Session-level policy examples

Edit online

To help you understand session-level policies, Guardium provides some examples with descriptions. The examples include both the Guardium UI and SR language methods.

Understanding the UI examples

These examples help you to understand how to design and build session-level policies.

For the UI examples, each example describes the actions that you need to take on each ribbon to re-create the example, as follows:
  1. Create a new policy Ignore sessions by following the steps described in Creating session-level policies. Select Session level policy and provide a name.

  2. Click the Rules ribbon and then click the New icon icon to open the Create New Rule window. For this policy, provide only the name of the first rule.

  3. To add the session-level criteria, click the Rule criteria ribbon. To add more criteria. click the New icon near the last criterion.
    Tip: Use the session-level criteria for Ignoring sessions example as shown in the following example:
    • Client IP address = 10.10.10.10
    • Server IP address = 20.20.20.20
    • Source application = JAVA%
  4. After you finish adding the criteria, click the Rule action ribbon, and then click the New icon to add actions.
  5. When you are done, your new policy with the rule name and criteria is displayed.

In addition, each example includes an advanced session-level policy that is written in the SR language.

Mapping the SR language examples

In the SR language examples, you can map the parameters (that is, parameter = variable) directly to most UI examples as shown in the following SR language snippet: 
SR_POLICIES
{
        IF (CLIENT_IP = '10.10.10.10' SOURCE_PROGRAM = 'JAVA%' SERVER_IP = '20.20.20.20')
        {
                IGNORE_SESSION
        }
        IF (*)
        {
                IGNORE_SESSION PACKETS_LIMIT = 50
        }
}
  • CLIENT_IP criteria in the SR language maps to Client IP address in the UI
  • SERVER_IP maps to Server IP address.
  • SOURCE_PROGRAM maps to Source application.
In addition, the { IGNORE_SESSION } code in the SR language maps to the IGNORE SESSION rule action in the UI.

In the Using session-level and advanced session-level policies, you can find the mappings between the SR language and UI elements.

In the guide, the UI name is generally on the left, and the SR language name is on the right. The SR language name is shown in parentheses. For example, looking at search parameters: 
Request types available for actions with search parameters:

    LOGIN FAILED (LOGIN_FAILED)
    PREPARED STATEMENT (PREP_STAT)
    RPC (RPC)
    SQL (SQL)
    SQL ERROR (SQL_ERROR)
    SQL SUCCESS (SQL_SUCCESS)
LOGIN FAILED in the UI maps to LOGIN_FAILED in the SR language, PREPARED STATEMENT in the UI maps to PREP_STAT in the SR language.