Instruction/ maintenance manual of the product FortiDB Fortinet
Go to page of 56
www.fortinet.com FortiDB Ve r s i o n 3 . 2 Utilities User Guide.
FortiDB Utilities User Guide V ersion 3.2 December 19, 2008 15-32000-81 369-20081219 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examples, diagra.
T able of Contents FortiDB V ersion 3.2 Utilities User Gui de 15-32000-81369-2008 1219 1 Table of Contents FortiDB MA Utilities .... .................................................................................... ......... 3 Auto Discovery ......
FortiDB V ersion 3.2 Util ities User Guide 2 15-32000-81369-200812 19 T able of Contents Report Body Columns .................. ................ .................... ................ ................ ........... 44 Abnormal or Unauthoriz ed Changes to Data Report (AUC) .
FortiDB MA Utilities FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 3 FortiDB MA Utilities FortiDB MA provides several utilitie s to help you use other modules: • Auto Discovery.
FortiDB V ersi on 3.2 Utilities User Guide 4 15-32000-81369-200812 19 Auto Discovery Auto Discovery FortiDB MA provides the ability to sear ch for , and establish connections to, databases on your n etwork. Rather than manually enterin g all of the connection information, you can have FortiDB MA a utomatically disc over it for y ou.
Auto Discovery FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 5 Selecting Non-Standar d Ports for Auto-Disco very 5 Click the Begin Discovery button.
FortiDB V ersi on 3.2 Utilities User Guide 6 15-32000-81369-200812 19 DB2 Auto Discovery Discovered Database Info rmation Populating Connection Form The proces s will automatically return: • Databas.
Auto Discovery MS-SQL FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 7 • Destined for port 1 434 • Originating from the port whos e nu mber is specified in the dss.
FortiDB V ersi on 3.2 Utilities User Guide 8 15-32000-81369-200812 19 MS-SQL Connection Summary Connection Summary The Connection Summary utility allows you to see, by FortiDB MA module and in one place, a dashboard view of a ll of your database connections.
Rule Chaining MS-SQL FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 9 Rule Chaining The Rule Chaining module allo ws you to associate rules so that one, the sour ce 1 rule, can influence the execution of another , the target 2 rule.
FortiDB V ersi on 3.2 Utilities User Guide 10 15-32000-81369-200812 19 MS-SQL Rule Chaining Configuring a Rule Chain for a Specific Targ et Database Connection Y ou can perform th e following: • Cho.
Rule Chaining Chaining with Pa rameterized User-Defined Ru les FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 11 After the dat abase has been specified and you have clicked on [Add Item] , you will be presented with the Create Rule Chaining Settings page.
FortiDB V ersi on 3.2 Utilities User Guide 12 15-32000-81369-200812 19 Chaining with Parameterized User-Defined Rules Rule Chaining General PUDR Steps The general step for creating a chain that uses a PUDR are: 1 In UBM, define an Object, User , or Sessio n policy that will be your Source Rule.
Rule Chaining Chaining with Pa rameterized User-Defined Ru les FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 13 PUDR Eligible Rules Disabled Parameter Checkboxes If the chosen target rule cannot acce pt parameters , they will be grayed out.
FortiDB V ersi on 3.2 Utilities User Guide 14 15-32000-81369-200812 19 Chaining with Parameterized User-Defined Rules Rule Chaining Chaining the UBM Poli cy and PUDR Together Associating a Source Rule.
Rule Chaining Chaining with Pa rameterized User-Defined Ru les FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 15 Policy Settings for Suspicious Login Time 2 Create a UBM Session Policy , our Source rule, in order to monitor BAD_ GUY and generate an alert to trigge r our T arget rule, a PUDR.
FortiDB V ersi on 3.2 Utilities User Guide 16 15-32000-81369-200812 19 Chaining with Parameterized User-Defined Rules Rule Chaining 4 Login as BAD_GUY at an "abnormal" tim e (Here, that is a.
Rule Chaining Chaining with Pa rameterized User-Defined Ru les FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 17 Chained-Rule Alerts: (UBM Sess ion Policy and PUDR) 5 Get an alert when the (the Session Policy) Source rule is violated.
FortiDB V ersi on 3.2 Utilities User Guide 18 15-32000-81369-200812 19 Chaining with Parameterized User-Defined Rules Rule Chaining SELECT username, osuser, terminal FROM v$ session WHERE osuser = &ap.
Rule Chaining Chaining with Pa rameterized User-Defined Ru les FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 19 In this case, the alert will be generated on ly for first object in the SELECT list; namely: vje.
FortiDB V ersi on 3.2 Utilities User Guide 20 15-32000-81369-200812 19 Alert Report Manager Report Manager Report Manager In order to access the F o rtiDB MA Report Mana ger module, click on the Report Manager link on the left-side navigator on th e main FortiDB MA screen.
Report Manager Alert Report Manager FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 21 Setting a Timer-Based Schedule Deleting a Previously Set Timer Schedule Y ou can delete a previou s ly set T imer schedule by clicking on the Delete Timer button.
FortiDB V ersi on 3.2 Utilities User Guide 22 15-32000-81369-200812 19 Alert Report Manager Report Manager Setting a Calendar-Based Sched u le Setting a Combined Schedule Y ou can also specify a comb ined schedul e which consists of both a timer- and a calendar-based schedule.
Report Manager Alert Report Manager FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 23 Reporting by Time The Alert Report Manag er module generat es rep orts based on alert s generated by the various other modules.
FortiDB V ersi on 3.2 Utilities User Guide 24 15-32000-81369-200812 19 Alert Report Manager Report Manager New Reports Menu In the New Reports page, fill in the nece ssary dat a information that you want to show in the report.
Report Manager Alert Report Manager FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 25 New Report Setting Screen (botto m) Y ou may specify these p arameters for your new report: .
FortiDB V ersi on 3.2 Utilities User Guide 26 15-32000-81369-200812 19 Alert Report Manager Report Manager • Alert Generated T ime (day or time interval that the alert s occurred) • Report Generat.
Report Manager Alert Report Manager FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 27 Activating ARM In order to begin running sch edu led report s, you should use the Report s->St atus menu. Check the Ye s checkbox and click the Save button.
FortiDB V ersi on 3.2 Utilities User Guide 28 15-32000-81369-200812 19 Alert Report Manager Report Manager Current Report Configurat ion In the row corresponding to your rep o rt of interest, you can .
Report Manager Alert Report Manager FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 29 Report Detailed Action By clicking the [Det ailed] Action] button, you can get to a screen provides detaile d information for each alert. The Detailed Report gives specific information about each alert.
FortiDB V ersi on 3.2 Utilities User Guide 30 15-32000-81369-200812 19 Custom Reports Report Manager Custom Reports Custom Reports Using the open -source Jasp erReports library 1 , the Quartz scheduli.
Report Manager Custom Reports FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 31 Y ou can select: • T ime only schedule • Daily schedule • Weekly sch edule • Monthly schedule Time-only Sched ule Settings Daily Schedule Settings Y ou can have your r eports run on a daily basis at a certain time.
FortiDB V ersi on 3.2 Utilities User Guide 32 15-32000-81369-200812 19 Custom Reports Report Manager Weekly Schedule Settings Y ou can have your repo rts run on a weekly basis on day(s). Monthly Schedule Settings Y ou can have your repo rts run on a monthly basis.
Report Manager Custom Reports FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 33 Company Information Dialog Report and Template Ge neration and Management Custom Reports Main Page .
FortiDB V ersi on 3.2 Utilities User Guide 34 15-32000-81369-200812 19 Custom Reports Report Manager • Generate a Report Adding Reports T o ad d a new report, take the following steps: 1 Click on the Custom Report s Manager link on the left -side navigator or select from the top ba r menu, Reports -> Custom Report s Manager .
Report Manager Custom Reports FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 35 Modifying a Report Deleting Reports 1 Select the report you want to delete. 2 Click the Delete Report button. The confirmation window displays. 3 Click the OK.
FortiDB V ersi on 3.2 Utilities User Guide 36 15-32000-81369-200812 19 Custom Reports Report Manager Modifying Report Templates Y ou can import yo ur template ( *.jrxml) file and save it in the inte rnal reports databa se. Y ou can also e xport the template from the interna l report s database and store it as a ( *.
Report Manager Custom Reports FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 37 Templates Manage r: Modifying a Template Page Generating Reports T o generate a report, take the fo llowing steps: 1 From the Custom Reports Ma nager page, click the Generate Report button.
FortiDB V ersi on 3.2 Utilities User Guide 38 15-32000-81369-200812 19 Custom Reports Report Manager Generated HTML Re port Example 1 Open Control Panel, and open Interne t Options. 2 In the Internet Propertie s window , click the Security t a b. 3 Select T r usted sites.
Report Manager Custom Reports FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 39 Report History Report History Report History allows you to: • View a list of previou s ly generat.
FortiDB V ersi on 3.2 Utilities User Guide 40 15-32000-81369-200812 19 Licensing and Administrati on Report Manager Licensing and Administration User Administration for Custom Re ports and SOX Reports In order to enable a user to utilize the Custom Repo rts feature, select the Cu stom Report s radio button on the User Administ ration screen.
Report Manager Licensing and Administrati on FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 41 Limitations The Custom Report s feature has this limitation: • The maximum number of bar-cha rt columns for each report is 15. If the data being presented requires more than 15 columns, no bar chart is generated for that data.
FortiDB V ersi on 3.2 Utilities User Guide 42 15-32000-81369-200812 19 SOX Compliance Reports Report Manager Description of Shipped Sample Report SOX Compliance Reports SOX Reports within Custom Reports M anager Page One type of Custom Reports is the Sarba nes-Oxley (SOX) Compliance report s.
Report Manager SOX Compliance Reports FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 43 Reports and Acronyms This release in cludes these S OX reports: Common Report Header Fields Here are the common report-h eader fields for the current SOX report s.
FortiDB V ersi on 3.2 Utilities User Guide 44 15-32000-81369-200812 19 History of Privilege Changes Repo rt (HPC) SOX Report Specifics SOX Report Specifics This section lists the COBIT objectives and description s, the FortiDB M A module-setup re quirements, and individual-column det ail for each report in this release.
SOX Report Specifics Abnormal or Unaut horized C hanges to Data Report (AUC) FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 45 Abnormal or Unauthorized Ch anges to Data Report (AU.
FortiDB V ersi on 3.2 Utilities User Guide 46 15-32000-81369-200812 19 Abnormal Use of Service Accounts Re port (AUS) SOX Report Specifics Abnormal Use of Service Accounts Report (AUS) AUS Report Samp.
SOX Report Specifics Abnormal T erminatio n of Data base Activity Report (A TD) FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 47 Abnormal Termination of Database Activity Report .
FortiDB V ersi on 3.2 Utilities User Guide 48 15-32000-81369-200812 19 End of Period Adjustments Repor t (EP A) SOX Report Specifics End of Period Adjustments Report (EPA) EPA Report Sample COBIT Obje.
SOX Report Specifics End of Period Adjustments Report (EP A) FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 49 Determining Your Reporting Period Reporting Period is the time fr ame surrounding a user-defined period-en d day (PED).
FortiDB V ersi on 3.2 Utilities User Guide 50 15-32000-81369-200812 19 V erification of Audit Settings Report (V AS) SOX Report Specifics The resulting re port period is July 24 until August 16, inclusive.
SOX Report Specifics V erification o f Audit Settings Repo rt (V AS) FortiDB V ersio n 3.2 Utilities User Guide 15-32000-81369-2008 1219 51 Licensing and Administration For SOX Report s licensing and .
FortiDB V ersi on 3.2 Utilities User Guide 52 15-32000-81369-200812 19 V erification of Audit Settings Report (V AS) SOX Report Specifics.
Index FortiDB V ersion 3.2 Utilities User Guide 15-32000-81369-2008 1219 53 Index A activate 20 Alert Behavior 17 Alert Report Manager 2 0 ARM 20 activating 27 Auto Discovery DB2 6 MS-SQL 6 Auto Discovery 4 C Calendar-based Schedule 21 compliance 20 Connection Summary 8 Custom Report Properties 40 Custom Reports 30 D DB2 6 dssConfig.
FortiDB V ersion 3.2 Util ities User Guide 54 15-32000-81369-200812 19 Index.
An important point after buying a device Fortinet FortiDB (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Fortinet FortiDB yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Fortinet FortiDB - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Fortinet FortiDB you will learn all the available features of the product, as well as information on its operation. The information that you get Fortinet FortiDB will certainly help you make a decision on the purchase.
If you already are a holder of Fortinet FortiDB, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Fortinet FortiDB.
However, one of the most important roles played by the user manual is to help in solving problems with Fortinet FortiDB. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Fortinet FortiDB along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center