Ignore specified users example (MongoDB)
This example ignores all requests that belong to the MongoDB users NO_AUTH and _SYSTEM.
MongoDB allows users to connect to the database without authentication. When a user logs in, it is NO_AUTH. If authentication never occurs, then it is just an extra record for each connection in the tables.
In another scenario, the user uses data security policies, which ignore S-TAP sessions.
In this case, the data security policy ignores the NO_AUTH username. When the data security policy receives the real username, it is too late to not ignore. This session-level policy th avoids forwarding such connections only sessions to Logger, so the security policy does not ignore relevant sessions.
- Session level criteria:
- Database user
Not in Group, where Group type =
USERS
Members = A list of the users to ignore (that is, NO_AUTH and _SYSTEM).
- Subnet mask = 255.255.255.0
- Database user
Not in Group, where Group type =
USERS
- Rule action: SELECT SESSION
SR language example
SR_POLICIES {
IF (DB_USER != ('',1) DB_TYPE = 'MONGODB' )
{
SELECT_SESSION
}
GROUP_ID = 1 SIZE = 2
{
'NO_AUTH' '__SYSTEM'
}
}