This procedure describes how to schedule the audit processes and distribute the threat
analytics results for Suspected Malicious Stored Procedures and Suspected SQL Injection
cases.
About this task
Two preconfigured audit processes control the distribution of threat analytics reports to the
appropriate reviewers:
- Suspected malicious STP Cases
- Suspected SQL Injection Cases
Each process pulls out the suspected cases on one attack type. You can customize these
processes, or copy and create your own.
Procedure
-
Go to . Optionally filter the available audit processes by clicking the Inactive
only radio button or typing Suspected in the
Filter box.
The default task for this process is the corresponding report (Suspected malicious STP
Cases or Suspected SQL Injection Cases). Do not modify the
runtime parameters of these reports. However, you can add more tasks to this same audit process. For
example, you can add both the threat reports into a single audit process.
If you are defining these audit processes from a central manager, define a task for each
collector for which you want to see threat data and use the Remote Data
Source option.
-
Click Send results to define the audit process receivers who receive
reports on suspected malicious stored procedures.
-
Select the default receiver (user) and then click the
icon to define the appropriate receiver or receivers for your organization. When you are
finished, click OK.
-
Click Schedule audit process and review the schedule for the audit
process.
The recommendation is to run the process every day, every hour at 12:30 AM or later (after both
outliers and threat detection usually run). Note that the checkbox Auto run dependent
jobs has no effect for this task.
Important: Make sure that the Activate schedule checkbox is
checked.
-
Click Next and then click Save to finish working
with the audit process.