Ignore specified users example (MongoDB)

This example ignores all requests that belong to the MongoDB users NO_AUTH and _SYSTEM.

MongoDB allows users to connect to the database without authentication. When a user logs in, it is NO_AUTH. If authentication never occurs, then it is just an extra record for each connection in the tables.

In another scenario, the user uses data security policies, which ignore S-TAP sessions.

In this case, the data security policy ignores the NO_AUTH username. When the data security policy receives the real username, it is too late to not ignore. This session-level policy th avoids forwarding such connections only sessions to Logger, so the security policy does not ignore relevant sessions.

  • Session level criteria:
    • Database user Not in Group, where Group type = USERS

      Members = A list of the users to ignore (that is, NO_AUTH and _SYSTEM).

    • Subnet mask = 255.255.255.0
  • Rule action: SELECT SESSION

SR language example

SR_POLICIES {
    IF (DB_USER != ('',1) DB_TYPE = 'MONGODB' )
    {
      SELECT_SESSION
    }
   GROUP_ID = 1 SIZE = 2
   {
     'NO_AUTH' '__SYSTEM'
   }
}