Fortinet FortiDB - Manual

FortiDB Version 3.2 Utilities User Guide 4 15-32000-81369-20081219 Auto Discovery Auto Discovery FortiDB MA provides the ability to search for, and establish connections to, databases on your network. Rather than manually entering all of the connection information, you can have FortiDB MA automatica...

Auto Discovery FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 5 Selecting Non-Standard Ports for Auto-Discovery 5 Click the Begin Discovery button. Results from Auto-Discovery

FortiDB Version 3.2 Utilities User Guide 6 15-32000-81369-20081219 DB2 Auto Discovery Discovered Database Information Populating Connection Form The process will automatically return: • Database Type and version • IP address (with port if applicable) • Database name/instance Once the Auto Discovery ...

FortiDB Version 3.2 Utilities User Guide 8 15-32000-81369-20081219 MS-SQL Connection Summary Connection Summary The Connection Summary utility allows you to see, by FortiDB MA module and in one place, a dashboard view of all of your database connections. Connection Summary Button Connection Summary ...

Rule Chaining MS-SQL FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 9 Rule Chaining The Rule Chaining module allows you to associate rules so that one, the source 1 rule, can influence the execution of another, the target 2 rule. Both rules are established with the same target datab...

Rule Chaining Chaining with Parameterized User-Defined Rules FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 11 After the database has been specified and you have clicked on [Add Item] , you will be presented with the Create Rule Chaining Settings page. Here, you need to: • Name the ...

FortiDB Version 3.2 Utilities User Guide 12 15-32000-81369-20081219 Chaining with Parameterized User-Defined Rules Rule Chaining General PUDR Steps The general step for creating a chain that uses a PUDR are: 1 In UBM, define an Object, User, or Session policy that will be your Source Rule. 2 In UBM,...

Rule Chaining Chaining with Parameterized User-Defined Rules FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 13 PUDR Eligible Rules Disabled Parameter Checkboxes If the chosen target rule cannot accept parameters, they will be grayed out. Validating the PUDR before Saving If one or m...

FortiDB Version 3.2 Utilities User Guide 14 15-32000-81369-20081219 Chaining with Parameterized User-Defined Rules Rule Chaining Chaining the UBM Policy and PUDR Together Associating a Source Rule That Can Pass parameters with a PUDR Example of Chaining to a PL/SQL-based PUDR In this Oracle PL/SQL k...

Rule Chaining Chaining with Parameterized User-Defined Rules FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 15 Policy Settings for Suspicious Login Time 2 Create a UBM Session Policy, our Source rule, in order to monitor BAD_GUY and generate an alert to trigger our Target rule, a PU...

Rule Chaining Chaining with Parameterized User-Defined Rules FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 17 Chained-Rule Alerts: (UBM Session Policy and PUDR) 5 Get an alert when the (the Session Policy) Source rule is violated. 6 Get another alert when the chained PUDR executes ...

FortiDB Version 3.2 Utilities User Guide 18 15-32000-81369-20081219 Chaining with Parameterized User-Defined Rules Rule Chaining SELECT username, osuser, terminal FROM v$session WHERE osuser = '$osusername' Multiple Source-Rule-Violation Behavior When using the Rule Chaining feature with PUDRs, you ...

FortiDB Version 3.2 Utilities User Guide 20 15-32000-81369-20081219 Alert Report Manager Report Manager Report Manager In order to access the FortiDB MA Report Manager module, click on the Report Manager link on the left-side navigator on the main FortiDB MA screen. The FortiDB MA Report Manager mod...

Report Manager Alert Report Manager FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 21 Setting a Timer-Based Schedule Deleting a Previously Set Timer Schedule You can delete a previously set Timer schedule by clicking on the Delete Timer button. Deleting a Timer Schedule Setting a Ca...

FortiDB Version 3.2 Utilities User Guide 22 15-32000-81369-20081219 Alert Report Manager Report Manager Setting a Calendar-Based Schedule Setting a Combined Schedule You can also specify a combined schedule which consists of both a timer- and a calendar-based schedule. Setting a Randomized Interval ...

Report Manager Alert Report Manager FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 23 Reporting by Time The Alert Report Manager module generates reports based on alerts generated by the various other modules. ARM: Reporting by Time ARM: Reporting by Time: Calendar Pop-up In order t...

FortiDB Version 3.2 Utilities User Guide 24 15-32000-81369-20081219 Alert Report Manager Report Manager New Reports Menu In the New Reports page, fill in the necessary data information that you want to show in the report. New Report Setting Screen (top)

Report Manager Alert Report Manager FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 27 Activating ARM In order to begin running scheduled reports, you should use the Reports->Status menu. Check the Yes checkbox and click the Save button. Status Menu Status Dialog Running and Analy...

FortiDB Version 3.2 Utilities User Guide 28 15-32000-81369-20081219 Alert Report Manager Report Manager Current Report Configuration In the row corresponding to your report of interest, you can choose which report version to preview via the Report History dropdown and you can specify report- specifi...

Report Manager Alert Report Manager FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 29 Report Detailed Action By clicking the [Detailed] Action] button, you can get to a screen provides detailed information for each alert. The Detailed Report gives specific information about each ale...

FortiDB Version 3.2 Utilities User Guide 30 15-32000-81369-20081219 Custom Reports Report Manager Custom Reports Custom Reports Using the open-source JasperReports library 1 , the Quartz scheduling librar 2 y, the chart generating Kavachart libra 3 ry, and the open-source iReport design too 4 l, you...

Report Manager Custom Reports FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 31 You can select: • Time only schedule • Daily schedule • Weekly schedule • Monthly schedule Time-only Schedule Settings Daily Schedule Settings You can have your reports run on a daily basis at a certain ...

FortiDB Version 3.2 Utilities User Guide 32 15-32000-81369-20081219 Custom Reports Report Manager Weekly Schedule Settings You can have your reports run on a weekly basis on day(s). Monthly Schedule Settings You can have your reports run on a monthly basis. Customer and Company Information You can h...

Report Manager Custom Reports FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 33 Company Information Dialog Report and Template Generation and Management Custom Reports Main Page From the Custom Reports main page, you can: • Add a report • Modify a report • Delete a report • Modify a...

FortiDB Version 3.2 Utilities User Guide 34 15-32000-81369-20081219 Custom Reports Report Manager • Generate a Report Adding Reports To add a new report, take the following steps: 1 Click on the Custom Reports Manager link on the left-side navigator or select from the top bar menu, Reports -> Cus...

Report Manager Custom Reports FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 35 Modifying a Report Deleting Reports 1 Select the report you want to delete. 2 Click the Delete Report button. The confirmation window displays. 3 Click the OK. Deleting a Report

FortiDB Version 3.2 Utilities User Guide 36 15-32000-81369-20081219 Custom Reports Report Manager Modifying Report Templates You can import your template ( *.jrxml) file and save it in the internal reports database. You can also export the template from the internal reports database and store it as ...

Report Manager Custom Reports FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 37 Templates Manager: Modifying a Template Page Generating Reports To generate a report, take the following steps: 1 From the Custom Reports Manager page, click the Generate Report button. 2 In the Template...

FortiDB Version 3.2 Utilities User Guide 38 15-32000-81369-20081219 Custom Reports Report Manager Generated HTML Report Example 1 Open Control Panel, and open Internet Options. 2 In the Internet Properties window, click the Security tab. 3 Select Trusted sites. 4 Click the Sites button. The Trusted ...

Report Manager Custom Reports FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 39 Report History Report History Report History allows you to: • View a list of previously generated reports • Regenerate a particular report • Delete reports or your entire report history

FortiDB Version 3.2 Utilities User Guide 40 15-32000-81369-20081219 Licensing and Administration Report Manager Licensing and Administration User Administration for Custom Reports and SOX Reports In order to enable a user to utilize the Custom Reports feature, select the Custom Reports radio button ...

Report Manager Licensing and Administration FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 41 Limitations The Custom Reports feature has this limitation: • The maximum number of bar-chart columns for each report is 15. If the data being presented requires more than 15 columns, no ba...

FortiDB Version 3.2 Utilities User Guide 42 15-32000-81369-20081219 SOX Compliance Reports Report Manager Description of Shipped Sample Report SOX Compliance Reports SOX Reports within Custom Reports Manager Page One type of Custom Reports is the Sarbanes-Oxley (SOX) Compliance reports. Alert Statst...

Report Manager SOX Compliance Reports FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 43 Reports and Acronyms This release includes these SOX reports: Common Report Header Fields Here are the common report-header fields for the current SOX reports. General Setup Instructions See the ...

FortiDB Version 3.2 Utilities User Guide 44 15-32000-81369-20081219 History of Privilege Changes Report (HPC) SOX Report Specifics SOX Report Specifics This section lists the COBIT objectives and descriptions, the FortiDB MA module-setup requirements, and individual-column detail for each report in ...

SOX Report Specifics Abnormal or Unauthorized Changes to Data Report (AUC) FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 45 Abnormal or Unauthorized Changes to Data Report (AUC) AUC Report Sample COBIT Objectives and Setup Requirements Report Body Columns The following columns are ...

FortiDB Version 3.2 Utilities User Guide 46 15-32000-81369-20081219 Abnormal Use of Service Accounts Report (AUS) SOX Report Specifics Abnormal Use of Service Accounts Report (AUS) AUS Report Sample COBIT Objectives and Setup Requirements Report Body Columns The following columns are displayed in th...

SOX Report Specifics Abnormal Termination of Database Activity Report (ATD) FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 47 Abnormal Termination of Database Activity Report (ATD) ATD Report Sample COBIT Objectives and Setup Requirements Report Body Columns The following columns ar...

SOX Report Specifics End of Period Adjustments Report (EPA) FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 49 Determining Your Reporting Period Reporting Period is the time frame surrounding a user-defined period-end day (PED). The reporting period extends a user-defined number of d...

FortiDB Version 3.2 Utilities User Guide 50 15-32000-81369-20081219 Verification of Audit Settings Report (VAS) SOX Report Specifics The resulting report period is July 24 until August 16, inclusive. Verification of Audit Settings Report (VAS) VAS Report Sample COBIT Objectives and Setup Requirement...

SOX Report Specifics Verification of Audit Settings Report (VAS) FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 51 Licensing and Administration For SOX Reports licensing and administration information, please refer to the FortiDB MA Administration Guide Limitations Report Size The r...

Index FortiDB Version 3.2 Utilities User Guide15-32000-81369-20081219 53 Index A activate 20Alert Behavior 17Alert Report Manager 20ARM 20 activating 27 Auto Discovery DB2 6 MS-SQL 6 Auto Discovery 4 C Calendar-based Schedule 21compliance 20Connection Summary 8Custom Report Properties 40Custom Repor...