Database Audit With Logtitan SIEM
Logtitan SIEM enables 24/7 security monitoring and recording of specific database activity. Performing database log analysis empowers you to audit all access to your confidential or sensitive corporate data stored in databases. Auditing database logs also enhances your internal security framework by answering questions like who changed your critical data, when it was changed, and more. Logtitan SIEM assists ensures compliance with government regulations in respect of data stored in corporate databases, generation of regular reports on database actions, as well as analysis of security events.
Database objects that either hold user or company data, as well as procedures or logic that define the functionality of a system, and people with permission on these objects, can all manipulate the structure and thus become a reason for data corruption or data theft on a continuous basis. And none of this can be tracked if auditing is not enabled.
Auditing should be implemented for all important tables, views, procedures, database links, and runtime logical flows that control certain functionality for business applications.
Logtitan SIEM has many built in database audit monitoring rules and also it is easy yo develop that kind of rules.
- Monitor for specific usernames logging into unapproved databases
- Monitor for specific usernames accessing to unapproved database tables
- A user VPNs to the network and then accesses a DB which holds PI data, notify,
- Monitor database logins against terminated employee users,
- Monitor if a VPN Accounts Logged in a machine and if there is a request from this machine to a DB which holds PI data,
- Monitor password changes,
- Monitoring of unauthorized logon attempts.