Session-level policy examples

To help you understand session-level policies, Guardium provides a number of examples with descriptions. The examples include both the Guardium UI and SR language methods.

Understanding the UI examples

These examples might help you understand how to design and build session-level policies.

For the UI examples, each example describes the actions that you need to take on each ribbon to re-create the example, as follows:
  1. For the Ignoring sessions example policy, start with creating and naming the policy, as described in Creating session-level policies. Select Session level policy and provide a name.

    From the Name and properties ribbon, select Session level policy, and provide a policy name.

  2. Click the Rules ribbon and then click the New icon icon to open the Create New Rule window. For this policy, you need to provide only the name of the first rule.

    Session level policy - Rule definition ribbon.

  3. Click the New icon icon to open the Create New Rule window. From here, you can add session-level criteria.
    Note: In the examples, the criteria are labeled as Session level criteria. For example, in Ignoring sessions example, this example is shown as:
    Session level criteria
    • Client IP address = 10.10.10.10
    • Server IP address = 20.20.20.20
    • Source application = JAVA%

    Add criteria as needed by clicking the New icon near the last criterion.

    Figure 1. Rule criteria UI example
    Select criteria for this policy.
  4. When you are done adding criteria, click the Rule action ribbon, and then click the New icon to begin adding actions.
    Note: In the examples, the rule actions are labeled as Rule action. The example documentation describes only the criteria that you need to change for a specific example.
    Figure 2. Add new action UI example
    Select and define rule actions.
  5. When you are done, your new policy looks similar to the following policy,
    Figure 3. Session level policy with rules and actions
    Sample session-level policy

In addition, each example includes an advanced session-level policy that is written in the SR language.

Mapping the SR language examples

In the SR language examples, you can map the parameters (that is, parameter = variable) directly to most UI examples. Take for example the following SR language snippet:
SR_POLICIES
{
        IF (CLIENT_IP = '10.10.10.10' SOURCE_PROGRAM = 'JAVA%' SERVER_IP = '20.20.20.20')
        {
                IGNORE_SESSION
        }
        IF (*)
        {
                IGNORE_SESSION PACKETS_LIMIT = 50
        }
}
  • CLIENT_IP criteria in the SR language maps to Client IP address in the UI
  • SERVER_IP maps to Server IP address.
  • SOURCE_PROGRAM maps to Source application.
In addition, the { IGNORE_SESSION } code in the SR language maps to the IGNORE SESSION rule action in the UI.

In the Using session-level and advanced session-level policies, you can find the mappings between the SR language and UI elements.

In the guide, the UI name is generally on the left, and the SR language name is on the right. The SR language name is shown in parentheses. For example, looking at search parameters:
Request types available for actions with search parameters:

    LOGIN FAILED (LOGIN_FAILED)
    PREPARED STATEMENT (PREP_STAT)
    RPC (RPC)
    SQL (SQL)
    SQL ERROR (SQL_ERROR)
    SQL SUCCESS (SQL_SUCCESS)
LOGIN FAILED in the UI maps to LOGIN_FAILED in the SR language, PREPARED STATEMENT in the UI maps to PREP_STAT in the SR language.