Configure actions

The configure action is used to adjust analyzer settings or activate session-level policy features.

The configure (CONFIGURE) parameter accepts the following options:
  • ANALYZER_PARSER:<ON|OFF>

    Disable to require processing session-level criteria before invoking the parser, regardless of whether SQL criteria like command, object, or field are used in the policy.

  • CHARSET:guardium://char_set?<hint|force>=<int>

    Use alternative character set.

  • CREDENTIAL_STUFFING:<ON>|<[PMAX=<float>][,][CONFIDENCE=<float>]

    Start credential stuffing attack detector.

  • IFX_IGNORE:OFF

    Tell Informix analyzer to stop ignoring sessions.

  • IGNORED_FLAG:<ON|OFF>

    Enable to log sessions otherwise ignored with the following actions: DISCARD SESSION, SOFT DISCARD SESSION, LOG ACCESS ONLY, STOP LOG ACCESS ONLY, STOP SOFT DISCARD. This setting is not required with the LOG ACCESS ONLY action. The default value is OFF.

  • LOG_PARSER_ERRORS:<ON|OFF>

    Enable or disable logging parser errors. The default value is ON.

  • LOG_CONSTRUCT_ERRORS:<ON|OFF>

    Enable or disable logging construct errors. The default value is OFF.

  • MARK_BATCH:<ON|OFF>

    Enable to mark SQL execution as part of a batch. The default value is OFF.

  • ORA_BIND_TYPE:<SELECT|INSERT|UPDATE|DELETE>

    Oracle bind variable type.

  • ORA_CHECKSUM:<MD5|SHA1|SHA256|SHA384|SHA512|int>

    Type of Oracle hash used in Oracle data integrity.

  • ORA_SESSION_INFO:<session_info_string>

    Oracle session platforms.

  • ORA_TOKEN_OFFSET:<TNS314|TNS315>

    Token format for calculating Oracle statement size.

  • QUERY_REWRITE:<ON|OFF>

    Enable to attach or detach based on session-level criteria.

  • RAW_STATEMENT_MAP_SIZE:<integer>

    Change the number of raw statements stored in the analyzer. The default value is 1024 raw statements per session.

  • SELECTIVE_AUDIT:ON 

    Selective audit actions are triggered in analyzers before the parser/logger starts to receive session requests.

  • SERVER_DATA:[OFF]|[MAX_HITS=<integer>]|[CONFIDENCE=<integer>]|[EXFILTRATION=<integer>]
    Used in combination with other criteria, the SERVER_DATA criteria allows limiting the scope of extrusion rules to improve performance.
    • OFF - Turn off checking the criteria according to its CONFIGURE abilities.
    • MAX_HITS - Applies to regular expressions only and refers to the maximum number of pattern matches in a packet. The default value is 1, meaning SERVER_DATA is used as the usual criteria for finding at least one match.
    • CONFIDENCE - Applies to regular expressions only using the COUNT or VALUE flags, it refers to the number of checks before deciding that matches are not false positives. The default value is 1.
    • EXFILTRATION - Applies to regular expressions only and limits the number of hits per request. If the session is SENSITIVE, exceeding this limit may indicate exfiltration of sensitive data. In this case, SENSITIVE_DATA_EXFILTRATION is set.
  • SESSION_TRUST:<OFF>|<[LOW=<float>][,][HIGH=<float>]

    Exclude sessions from session trust evaluation or change LOW/HIGH trust limits.

  • STRICT_USERNAME:<replacement_value>

    Where <replacement_value> is any value that you choose. If Guardium finds a problem with the username, it is replaced with the specified value.

  • TDS_SWAP_LIMIT:<number between 10,000 and 100,000>

    MS SQL analyzer related to records affected calculation.

  • TYPE_STATUS:<ON|OFF>

    Disable to prevent logging sessions with artificial activities.