Rule does not trigger

If a rule with a value in the policy command field does not trigger as expected, reconfigure the rule.

Symptoms

Rules with a value in the policy Command field do not trigger as expected.

Causes

The cause is a misconfiguration in the command field. The Guardium parser does not consider the command modifiers to be a part of a command.

Environment

Guardium Collectors. The command field in the policy rule is also affected when it is used with wildcard (%).

Resolving the problem

The value in the Command field of the rule must match a value exactly that is shown in SQL Verb, plus a wildcard (%) as needed. This example is correct.
GRANT
GRANT%
This example is incorrect.
GRANT% TO PUBLIC
%GRANT% ADMIN OPTION%
ADMIN OPTION and TO PUBLIC do not match and cannot trigger a rule because the Guardium parser does not recognize them as a part of a command. Generally, the parser does not consider command modifiers to be part of a command. Instead, create a report to inspect the traffic that the policy monitors and include the SQL Verb field from the Command entity in that report. Anything that is listed in the SQL Verb field is recognized by the parser and can be used in the Command field of a policy rule. Several commands can be added to a group and the group can be used in the rule instead of a single command. In this case, each group member must match an entry in SQL Verb. Guardium includes several such command groups that you can use or clone.