records through database kernel plugins for accurate recording.
Long-term storage
Users can store logs for a long period according to business needs, meeting compliance regulation requirements.
Architecture feature
A multi-point deployment architecture is adopted to ensure service availability. Logs are recorded in a streaming manner to prevent tampering. Multi-replica storage is adopted to ensure data reliability.
Detailed Explanation of Rule-based Audit
Audit Rule Methods
Full audit: performs a comprehensive audit of database access statements and execution status.
Rule-based audit: supports setting audit rules for attributes such as SQL type, database name, collection name, client IP, and username in the MongoDB database, and auditing partial execution statements based on audit rules.
Rule-based Audit Operations
The relationship between different SQL types within each rule is AND (&&). The SQL types are additional restrictive conditions.
The relationship between rules is OR (||). Each instance can specify one or more audit rules, and as long as it meets any one rule, it should be audited. For example, if Rule A specifies auditing operations of user1 with execution time greater than or equal to 1 second, and Rule B specifies auditing statements of user1 with execution time less than 1 second, then all statements of user1 will be audited.
Description of Database Names
If the statement belongs to the following table object types:
SQLCOM_SELECT, SQLCOM_CREATE_TABLE, SQLCOM_CREATE_INDEX, SQLCOM_ALTER_TABLE,SQLCOM_UPDATE, SQLCOM_INSERT, SQLCOM_INSERT_SELECT, SQLCOM_DELETE, SQLCOM_TRUNCATE, SQLCOM_DROP_TABLE
For this type of action, the database name is subject to the database name for actual operation in the statement. For example, the current database is use db3, and the statement is:
select *from db1.test,db2.test;
db1 and db2 are used as the target databases for rule determination. If the rule configuration requires auditing db1, auditing will be performed. If the rule configuration requires auditing db3, auditing will not be performed. If the statement does not belong to the object types in the table above, the current use database is used as the target database for determination. For example, if the current database is use db1 and the execution statement is show databases, then db1 is used as the target database for rule determination. If the rule configuration requires auditing db1, auditing will be performed.
Version Description
Currently, TencentDB for MongoDB 4.0, 4.2, 4.4, 5.0, 6.0, and 7.0 support instance auditing.
Billing Instructions
Database Audit is charged in pay-as-you-go mode based on the audit log storage size. The billing cycle is one hour. If the duration is less than one hour, the fee will be charged by one hour.
|
China (including financial regions) | 0.00147059 |
Other countries and regions | 0.00220588 |
Audit Notes
After the audit service of the cloud database (pay-as-you-go) is enabled, the audit service will be disabled when the user releases the cloud database, and the logs will be automatically deleted and cannot be retrieved.
After the audit service of the cloud database (monthly subscription) is enabled, the audit service will be disabled when the user releases the cloud database or it is released upon expiration, and the logs will be automatically deleted and cannot be retrieved.