This procedures describes how to schedule the audit processes and distribute the threat
analytics results for Suspected Stored Procedures and Suspected SQL Injection cases.
About this task
There are two preconfigured audit processes that control the distribution of threat analytics
reports to the appropriate reviewers:
- Suspected Malicious STP Cases (Stored Procedure Cases)
- Suspected SQL Injection Cases
Each process pulls out the suspected cases on one attack type. You can customize these
processes, or copy and create your own.
Procedure
-
Navigate to . Optionally filter the available audit processes by clicking the Inactive
only radio button or typing Suspected in the
Filter box.
The default task for this process is the corresponding report (Suspected Malicious STP
Cases or Suspected SQL Injection Cases). Do not modify the
runtime parameters of these reports. However, you can add additional tasks to this same audit
process. For example, you can add both the threat reports into a single audit process.
If you are defining these audit processes from a central manager, define a task for each
collector for which you want to see threat data and use the Remote Data
Source option.
-
Click Send results to define the audit process receivers who will
receive reports on suspected malicious stored procedures.
-
Select the default receiver (user) and then click the
icon to define the appropriate receiver or receivers for your organization. When you are
finished, click OK.
-
Click Schedule audit process and review the schedule for the audit
process.
The recommendation is to run the process every day, every hour starting at 12:30 AM (after both
outliers and threat detection usually run). Note that the check box Auto run dependent
jobs has no effect for this task.
Important: Make sure the Activate schedule check box is
checked.
-
Click Next and then click Save to finish working
with the audit process.