Activating the audit process workflow for threat analytics
This procedures describes how to schedule the audit processes and distribute the threat analytics results for Suspected Stored Procedures and Suspected SQL Injection cases.
About this task
- Suspected Malicious STP Cases (Stored Procedure Cases)
- Suspected SQL Injection Cases
Navigate to Inactive
only radio button or typing Suspected in the
. Optionally filter the available audit processes by clicking the
The default task for this process is the corresponding report (Suspected Malicious STP Cases or Suspected SQL Injection Cases). Do not modify the runtime parameters of these reports. However, you can add additional tasks to this same audit process. For example, you can add both the threat reports into a single audit process.
If you are defining these audit processes from a central manager, define a task for each collector for which you want to see threat data and use the Remote Data Source option.
- Click Send results to define the audit process receivers who will receive reports on suspected malicious stored procedures.
- Select the default receiver (user) and then click the icon to define the appropriate receiver or receivers for your organization. When you are finished, click OK.
Click Schedule audit process and review the schedule for the audit
The recommendation is to run the process every day, every hour starting at 12:30 AM (after both outliers and threat detection usually run). Note that the check box Auto run dependent jobs has no effect for this task.Important: Make sure the Activate schedule check box is checked.
- Click Next and then click Save to finish working with the audit process.