Transcript

Expand

Welcome to IDERA Virtual Education for SQL Compliance Manager. Today I am going to show you how you can configure SQL Compliance Manager for sending simple network management protocol (SNMP) traps to other third-party systems. Now understand that SQL Compliance Manager is a great auditing tool. It allows you to configure auditing for a variety of different event types. Whether it is data manipulation language (DML) data definition language (DDL), admin activity, select operations logins, or failed logins. And to configure it at the instance level down to sensitive databases tables and even column level. So once we have SQL Compliance Manager configured and we are auditing. We may want to take some of that event data and push it to other security and event management systems or any other third party tools including ticketing systems. If those third-party tools are able to receive simple network management protocol (SNMP) traps, then we can configure SQL Compliance Manager to send traps to those systems. So to kick things off, here I am going to go ahead and open up one of my tools. Here the trap receiver. So let us pull that up. And we have that in the background. And we are basically putting this here. so we can send traps and do some quick testing. So you can see the event as it comes through. so next we are going to go back to SQL Compliance Manager and specifically the administration section. This is where we have a variety of different options for viewing change activity within the console. Looking at overall activity like services starting, creating access for different users to log into the product, and giving them read-only rights if they need it. And this is also where we can set up event filters and alert rules. So today what we are going to do to send simple network management protocol (SNMP) traps to other systems is to take advantage of the alert rules. So when I select the alert rules on the right-hand side, I definitely I have different options for alert notifications. I can alert on event types whether it is data definition language (DDL), whether it is data manipulation language (DML) activity select operations. I can also event on status of the architectural components. Like if we cannot communicate with an agent, we have not received a heartbeat in a while, or directories are filling up with event data. Then we can alert on that as well. And then the data as far as if someone is looking at sensitive data or if sensitive records are being changed. So those are some of the options we have for alert rule notifications. Now I have already created an alert rule for simple network management protocol (SNMP). So I have specifically honed in on my salary table of my payroll database. So let us go ahead and pull up that rule. And in my case I want to send simple network management protocol (SNMP) traps to another system. In this case my trap receiver application. If a select activity takes place. Now walking through this wizard will help you to very carefully define what it is that you want to send alert notifications or in this case simple network management protocol (SNMP) traps for. I have specifically focused on the instance of IDERA prod and also specifically the database payroll. I have also plugged in wildcard examples here. So that if you have multiple databases of the same name, we can also consider all of the databases that fall under those guidelines. And then also the same for tables. I have focused on the employee salary table including the use of wildcards. Something notable to mention is that you can use include or exclude. Because if you have a lot of databases with a similar name or a lot of tables with a similar name, you might want to do exclusion type filtering for ease of use. And then as we move forward, we have the ability to do additional a minor event filtering based on application login, access check, or privileged user. Finally, we select the alert actions that we want to configure an email, writing to the application event log, or sending simple network management protocol (SNMP) traps. I have selected all three of them. But we are going to focus again on the simple network management protocol (SNMP) traps. So clicking on the link at the very for simple network management protocol (SNMP) configuration. I can plug in the IP address, the port, and connection string for what will be my simple network management protocol (SNMP) trap receiver. In this case, I am pointing it at itself. You can also hit the test button to do a quick test to make sure that it is able to communicate. And sure enough we see that a response pops up in the screen that that trap was received. So going back to the console. Now we have set up the rule. We can give it a friendly name. set the severity ranking. And then select finish. Going over to Management Studio. Now if I go to my payroll database, select the employee salary table, and I will just do a real quick right-click. And select top 1000 rows. And it brings up the details of that table. And what will happen then is when SQL Compliance Manager does its regular processing of event activity. Which I am going to force it. It will happen every two minutes in this case. But we will go ahead and collect the audit data. And when we go to the trap receiver, we should see that it pops up a response. And sure enough there it is. And if we need to view the details, we can double click on that to see the different identifiers (IDs). And the information that has being passed relevant to that particular event. So it is as easy as that for setting up simple network management protocol (SNMP) integration to other systems. Hopefully this has been helpful. Feel free to go out to our website and download SQL Compliance Manager. You can also reach out to us if you have any questions. Our website is www.idera.com. Thank you.

Topics : Database Compliance,Database Security,

Products : SQL Compliance Manager,

How to Configure SNMP in SQL Compliance Manager

SQL Compliance Manager is a comprehensive auditing solution that uses policy-based algorithms to track changes to your SQL Server objects and data. SQL Compliance Manager gives you detailed visibility to determine who did “what”, “when”, “where”, and “how”, whether the event is initiated by privileged users or hackers.

SQL Compliance Manager also helps ensure compliance with regulatory and data security requirements such as SOX, PCI, GLBA, HIPAA(HITECH), and Basel l and II. SQL Compliance Manager goes beyond traditional auditing approaches by providing real-time monitoring, alerting, and auditing of all data access, selects, updates, schema modifications and permission changes to SQL Server databases. Learn More →

facebook  
Contact IDERA: