1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Software
  5. FortiDB
  6. User manual

Fortinet FortiDB User Manual

Fortinet database security system user guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Utilities User Guide
FortiDB
Version 3.2
www.fortinet.com

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiDB

Summary of Contents for Fortinet FortiDB

  • Page 1 Utilities User Guide FortiDB Version 3.2 www.fortinet.com...
  • Page 2 December 19, 2008 15-32000-81369-20081219 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

  • Page 3: Table Of Contents

    Custom Report Properties ...40 SOX Compliance Reports...42 Reports and Acronyms ...43 Common Report Header Fields ...43 SOX Report Specifics ... 44 History of Privilege Changes Report (HPC)...44 COBIT Objectives and Setup Requirements ...44 FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...
  • Page 4 Report Body Columns ...48 Determining Your Reporting Period...49 Verification of Audit Settings Report (VAS) ...50 COBIT Objectives and Setup Requirements ...50 Report Body Columns ...50 Licensing and Administration...51 Index ... 53 Table of Contents FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 5: Fortidb Ma Utilities

    FortiDB MA Utilities FortiDB MA Utilities FortiDB MA provides several utilities to help you use other modules: • Auto Discovery to ease the burden of manually setting up database connections • Connection Summary to show which database connections are Open or are Open and Running •...

  • Page 6: Auto Discovery

    Auto Discovery FortiDB MA provides the ability to search for, and establish connections to, databases on your network. Rather than manually entering all of the connection information, you can have FortiDB MA automatically discover it for you. Selecting Addresses for Auto-Discovery In order to use this feature: Select the Database->New menu, and click the Auto Discovery button on the...
  • Page 7 Auto Discovery Selecting Non-Standard Ports for Auto-Discovery Click the Begin Discovery button. Results from Auto-Discovery FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 8: Db2

    The additional required and recommended fields will need to be completed manually. (See the FortiDB MA Administration Guide for more information on setting up connections) Auto Discovery does not return the database name and version for DB2 UDB with V8 Fix Pack 10.
  • Page 9 • Destined for port 1434 Note: FortiDB MA sends a packet to port 1434, which MSSQL uses in order to return information about itself such as instance name, version, etc. (Even though this is an MSSQL-specific port number, FortiDB MA uses it for all Auto-Discovery- related transmissions.)

  • Page 10: Connection Summary

    MS-SQL Connection Summary The Connection Summary utility allows you to see, by FortiDB MA module and in one place, a dashboard view of all of your database connections. Connection Summary Button Connection Summary Output Connection Summary FortiDB Version 3.2 Utilities User Guide...

  • Page 11: Rule Chaining

    The Rule Chaining module allows you to associate rules so that one, the source rule, can influence the execution of another, the target established with the same target database. FortiDB MA offers two types of chained-rule pairs: • Rule pairs in which there are no parameters passed. (In this case, you may...
  • Page 12 • View/Modify item (make changes to an existing chain) • Enable item (a chain does not have to be enabled when it is created) • Disable item Rule Chaining Setting Screen Rule Chaining FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 13: Chaining With Parameterized User-Defined Rules

    Defined Rule (PUDR) and if the Chain meets certain other conditions. For more information on how to create a PUDR see the FortiDB MA User Behavior Monitor (UBM) User Guide. For more information on using PUDRs in a chain, see...

  • Page 14: General Pudr Steps

    • If a rule is chained, FortiDB MA fetches the information on the chain relationship FortiDB MA checks to see if the source rule is to be run immediately or not. FortiDB MA checks to see if the chained rule is a PUDR vs. a regular policy If a regular UDR, FortiDB MA runs the UDR without passing any variables.

  • Page 15: Pudr Eligible Rules

    PUDR Eligible Rules If the chosen target rule cannot accept parameters, they will be grayed out. If one or more variables selected do not appear in the PUDR, FortiDB MA presents a warning message. FortiDB Version 3.2 Utilities User Guide...

  • Page 16: Chaining The Ubm Policy And Pudr Together

    Example of Chaining to a PL/SQL-based PUDR In this Oracle PL/SQL kill-session example, we: Create a DB user, BAD_GUY, whose session we will monitor, in our Oracle target database. Item Setting for Session Policy FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...
  • Page 17 Create a Target PUDR, in the UBM module, which will contain the following kill- session code. That code, in turn, will accept our passed Session ID parameter (shown in red): FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Chaining with Parameterized User-Defined Rules...
  • Page 18 ' [Program]'||program) ; (SYSDATE,'YYYY/MM/DD HH24:MI:SS') || ' A suspicious session is not found at this moment.'); Login as BAD_GUY at an "abnormal" time (Here, that is anytime except between 3 and 4 AM) Rule Chaining FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 19: Alert Behavior

    For example using Oracle, v$session has over 40 columns, so instead of this statement: SELECT * FROM v$session WHERE osuser = '$osusername' you might want to use one with specific columns, like: FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Chaining with Parameterized User-Defined Rules Chained-Rule Alerts: (UBM Session Policy and PUDR)

  • Page 20: Pudr Alert Behavior With Multiple Select-List Objects In The Violating Sql Statement

    In this case, two source-rule alerts should show up but only one PUDR (target rule) alert. FortiDB MA can detect, and alert on, only the first item in a multiple-object SELECT list. For example, assume you have created a user policy which gets violated by a user's executing: SELECT * FROM vje.test, vje.test1...
  • Page 21 Rule Chaining In this case, the alert will be generated only for first object in the SELECT list; namely: vje.test. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Chaining with Parameterized User-Defined Rules...

  • Page 22: Report Manager

    By default, reports will run every 24 hours. You must click on the Set Timer button to activate this, however. In order to access the FortiDB MA Report Manager module, click on the Report Manager link on the left-side navigator on the main FortiDB MA screen.
  • Page 23 Saturday at 2 am. Click on the Add Schedule button at the bottom of the Add Schedule popup screen in order to save the settings. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Setting a Timer-Based Schedule...
  • Page 24 (However, the average of all of the random-number-calculated intervals will, over time and after a sufficient number of monitoring, be equal to your specified interval.) FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 25: Reporting By Time

    Enabling Email Recipients Please see the FortiDB MA Administration Guide for a discussion of this topic. Specifying Report Parameters You can begin designing reports via the Reports -> New Reports menu.
  • Page 26 Alert Report Manager Report Manager New Reports Menu In the New Reports page, fill in the necessary data information that you want to show in the report. New Report Setting Screen (top) FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...
  • Page 27 Alert Status (handled, acknowledged, or not) • Alert Severity (Critical, Informational, etc.) • FortiDB MA module from which you want to see the alert report • Database you are assessing • Rule type you want to use to assess vulnerabilities ) •...
  • Page 28 You can Delete, Enable, or Disable one or more reports from the Current Reports screen using the [Delete], [Enable], or [Disable] buttons, respectively. To perform these operations all of the reports in your list, check the Select checkbox in the column-header row first. Report Manager FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 29: Activating Arm

    Running and Analyzing Reports You may elect to see all reports, or just those created since a specified number of days have occurred, by using the View Reports dropdown. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Status Menu Status Dialog...
  • Page 30 You can choose among the output types shown above. If you can’t export your report to your local machine, you might need to change your Internet Options settings. Please see a note in Report Result section. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...
  • Page 31 You will not be able to generate the same reports after you archive as you were able to prior to archiving, since reports are not archived. Note: The FortiDB MA Administrative user must explicitly assign one or more of the above Report Manager roles in order for users to be able to run and view these reports.

  • Page 32: Custom Reports

    FortiDB MA Report Manager. As an example, FortiDB MA is shipping with an Alert Statistics Report and Template, produced by the above tools and libraries. Reports can be generated in PDF, HTML, or Excel format.
  • Page 33 Time only schedule • Daily schedule • Weekly schedule • Monthly schedule You can have your reports run on a daily basis at a certain time. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Time-only Schedule Settings Daily Schedule Settings Custom Reports...

  • Page 34: Customer And Company Information

    To set a customer and company information, click the Customer and Company Information link from the left-side navigation menu or go to Set Defaults -> Customer and Company Information from the top menu. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 35: Report And Template Generation And Management

    From the Custom Reports main page, you can: • Add a report • Modify a report • Delete a report • Modify a report's template FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Company Information Dialog Custom Reports Main Page Custom Reports...
  • Page 36 Reports -> Custom Reports Manager. Select the report you want to modify. Click the Modify Report button. The Modify Report dialog displays. Modify your report name and/or description. Click the Modify Report button. Report Manager FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...
  • Page 37 Report Manager Deleting Reports Select the report you want to delete. Click the Delete Report button. The confirmation window displays. Click the OK. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Modifying a Report Deleting a Report Custom Reports...
  • Page 38 Click on the Manage Template(s) button on the Custom Reports Manager page in order to bring up the Templates Manager page, where you can add, modify, delete templates as well as set your default template. Templates Manager: Adding a Template Page FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 39: Generating Reports

    Report Result You can display your report in PDF, Excel, Tab delimited, or Comma delimited formats. You can also export your report and save in your local computer. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Templates Manager: Modifying a Template Page •...
  • Page 40 Select Trusted sites. Click the Sites button. The Trusted sites dialog displays. Enter URL of FortiDB host server (for example, http://myserver.mydomain.com). If you enter a URL with http:// prefix, you need to uncheck Require server verification (https: ) for all sites in this zone check box.

  • Page 41: Report History

    Report Manager Report History Report History allows you to: • View a list of previously generated reports • Regenerate a particular report • Delete reports or your entire report history FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Report History Custom Reports...

  • Page 42: Licensing And Administration

    Reports radio button on the User Administration screen. Note: Selecting SOX Reports will automatically enable Custom Reports. The FortiDB MA license file excerpt shown above includes a license to use the Custom Reports and SOX Reports features. The following Custom report-related properties are available in the dssConfig.properties:...
  • Page 43 FortiDB MA Custom Reports database Initial value when FortiDB MA is installed. Note: FortiDB MA has set up what it considers optimal Quartz-library schedule settings in reportmanager.properties. If you wish to set your own, see http://www.opensymphony.com/quartz/. Limitations The Custom Reports feature has this limitation: •...

  • Page 44: Sox Compliance Reports

    Report statistics include: total alerts for database, and total records at the end of report. SOX Reports within Custom Reports Manager Page One type of Custom Reports is the Sarbanes-Oxley (SOX) Compliance reports. Report Manager FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 45: Reports And Acronyms

    Here are the common report-header fields for the current SOX reports. Customer Name Generated by: Date Created: Period-end: W/P Reference: General Setup Instructions See the FortiDB MA Administration Guide FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Report Name Field Description Indicates the title or name of the Customer producing the report.

  • Page 46: Sox Report Specifics

    History of Privilege Changes Report (HPC) SOX Report Specifics This section lists the COBIT objectives and descriptions, the FortiDB MA module-setup requirements, and individual-column detail for each report in this release. History of Privilege Changes Report (HPC) COBIT Objectives and Setup Requirements...

  • Page 47: Abnormal Or Unauthorized Changes To Data Report (Auc)

    Settings dialog in order to filter out the other action types You can also distinguish (un)authorized users by defining a User ID filter in the Settings dialog. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Abnormal or Unauthorized Changes to Data Report (AUC)

  • Page 48: Abnormal Use Of Service Accounts Report (Aus)

    SOX Report Specifics FortiDB MA Module Setup Requirement PM: using the Audit data retrieval method MM: using the Audit data retrieval method UBM: Object or User policies FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 49: Abnormal Termination Of Database Activity Report (Atd)

    Action Type The action that was attempted, butt failed to fully process or transact. The action might be, for example, an INSERT, UPDATE, DELETE, logon, or logoff. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Abnormal Termination of Database Activity Report (ATD)

  • Page 50: End Of Period Adjustments Report (Epa)

    The following columns are displayed in the report body: Description The ID of the database user that conducted the flagged activity. SOX Report Specifics FortiDB MA Module Setup Requirement UBM object policies, focusing on tables containing financial data. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 51: Determining Your Reporting Period

    PED is the first day of August b) the reporting period is (Aug 1)- 8 days until (Aug 1) + 15 days Conclusion: FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 End of Period Adjustments Report (EPA)

  • Page 52: Verification Of Audit Settings Report (Vas)

    2. For tracking audit activity with the UBM module, run the following commands: audit system audit; audit audit system; audit audit any; and then Close and Open your database connection in UBM. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 53: Licensing And Administration

    Archiving Reports You will not be able to generate the same reports after you archive as you were able to prior to archiving, since reports are not archived. FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Verification of Audit Settings Report (VAS)
  • Page 54 Verification of Audit Settings Report (VAS) SOX Report Specifics FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

  • Page 55: Index

    DB2 6 dssConfig.properties 7, 40 license 40 Licensing 40 policy 11, 12, 18, 47 privilege 44 property 7 FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219 Randomized Interval 22 Report Detailed 29 Report History 39 Report Manager 20 Report Result 37...
  • Page 56 Index FortiDB Version 3.2 Utilities User Guide 15-32000-81369-20081219...

Table of Contents