CN112416909A - Cloud database auditing method and device and server - Google Patents
Cloud database auditing method and device and server Download PDFInfo
- Publication number
- CN112416909A CN112416909A CN202011459765.3A CN202011459765A CN112416909A CN 112416909 A CN112416909 A CN 112416909A CN 202011459765 A CN202011459765 A CN 202011459765A CN 112416909 A CN112416909 A CN 112416909A
- Authority
- CN
- China
- Prior art keywords
- audit
- content
- sql
- record
- protected object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012550 audit Methods 0.000 claims abstract description 198
- 238000012216 screening Methods 0.000 claims abstract description 17
- 230000011218 segmentation Effects 0.000 claims description 6
- 239000000126 substance Substances 0.000 claims description 2
- 230000006399 behavior Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101100285000 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) his-3 gene Proteins 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention relates to the field of database auditing and discloses a cloud database auditing method, a cloud database auditing device and a cloud database auditing server. The method comprises the following steps: acquiring an SQL audit log; acquiring the content of the protected object configuration information; screening the contents of the SQL audit log and the configuration information of the protected object to obtain an audit record; the audit records are subjected to regulation matching to obtain new audit records; and inserting the new audit record into a database of an audit system, so that the audit of the database on the cloud can be realized, and the safety of the data in the database on the cloud is ensured.
Description
Technical Field
The invention relates to the field of database auditing, in particular to a cloud database auditing method, a cloud database auditing device and a cloud database auditing server.
Background
Database auditing (DBAudio for short) can record database activities on a network in real time, perform compliance management of fine-grained auditing on database operation, alarm risk behaviors suffered by the database and block attack behaviors. The method is used for helping the user generate a compliance report and accident tracing source after the user visits the database through recording, analyzing and reporting the behavior of the user visiting the database, and meanwhile, network behavior records of the internal database and the external database are enhanced, and the safety of data assets is improved.
According to the traditional database auditing architecture, a port mirror image or plug-in drainage mode can be directly adopted, the flow which is required by a user is filtered to auditing equipment, but the cloud database limits the flow, and the flow cannot be directly obtained through the mode, so that the cloud database cannot be audited.
Disclosure of Invention
Therefore, it is necessary to provide a cloud database auditing method, device and server to solve the technical problems, so as to implement auditing of a cloud database, thereby ensuring security of data in the cloud database.
In a first aspect, an embodiment of the present invention provides a cloud database auditing method, where the method includes:
acquiring an SQL audit log;
acquiring the content of the protected object configuration information;
screening the contents of the SQL audit log and the configuration information of the protected object to obtain an audit record;
the audit record is subjected to regulation matching to obtain a new audit record;
and inserting the new audit record into a database of an audit system.
In some embodiments, the obtaining the SQL audit log comprises:
displaying a configuration page;
acquiring registration information input based on the configuration page;
and calling an API (application programming interface) according to the registration information to obtain an SQL (structured query language) audit log.
In some embodiments, the screening the content of the SQL audit log and the protected object configuration information to obtain an audit record includes:
and combining the content of the SQL audit log with the content configured by the protected object in the audit system based on the same field and/or IP address to obtain an audit record.
In some embodiments, before the combining the content of the SQL audit log with the content configured by the protected object in the audit system based on the IP address and obtaining the audit record, the method further includes:
and performing character segmentation on the fields of the SQL audit log content to obtain host address fields.
In some embodiments, the combining, based on the IP address, the content of the SQL audit log with the content configured by the protected object in the audit system to obtain the audit record includes:
comparing the host address field with an IP address;
and if the host address field is consistent with the IP address, combining the content of the SQL audit log and the content configured by the protected object to obtain an audit record.
In some embodiments, the combining, based on the same field, the content of the SQL audit log with the content of the protected object configuration in the audit system to obtain the audit record includes:
comparing the field of the SQL audit log content with the field of the content configured by the protected object;
and if the fields are consistent, combining the content corresponding to the fields of the SQL audit log with the content corresponding to the fields configured by the protected object in the audit system to obtain an audit record.
In some embodiments, the performing the regulation matching on the audit record to obtain a new audit record includes:
and matching the audit record with a rule called by a rule engine to fill fields in the audit record to obtain a new audit record.
In a second aspect, an embodiment of the present invention further provides an auditing apparatus for a cloud database, including:
the first acquisition module is used for acquiring an SQL audit log;
the second acquisition module is used for acquiring the content of the protected object configuration information;
the screening module is used for screening the contents of the SQL audit log and the protected object configuration information to obtain an audit record;
the matching module is used for carrying out regulation matching on the audit record to obtain a new audit record;
and the inserting module is used for inserting the new audit record into a database of the audit system.
In a third aspect, an embodiment of the present invention further provides a server, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor
Is executed by the at least one processor to enable the at least one processor to perform the above-described on-cloud database auditing method.
In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are executed by a processor, the processor is caused to execute the above method for auditing a database on the cloud.
Compared with the prior art, the invention has the beneficial effects that: different from the situation of the prior art, the method, the device and the server for auditing the cloud database in the embodiment of the invention separate the logs by adopting an SQL (structured query language) insight mode, then screen the SQL audit logs in combination with the content of the configuration information of the protected object to generate the audit records conforming to the audit equipment, then perform rule matching on the audit records through a background program to obtain new audit records, and finally insert the new audit records into the database, so that the audit on the cloud database can be realized, and the safety of data in the cloud database is ensured.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
FIG. 1 is a schematic diagram of the hardware architecture of the server of the present invention;
FIG. 2 is a schematic flow chart diagram illustrating a method for auditing a database on the cloud according to an embodiment of the invention;
fig. 3 is a block diagram of a structure of an auditing apparatus for a cloud database according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that, if not conflicted, the various features of the embodiments of the invention may be combined with each other within the scope of protection of the invention. Additionally, while functional block divisions are performed in apparatus schematics, with logical sequences shown in flowcharts, in some cases, steps shown or described may be performed in sequences other than block divisions in apparatus or flowcharts. The terms "first", "second", "third", and the like used in the present invention do not limit data and execution order, but distinguish the same items or similar items having substantially the same function and action.
Referring to fig. 1, fig. 1 is a hardware structure diagram of a server according to an embodiment of the present invention, where the server 100 may be any type of device with computing capability, such as an audit server.
Specifically, as shown in FIG. 1, the server 100 includes one or more processors 102 and memory 104. One processor 102 is illustrated in fig. 1. The processor 102 and the memory 104 may be connected by a bus or other means, such as by a bus in FIG. 1.
The memory 104, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as programs, instructions, and modules corresponding to the on-cloud database auditing method in the embodiments of the present invention. The processor 102 executes various functional applications of the server and data processing by executing nonvolatile software programs, instructions, and modules stored in the memory 104, that is, implements the on-cloud database auditing method in the following embodiments.
The memory 104 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to on-cloud database auditing apparatus usage, and the like. Further, the memory 104 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 104 optionally includes memory located remotely from processor 102, which may be connected to the on-cloud database auditing apparatus via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
As shown in fig. 2, an embodiment of the present invention provides an auditing method for a database on a cloud, where the method is performed by a server, and the method includes:
In the embodiment of the invention, the SQL audit log is stored in the database on the cloud, and can also be understood as the SQL insight log, and all operations on the database are recorded in the SQL audit log. Specifically, the server obtains an SQL audit log in a database on the cloud.
In some embodiments, as an implementation of step 202, the method includes: displaying a configuration page; acquiring registration information input based on the configuration page; and calling an API (application programming interface) according to the registration information to obtain an SQL (structured query language) audit log.
In the embodiment of the present invention, if the SQL audit log is to be obtained, registration is required to be performed in advance, and the registration information is parameter information including, but not limited to, a key ID, a key signature string, a signature result string, a timestamp, and the like, where the key ID is similar to an account, the key signature string is similar to a password, and the signature result string is similar to a verification code. Specifically, the database insight log is registered through a configuration interface, then an SDK code is generated, so that an SQL audit log is generated, and then an API (application programming interface) is called through registration information, namely parameter information, so that the SQL audit log in the database on the cloud is obtained.
In the embodiment of the present invention, the protected object configuration information is stored in the auditing system, and the content of the protected object configuration information includes, but is not limited to, the original IP address of the protected object, the policy of the protected object, the rule, the port, the database version number, and the like. Specifically, the server obtains the content of the protected object configuration information from the auditing system.
And step 206, screening the contents of the SQL audit log and the protected object configuration information to obtain an audit record.
In the embodiment of the invention, the audit record is a record conforming to the audit equipment, the audit record is obtained by screening the contents of the SQL audit log and the configuration information of the protected object, but the audit record obtained by screening is an incomplete audit record file, and the audit record needs to be processed subsequently.
In some embodiments, as an implementation of step 206, the method includes: and combining the content of the SQL audit log with the content configured by the protected object in the audit system based on the same field and/or IP address to obtain an audit record.
In embodiments of the present invention, audit records may be obtained in a variety of ways, including but not limited to based on the same field and/or IP address. Obtaining an audit record based on an IP address, and comparing the host address field with the IP address; and if the host address field is consistent with the IP address, combining the content of the SQL audit log and the content configured by the protected object to obtain an audit record. Specifically, after the server calls the API interface through the parameter information, a return content is generated, which returns to a certain format, for example, a jsson format or an xml format, and the like, and a field containing the content of the SQL audit log is returned, then a string segmentation function is used to perform string segmentation on the field of the content of the SQL audit log, extract a host address field, then the host address field is compared with the original IP address of the protected object, and if the host address field is the same as the original IP address of the protected object, the content of the SQL audit log and the content configured by the protected object are combined to form an audit record.
In addition, obtaining an audit record based on the same field, and comparing the field of the SQL audit log content with the field of the content configured by the protected object; and if the fields are consistent, combining the content corresponding to the fields of the SQL audit log with the content corresponding to the fields configured by the protected object in the audit system to obtain an audit record. Specifically, after the server calls the API interface through the parameter information, a return content in a certain format is generated, the certain format may be, for example, a jsson format or an xml format, and a field containing the content of the SQL audit log is returned, and the content corresponding to the field of the SQL audit log and the content corresponding to the field configured by the protected object in the audit system are combined through the same field to form an audit record suitable for the database audit server.
And 208, performing regulation matching on the audit record to obtain a new audit record.
In the embodiment of the invention, the new audit record is a complete audit record file, and the new audit record comprises an original IP address, an original port, an operation statement, client main body information, occurrence time and the like, wherein the client main body information comprises but is not limited to a database name, a database access tool, a database account and the like. Specifically, after obtaining the audit record, the audit record can be obtained only by performing regulation matching on the audit record.
In some embodiments, as an implementation of step 208, the method includes matching the audit record with rules called by a rules engine to fill fields in the audit record to obtain a new audit record.
In the embodiment of the present invention, the new audit record must be a complete audit record, and the rules called by the rule engine include, but are not limited to, keywords, operation types, rule effective time, and a rule white list. Specifically, the server matches the obtained audit record with a rule called by a rule engine, the main purpose of matching is to refill the audit record, because the audit record obtained by screening in advance is incomplete, some fields of the audit record need to be judged by the rule engine to determine whether some content is missing in the fields, and if so, new fields are filled in the content missing in the audit record through the rule called by the rule engine to generate the audit record conforming to the audit system. Illustratively, if the audit record lacks keywords, the rule engine calls the keywords to fill the audit record, so as to generate the audit record conforming to the audit system.
And 210, inserting the new audit record into a database of the audit system.
And the server stores the new audit record in a warehouse.
In the embodiment of the invention, the log is separated by adopting an SQL (structured query language) insight mode, then the SQL audit log is combined with the content of the configuration information of the protected object for screening to generate the audit record conforming to the audit equipment, then the audit record is subjected to rule matching through a background program to obtain a new audit record, and finally the new audit record is inserted into a database, so that the audit of the database on the cloud can be realized, and the safety of the data in the database on the cloud is ensured.
It should be noted that, in the foregoing embodiments, a certain order does not necessarily exist between the foregoing steps, and it can be understood by those skilled in the art from the description of the embodiments of the present invention that, in different embodiments, the foregoing steps may have different execution orders, that is, may be executed in parallel, may also be executed in an exchange manner, and the like.
Correspondingly, the embodiment of the present invention further provides an auditing apparatus 300 for a cloud database, as shown in his 3, including:
a first obtaining module 302, configured to obtain an SQL audit log;
a second obtaining module 304, configured to obtain content of the protected object configuration information;
the screening module 306 is configured to screen the content of the SQL audit log and the protected object configuration information to obtain an audit record;
the matching module 308 is used for performing regulation matching on the audit record to obtain a new audit record;
an inserting module 310, configured to insert the new audit record into a database of an auditing system.
According to the cloud database auditing device provided by the embodiment of the invention, the SQL audit log is obtained through the first obtaining module, then the content of the configuration information of the protected object is obtained through the second obtaining module, then the SQL audit log and the content of the configuration information of the protected object are screened through the screening module to obtain the audit record, further, the audit record is subjected to regulation matching through the matching module to obtain a new audit record, and finally the new audit record is inserted into the database of the auditing system through the inserting module, so that the auditing of the cloud database can be realized, and the safety of data in the cloud database is ensured.
Optionally, in another embodiment of the apparatus, please refer to fig. 3, the apparatus 300 further includes:
and the segmentation module 312 is configured to perform character segmentation on the field of the SQL audit log content to obtain a host address field.
Optionally, in other embodiments of the apparatus, the first obtaining module 302 is specifically configured to:
displaying a configuration page;
acquiring registration information input based on the configuration page;
and calling an API (application programming interface) according to the registration information to obtain an SQL (structured query language) audit log.
Optionally, in other embodiments of the apparatus, the screening module 306 is specifically configured to:
and combining the content of the SQL audit log with the content configured by the protected object in the audit system based on the same field and/or IP address to obtain an audit record.
Comparing the host address field with an IP address;
and if the host address field is consistent with the IP address, combining the content of the SQL audit log and the content configured by the protected object to obtain an audit record.
Comparing the field of the SQL audit log content with the field of the content configured by the protected object;
and if the fields are consistent, combining the content corresponding to the fields of the SQL audit log with the content corresponding to the fields configured by the protected object in the audit system to obtain an audit record.
Optionally, in other embodiments of the apparatus, the matching module 308 is specifically configured to:
and matching the audit record with a rule called by a rule engine to fill fields in the audit record to obtain a new audit record.
It should be noted that the above-mentioned cloud database auditing apparatus may execute the cloud database auditing method provided in the embodiments of the present invention, and has a functional module and a beneficial effect of the application of the execution method.
Embodiments of the present invention further provide a non-transitory computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are executed by one or more processors, the one or more processors may execute the method for auditing the database on the cloud in any of the method embodiments.
The server of embodiments of the present invention exists in a variety of forms, including but not limited to:
(1) tower server
The general tower server chassis is almost as large as the commonly used PC chassis, while the large tower chassis is much larger, and the overall dimension is not a fixed standard.
(2) Rack-mounted server
Rack-mounted servers are a type of server that has a standard width of 19 inch racks, with a height of from 1U to several U, due to the dense deployment of the enterprise. Placing servers on racks not only facilitates routine maintenance and management, but also may avoid unexpected failures. First, placing the server does not take up too much space. The rack servers are arranged in the rack in order, and no space is wasted. Secondly, the connecting wires and the like can be neatly stored in the rack. The power line, the LAN line and the like can be distributed in the cabinet, so that the connection lines accumulated on the ground can be reduced, and the accidents such as the electric wire kicking off by feet can be prevented. The specified dimensions are the width (48.26cm ═ 19 inches) and height (multiples of 4.445 cm) of the server. Because of its 19 inch width, a rack that meets this specification is sometimes referred to as a "19 inch rack".
(3) Blade server
A blade server is a HAHD (High Availability High Density) low cost server platform designed specifically for the application specific industry and High Density computer environment, where each "blade" is actually a system motherboard, similar to an individual server. In this mode, each motherboard runs its own system, serving a designated group of different users, without any relationship to each other. Although system software may be used to group these motherboards into a server cluster. In the cluster mode, all motherboards can be connected to provide a high-speed network environment, and resources can be shared to serve the same user group.
(4) Cloud server
The cloud server (ECS) is a computing Service with simplicity, high efficiency, safety, reliability, and flexible processing capability. The management mode is simpler and more efficient than that of a physical server, and a user can quickly create or release any plurality of cloud servers without purchasing hardware in advance. The distributed storage of the cloud server is used for integrating a large number of servers into a super computer, and a large number of data storage and processing services are provided. The distributed file system and the distributed database allow access to common storage resources, and IO sharing of application data files is achieved. The virtual machine can break through the limitation of a single physical machine, dynamically adjust and allocate resources to eliminate single-point faults of the server and the storage equipment, and realize high availability.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a computer readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Wherein the storage medium can be a magnetic disk, an optical disk, a read-only memory
A Memory-Only Memory (ROM) or a Random Access Memory (RAM), etc.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; within the idea of the invention, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A cloud database auditing method, the method comprising:
acquiring an SQL audit log;
acquiring the content of the protected object configuration information;
screening the contents of the SQL audit log and the configuration information of the protected object to obtain an audit record;
the audit record is subjected to regulation matching to obtain a new audit record;
and inserting the new audit record into a database of an audit system.
2. The method of claim 1, wherein obtaining the SQL audit log comprises:
displaying a configuration page;
acquiring registration information input based on the configuration page;
and calling an API (application programming interface) according to the registration information to obtain an SQL (structured query language) audit log.
3. The method according to claim 1 or 2, wherein the screening the content of the SQL audit log and the protected object configuration information to obtain an audit record comprises:
and combining the content of the SQL audit log with the content configured by the protected object in the audit system based on the same field and/or IP address to obtain an audit record.
4. The method of claim 3, wherein before combining the content of the SQL audit log with the content of the protected object configuration in the audit system based on the IP address to obtain the audit record, the method further comprises:
and performing character segmentation on the fields of the SQL audit log content to obtain host address fields.
5. The method of claim 4, wherein the combining the content of the SQL audit log with the content of the protected object configuration in the audit system based on the IP address to obtain the audit record comprises:
comparing the host address field with an IP address;
and if the host address field is consistent with the IP address, combining the content of the SQL audit log and the content configured by the protected object to obtain an audit record.
6. The method of claim 3, wherein said combining the content of the SQL audit log with the content of the protected object configuration in the audit system based on the same field to obtain the audit record comprises:
comparing the field of the SQL audit log content with the field of the content configured by the protected object;
and if the fields are consistent, combining the content corresponding to the fields of the SQL audit log with the content corresponding to the fields configured by the protected object in the audit system to obtain an audit record.
7. The method of claim 1, wherein said matching the audit record to obtain a new audit record comprises:
and matching the audit record with a rule called by a rule engine to fill fields in the audit record to obtain a new audit record.
8. An on-cloud database auditing apparatus, comprising:
the first acquisition module is used for acquiring an SQL audit log;
the second acquisition module is used for acquiring the content of the protected object configuration information;
the screening module is used for screening the contents of the SQL audit log and the protected object configuration information to obtain an audit record;
the matching module is used for carrying out regulation matching on the audit record to obtain a new audit record;
and the inserting module is used for inserting the new audit record into a database of the audit system.
9. A server, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer-readable storage medium storing computer-executable instructions that, when executed by a processor, cause the processor to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011459765.3A CN112416909A (en) | 2020-12-11 | 2020-12-11 | Cloud database auditing method and device and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011459765.3A CN112416909A (en) | 2020-12-11 | 2020-12-11 | Cloud database auditing method and device and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112416909A true CN112416909A (en) | 2021-02-26 |
Family
ID=74775671
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011459765.3A Pending CN112416909A (en) | 2020-12-11 | 2020-12-11 | Cloud database auditing method and device and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112416909A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114443739A (en) * | 2022-04-08 | 2022-05-06 | 北京华顺信安科技有限公司 | Method and device for extracting product version number |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101075256A (en) * | 2007-06-08 | 2007-11-21 | 北京神舟航天软件技术有限公司 | System and method for real-time auditing and analyzing database |
| CN103329129A (en) * | 2011-01-12 | 2013-09-25 | 国际商业机器公司 | Multi-tenant audit awareness in support of cloud environments |
| CN103428177A (en) * | 2012-05-18 | 2013-12-04 | 中兴通讯股份有限公司 | Configuration and generation method and device for cloud environment audit logs and/or security events |
| CN106815125A (en) * | 2015-12-02 | 2017-06-09 | 阿里巴巴集团控股有限公司 | A kind of log audit method and platform |
| CN107908651A (en) * | 2017-10-12 | 2018-04-13 | 北京人大金仓信息技术股份有限公司 | A kind of auditing method of distributed type assemblies |
| CN108011925A (en) * | 2017-11-01 | 2018-05-08 | 北京神州绿盟信息安全科技股份有限公司 | A kind of operating audit system and method |
| CN109325044A (en) * | 2018-09-20 | 2019-02-12 | 快云信息科技有限公司 | A kind of the audit log processing method and relevant apparatus of database |
| WO2019067997A1 (en) * | 2017-09-30 | 2019-04-04 | Oracle International Corporation | Autonomous multitenant database cloud service framework |
| CN109582539A (en) * | 2018-12-03 | 2019-04-05 | 上海热璞网络科技有限公司 | A kind of database audit method and system |
| CN109729147A (en) * | 2018-11-28 | 2019-05-07 | 国云科技股份有限公司 | The auditing system and implementation method of multi-tenant are supported under a kind of cloud environment |
| CN110134653A (en) * | 2019-05-17 | 2019-08-16 | 杭州安恒信息技术股份有限公司 | It is a kind of to utilize log auxiliary data base auditing method and system |
| CN110619227A (en) * | 2019-09-12 | 2019-12-27 | 北京浪潮数据技术有限公司 | Audit log management method, device, equipment and readable storage medium |
| CN111177779A (en) * | 2019-12-24 | 2020-05-19 | 深圳昂楷科技有限公司 | Database auditing method, device thereof, electronic equipment and computer storage medium |
| CN111740868A (en) * | 2020-07-07 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Alarm data processing method and device and storage medium |
| CN111988295A (en) * | 2020-08-11 | 2020-11-24 | 程星星 | Database auditing method and device, WEB server, database auditing system and storage medium |
-
2020
- 2020-12-11 CN CN202011459765.3A patent/CN112416909A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101075256A (en) * | 2007-06-08 | 2007-11-21 | 北京神舟航天软件技术有限公司 | System and method for real-time auditing and analyzing database |
| CN103329129A (en) * | 2011-01-12 | 2013-09-25 | 国际商业机器公司 | Multi-tenant audit awareness in support of cloud environments |
| CN103428177A (en) * | 2012-05-18 | 2013-12-04 | 中兴通讯股份有限公司 | Configuration and generation method and device for cloud environment audit logs and/or security events |
| CN106815125A (en) * | 2015-12-02 | 2017-06-09 | 阿里巴巴集团控股有限公司 | A kind of log audit method and platform |
| WO2019067997A1 (en) * | 2017-09-30 | 2019-04-04 | Oracle International Corporation | Autonomous multitenant database cloud service framework |
| CN107908651A (en) * | 2017-10-12 | 2018-04-13 | 北京人大金仓信息技术股份有限公司 | A kind of auditing method of distributed type assemblies |
| CN108011925A (en) * | 2017-11-01 | 2018-05-08 | 北京神州绿盟信息安全科技股份有限公司 | A kind of operating audit system and method |
| CN109325044A (en) * | 2018-09-20 | 2019-02-12 | 快云信息科技有限公司 | A kind of the audit log processing method and relevant apparatus of database |
| CN109729147A (en) * | 2018-11-28 | 2019-05-07 | 国云科技股份有限公司 | The auditing system and implementation method of multi-tenant are supported under a kind of cloud environment |
| CN109582539A (en) * | 2018-12-03 | 2019-04-05 | 上海热璞网络科技有限公司 | A kind of database audit method and system |
| CN110134653A (en) * | 2019-05-17 | 2019-08-16 | 杭州安恒信息技术股份有限公司 | It is a kind of to utilize log auxiliary data base auditing method and system |
| CN110619227A (en) * | 2019-09-12 | 2019-12-27 | 北京浪潮数据技术有限公司 | Audit log management method, device, equipment and readable storage medium |
| CN111177779A (en) * | 2019-12-24 | 2020-05-19 | 深圳昂楷科技有限公司 | Database auditing method, device thereof, electronic equipment and computer storage medium |
| CN111740868A (en) * | 2020-07-07 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Alarm data processing method and device and storage medium |
| CN111988295A (en) * | 2020-08-11 | 2020-11-24 | 程星星 | Database auditing method and device, WEB server, database auditing system and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 安鹏: "基于云架构的统一审计平台设计与实现", 中国优秀硕士学位论文全文数据库 (信息科技辑), pages 138 - 573 * |
| 赵维佺 等: "面向多类型数据库的安全审计系统设计", 网络安全技术与应用, pages 41 - 45 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114443739A (en) * | 2022-04-08 | 2022-05-06 | 北京华顺信安科技有限公司 | Method and device for extracting product version number |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| US20120311562A1 (en) | Extendable event processing | |
| Almulla et al. | A state-of-the-art review of cloud forensics | |
| EP2972728B1 (en) | Tracking application usage in a computing environment | |
| CN111131221B (en) | Interface checking device, method and storage medium | |
| CN113269531A (en) | Cloud-end architecture-based multi-tenant internet access behavior audit control method and related equipment | |
| CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
| CN110837511B (en) | Data processing method, system and related equipment | |
| CN109783316A (en) | The recognition methods and device, storage medium, computer equipment of system security log tampering | |
| CN112416909A (en) | Cloud database auditing method and device and server | |
| EP4231602A1 (en) | Method and apparatus for acquiring private cloud container cluster gene information | |
| CN111381989A (en) | Microservice link generation method, microservice link generation device, server and storage medium | |
| CN112328363B (en) | Cloud hard disk mounting method and device | |
| CN112306784A (en) | Test method, test device, electronic equipment and test system | |
| CN111104301B (en) | Method and system for judging barrier user in webpage | |
| US20090222876A1 (en) | Positive multi-subsystems security monitoring (pms-sm) | |
| CN113760450A (en) | Automatic safety management method and device for private cloud virtual machine, terminal and storage medium | |
| CN110891097B (en) | Cross-device user identification method and device | |
| CN109074451A (en) | Internal services are protected in distributed environment | |
| CN112433878A (en) | Method and device for recovering data in damaged relational database | |
| EP2869245A2 (en) | Service modeling and execution | |
| CN112632104A (en) | Dynamic desensitization method and device for storage process and function | |
| CN110944144B (en) | Method and system for quickly configuring video terminal to access video system | |
| US11593511B2 (en) | Dynamically identifying and redacting data from diagnostic operations via runtime monitoring of data sources | |
| CN109784037B (en) | Security protection method and device for document file, storage medium and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |