Policies and rules
A security policy contains an ordered set of rules to be applied to the observed traffic between database clients and servers. Each rule can apply to a request from a client, or to a response from a server. Multiple policies can be defined and multiple policies can be installed on a Guardium system at the same time.
Each rule in a policy defines a conditional action. The condition can be a simple test, for example a check for any access from a client IP address not found in an Authorized Client IPs group, or the condition can be a complex test that evaluates multiple message and session attributes such as database user, source program, command type, time of day, etc. Rules can also be sensitive to the number of times a condition is met within a specified timeframe.
The action triggered by the rule can be a notification action (e-mail to one or more recipients, for example), a blocking action (the client session might be disconnected), or the event might simply be logged as a policy violation. Custom actions can be developed to perform any tasks necessary for conditions that may be unique to a given environment or application.