Creating a Database Activity Policy
Policies allow you to create alerts based on security rules and database activity. If a policy is breached, the action you've selected (if any) will be executed, such as emailing a user, or submitting to AWS Security Hub.
To create a policy based on Security Rules click here.
To start creating your security rule policy select
Policiesin the left nav. Select the
New Policybutton to start.
Database Activityfrom the Alert Type dropdown.
Select the databases to be monitored by either choosing individual instances or by selecting tags to target any matching instances.
The criteria section describes when an alert will be opened. This is done by matching the current activity with the set of specified conditions, such as which user executed an activity, the database query which was ran or the time of execution. An arbitrary number of conditions can be grouped together using AND/OR logic to create more complex queries as needed.
The criteria use AND/OR logic so you can have multiple criteria set as part of your policy.
The delivery step determines where an alert will be sent after it is opened. By default, the email associated with the active account is listed as the destination.
Owner field allows alerts opened by this policy to set a user as the alert owner. This will cause the owner to be notified when an alert occurs within the application.
!!! note Alert storage indicates how long the alert is retained. By default, this is set at 1 month. Alerts older than the storage time will be marked for removal from the system.
Add a title, description and severity rating to your policy. The name is auto-filled based on the title entered.
The summary shows a condensed view of the specified settings for the policy. Click
Createto save the policy.
If you haven't already you can also create policies based on Security Rules.