Skip to content

Creating a Database Activity Policy

Info

Policies allow you to create alerts based on security rules and database activity. If a policy is breached, the action you've selected (if any) will be executed, such as emailing a user, or submitting to AWS Security Hub.

To create a policy based on Security Rules click here.

Getting Started

  1. To start creating your security rule policy select Policies in the left nav. Select the New Policy button to start.

  2. Select Database Activity from the Alert Type dropdown.

  3. Select the databases to be monitored by either choosing individual instances or by selecting tags to target any matching instances.

  4. The criteria section describes when an alert will be opened. This is done by matching the current activity with the set of specified conditions, such as which user executed an activity, the database query which was ran or the time of execution. An arbitrary number of conditions can be grouped together using AND/OR logic to create more complex queries as needed.

    The criteria use AND/OR logic so you can have multiple criteria set as part of your policy.

  5. The delivery step determines where an alert will be sent after it is opened. By default, the email associated with the active account is listed as the destination.

The Owner field allows alerts opened by this policy to set a user as the alert owner. This will cause the owner to be notified when an alert occurs within the application.

!!! note
    Alert storage indicates how long the alert is retained. By default, this is set at 1 month. Alerts older than the storage time will be marked for removal from the system.

  1. Add a title, description and severity rating to your policy. The name is auto-filled based on the title entered.

  2. The summary shows a condensed view of the specified settings for the policy. Click Create to save the policy.

Next Steps

If you haven't already you can also create policies based on Security Rules.