Session-level policy examples
To help you understand session-level policies, Guardium provides a number of examples with descriptions. The examples include both the Guardium UI and SR language methods.
Understanding the UI examples
These examples might help you understand how to design and build session-level policies.
For the UI examples, each example describes the actions that you need to take on each ribbon to
re-create the example, as follows:
- For the Ignoring sessions example policy, start with creating and naming the
policy, as described in Creating session-level policies. Select
Session level policy and provide a name.
- Click the Rules ribbon and then click the
icon to open the Create New Rule window. For this policy, you need to provide only the name of the first rule.
- Click the
icon to open the Create New Rule window. From here, you can add session-level criteria.
Note: In the examples, the criteria are labeled as Session level criteria. For example, in Ignoring sessions example, this example is shown as:Session level criteria- Client IP address = 10.10.10.10
- Server IP address = 20.20.20.20
- Source application = JAVA%
Add criteria as needed by clicking the
near the last criterion.
Figure 1. Rule criteria UI example - When you are done adding criteria, click the Rule action ribbon, and then
click the
to begin adding actions.
Note: In the examples, the rule actions are labeled as Rule action. The example documentation describes only the criteria that you need to change for a specific example.Figure 2. Add new action UI example - When you are done, your new policy looks similar to the following policy,
Figure 3. Session level policy with rules and actions
In addition, each example includes an advanced session-level policy that is written in the SR language.
Mapping the SR language examples
In the SR language
examples, you can map the parameters (that is, parameter =
variable) directly to most UI examples. Take for example the following SR language
snippet:
SR_POLICIES
{
IF (CLIENT_IP = '10.10.10.10' SOURCE_PROGRAM = 'JAVA%' SERVER_IP = '20.20.20.20')
{
IGNORE_SESSION
}
IF (*)
{
IGNORE_SESSION PACKETS_LIMIT = 50
}
}
- CLIENT_IP criteria in the SR language maps to Client IP address in the UI
- SERVER_IP maps to Server IP address.
- SOURCE_PROGRAM maps to Source application.
{ IGNORE_SESSION }
code in the SR language maps to
the IGNORE SESSION rule action in the UI.In the Using session-level and advanced session-level policies, you can find the mappings between the SR language and UI elements.
In the guide, the UI name is generally on the left, and the
SR language name is on the right. The SR language name is
shown in parentheses. For example, looking at search parameters:
Request types available for actions with search parameters: LOGIN FAILED (LOGIN_FAILED) PREPARED STATEMENT (PREP_STAT) RPC (RPC) SQL (SQL) SQL ERROR (SQL_ERROR) SQL SUCCESS (SQL_SUCCESS)LOGIN FAILED in the UI maps to LOGIN_FAILED in the SR language, PREPARED STATEMENT in the UI maps to PREP_STAT in the SR language.