Users Guide

Published on July 2016 | Categories: Types, Brochures | Downloads: 61 | Comments: 0 | Views: 500
of 120
Download PDF   Embed   Report

Comments

Content

GreenSQL 2.5
User Guide

GreenSQL 2.5 User Guide
Introducing GreenSQL

© Copyright GreenSQL Ltd. 2007 – 2012. All rights reserved.
GreenSQL Ltd. (GreenSQL) reserves the right to make corrections, modifications, enhancements, improvements, and other
changes to its products and services at any time and to discontinue any product or service without notice.
Customers should obtain the latest relevant information before placing orders and should verify that such information is current
and complete. All products are sold subject to GreenSQL's terms and conditions of sale supplied at the time of order
acknowledgment.
GreenSQL warrants performance of its products to the specifications applicable at the time of sale in accordance with
GreenSQL's standard warranty. Testing and other quality control techniques are used to the extent GreenSQL deems
necessary to support this warranty. Except where mandated by government requirements, testing of all parameters of each
product is not necessarily performed.
GreenSQL assumes no liability for third-party applications assistance. Customers are responsible for their products and
applications using GreenSQL components. To minimize the risks associated with customer products and applications,
customers should provide adequate design and operating safeguards.
GreenSQL does not warrant or represent that any license, either express or implied, is granted under any GreenSQL patent
right, copyright or other GreenSQL intellectual property right relating to any combination, machine, or process in which
GreenSQL products or services are used. Information published by GreenSQL regarding third-party products or services does
not constitute a license from GreenSQL to use such products or services or a warranty or endorsement thereof. Use of such
information may require a license from a third party under the patents or other intellectual property of the third party, or a license
from GreenSQL under the patents or other intellectual property of GreenSQL.
Resale of GreenSQL products or services with statements different from or beyond the parameters stated by GreenSQL for that
product or service voids all express and any implied warranties for the associated GreenSQL product or service and is an unfair
and deceptive business practice. GreenSQL is not responsible or liable for any such statements.
All company and brand products and service names are trademarks or registered trademarks of their respective holders.
All text and figures included in this publication are the exclusive property of GreenSQL Ltd. (GreenSQL), and may not be copied,
reproduced, or used in any way without the express written permission of GreenSQL. Information in this document is subject to
change without notice and does not represent a commitment on the part of GreenSQL. Although the information in this
document has been carefully reviewed, GreenSQL does not warrant it to be free of errors or omissions. GreenSQL reserves the
right to make corrections, updates, revisions or changes to the information in this document.
GreenSQL Ltd.
1 Harechev Street
Tel Aviv 67771
Israel
Tel: +972-3-688-8090
Fax: +972-3-760-1166
www.greensql.com

2

GreenSQL 2.5 User Guide
Introducing GreenSQL

Contents
1 INTRODUCING GREENSQL .................................................................................................................... 8
1.1 The GreenSQL Architecture ...................................................................................................8
1.2 Software Specifications .........................................................................................................9
1.2.1
Supported Databases ............................................................................................................ 9
1.2.2
Operating Systems ................................................................................................................ 9
1.2.3
Supported Browsers .............................................................................................................. 9
1.3 GreenSQL’s Four Key Elements ..............................................................................................9
1.3.1
Database Security ............................................................................................................... 10
1.3.1.1
Database Firewall......................................................................................................... 10
1.3.1.2
Separation of Duties .................................................................................................... 10
1.3.1.3
SQL Injection Detection and Prevention ...................................................................... 10
1.3.2
Caching (Database Acceleration) ........................................................................................ 10
1.3.3
Database Activity Monitoring (Auditing) ............................................................................ 11
1.3.4
Dynamic Data Masking........................................................................................................ 11
1.4 The GreenSQL Line of Products............................................................................................ 11
1.5 Concepts ............................................................................................................................. 11
1.5.1
Instance ............................................................................................................................... 12
1.5.2
GreenSQL Proxy .................................................................................................................. 12
1.5.3
Database ............................................................................................................................. 12
1.5.4
Objects ................................................................................................................................ 12
1.6 Related Documents ............................................................................................................. 13
2 ACTIVATING AND CONFIGURING GREENSQL ............................................................................... 14
3 GETTING TO KNOW GREENSQL’S INTERFACE ............................................................................. 16
3.1 The Main Menu ................................................................................................................... 18
3.2 The Workspace ................................................................................................................... 19
3.2.1
Editing Items ....................................................................................................................... 19
3.2.2
Disabling Items .................................................................................................................... 20
3.2.3
Deleting Items ..................................................................................................................... 20
3.2.4
Sorting Items ....................................................................................................................... 20
3.2.5
Customizing views ............................................................................................................... 21
3.2.6
Filtering ............................................................................................................................... 21
3.2.7
Switching between Global and Database Views ................................................................. 22
3.2.8
Reordering Rules ................................................................................................................. 22
4 USING THE DASHBOARD ..................................................................................................................... 23
4.1 Adding or Removing Widgets .............................................................................................. 23
4.2 Changing the Dashboard Layout .......................................................................................... 24
5 CONFIGURING THE BASICS ................................................................................................................. 25
5.1 Activating GreenSQL ........................................................................................................... 25
5.2 Instances in GreenSQL ......................................................................................................... 26
5.2.1
Creating an Instance ........................................................................................................... 26
5.2.2
Editing Instances ................................................................................................................. 27

3

GreenSQL 2.5 User Guide
Introducing GreenSQL

5.2.3
Disabling Instances .............................................................................................................. 27
5.2.4
Deleting Instances ............................................................................................................... 27
5.3 Proxies in GreenSQL ............................................................................................................ 28
5.3.1
Creating Proxies .................................................................................................................. 28
5.3.2
Editing Proxies ..................................................................................................................... 29
5.3.3
Disabling Proxies ................................................................................................................. 30
5.3.4
Deleting Proxies .................................................................................................................. 30
6 CONFIGURING BASIC GREENSQL OPTIONS THROUGH QUICK CONNECT ........................... 31
7 CONNECTING TO A DATABASE .......................................................................................................... 32
8 CERTIFICATES AND SSL SUPPORT ................................................................................................... 34
9 DEFINING YOUR SECURITY POLICY (ADVANCED OPTIONS) .................................................. 35
9.1 Defining a Basic Policy ......................................................................................................... 35
9.1.1
Creating a Database Security Rule ...................................................................................... 35
9.1.1.1
Learning Mode Rule Options ....................................................................................... 36
9.1.1.2
Database Firewall Rule Options ................................................................................... 37
9.1.1.3
Risk-Based IPS/IDS Rule Options .................................................................................. 40
9.1.2
Viewing the Database Security Policy ................................................................................. 41
9.1.3
Editing Database Security Rules .......................................................................................... 41
9.2 Defining Advanced Options for a Policy ............................................................................... 41
9.2.1
Using Risk Profiles ............................................................................................................... 41
9.2.1.1
Creating Risk Profiles ................................................................................................... 42
9.2.1.2
Editing Risk Profiles ...................................................................................................... 42
9.2.1.3
Deleting Risk Profiles ................................................................................................... 42
9.2.2
Using Query Groups ............................................................................................................ 43
9.2.2.1
Creating Query Groups ................................................................................................ 43
9.2.2.2
Editing Query Groups ................................................................................................... 44
9.2.2.3
Injection Patterns......................................................................................................... 45
9.2.3
Using Regular Expression Patterns...................................................................................... 45
9.2.3.1
Creating a Regular Expression Query Pattern.............................................................. 46
9.2.3.2
Editing a Regular Expression Query Pattern ................................................................ 48
9.2.4
Using Learned Patterns ....................................................................................................... 49
9.2.4.1
Creating Query Patterns .............................................................................................. 49
9.2.4.2
Editing Query Patterns ................................................................................................. 50
9.3 Creating Policy Objects ........................................................................................................ 50
9.3.1
Creating IP Addresses.......................................................................................................... 51
9.3.2
Creating IP Address Ranges................................................................................................. 51
9.3.3
Creating IP Groups .............................................................................................................. 52
9.3.4
Creating Database Users ..................................................................................................... 53
9.3.5
Creating Database User Groups .......................................................................................... 53
9.3.6
Creating Application Names................................................................................................ 54
9.3.7
Creating Application Groups ............................................................................................... 54
9.3.8
Creating a One-Time Schedule ............................................................................................ 55
9.3.9
Creating a Recurring Schedule ............................................................................................ 56

4

GreenSQL 2.5 User Guide
Introducing GreenSQL

9.3.10 Creating a Schedule Group ................................................................................................. 56
9.3.11 Creating a Table .................................................................................................................. 57
9.3.12 Creating a Tables Group ...................................................................................................... 58
9.4 Databases in GreenSQL ....................................................................................................... 58
9.4.1
Viewing Databases .............................................................................................................. 59
9.4.2
Creating a Database in GreenSQL ....................................................................................... 59
9.4.3
Editing a Database in GreenSQL.......................................................................................... 60
9.4.4
Disabling Databases ............................................................................................................ 61
9.4.5
Deleting Databases ............................................................................................................. 61
10
DATABASE ACTIVITY MONITORING ........................................................................................... 62
10.1
Activity Monitoring Rule Types ........................................................................................ 62
10.1.1 Enabling Database Logon/Logoff Auditing .......................................................................... 63
10.2
Creating an Administrative Activity Monitoring Rule........................................................ 63
10.3
Editing Activity Monitoring Rules ..................................................................................... 65
10.4
Viewing Activity Monitoring Events ................................................................................. 67
10.5
Setting Activity Monitoring Archive Rotation ................................................................... 68
10.6
Viewing Activity Monitoring Log Archives ........................................................................ 68
10.7
Auditable Objects and Commands ................................................................................... 68
10.7.1 MySQL Database ................................................................................................................. 68
10.7.2 PostgreSQL Database .......................................................................................................... 69
10.7.3 MS SQL ................................................................................................................................ 70
11
DYNAMIC DATA MASKING .............................................................................................................. 71
11.1
Creating a Data Masking Rule .......................................................................................... 71
11.2
Editing Data Masking Rules .............................................................................................. 75
11.3
Viewing Data Masking Events .......................................................................................... 77
11.4
Setting Data Masking Archive Rotation ............................................................................ 78
11.5
Viewing Data Masking Log Archives ................................................................................. 78
12
CACHING................................................................................................................................................ 79
12.1.1 Caching Hierarchy ............................................................................................................... 79
12.1.2 Viewing Caching Results...................................................................................................... 79
12.2
How GreenSQL Database Caching Works ......................................................................... 79
12.3
Setting Caching per Database........................................................................................... 80
12.4
Setting Caching Per Policy ................................................................................................ 80
12.5
Setting Caching Per Query ................................................................................................ 81
12.6
Setting System Caching .................................................................................................... 81
13
CONFIGURING THE SYSTEM ........................................................................................................... 82
13.1
Viewing System Information ............................................................................................ 82
13.2
Configuring General System Settings................................................................................ 83
13.3
Configuring Administrative Settings ................................................................................. 84
13.3.1 Creating a User .................................................................................................................... 84
13.3.2 Editing a User ...................................................................................................................... 84
13.3.3 User Profiles ........................................................................................................................ 84
13.3.4 Creating Profiles .................................................................................................................. 85

5

GreenSQL 2.5 User Guide
Introducing GreenSQL

13.3.5 Editing User Profiles ............................................................................................................ 85
13.3.6 Disabling User Profiles ........................................................................................................ 85
13.3.7 Deleting User Profiles.......................................................................................................... 85
13.4
Configuring Management Settings ................................................................................... 86
13.4.1 Managing Management Certificates................................................................................... 86
13.4.2 Uploading Management Certificates .................................................................................. 86
13.5
Maintaining GreenSQL ..................................................................................................... 87
13.5.1 Backing Up GreenSQL Settings ............................................................................................ 87
13.5.2 Restoring GreenSQL Settings .............................................................................................. 87
13.5.3 Activating the License ......................................................................................................... 88
13.5.4 Viewing License Information ............................................................................................... 88
13.5.5 Resetting GreenSQL to Default Settings ............................................................................. 88
13.5.6 Support ................................................................................................................................ 89
14
ALERTS .................................................................................................................................................. 90
14.1
Viewing Alerts ................................................................................................................. 90
14.2
Creating Alerts ................................................................................................................. 90
14.3
Editing Alerts ................................................................................................................... 92
14.4
Contacts .......................................................................................................................... 93
14.4.1 Creating Contacts ................................................................................................................ 93
14.4.2 Editing Contacts .................................................................................................................. 93
14.4.3 Disabling Contacts ............................................................................................................... 93
14.5
SMTP Servers ................................................................................................................... 94
14.5.1 Creating SMTP Servers ........................................................................................................ 94
14.5.2 Editing SMTP Servers .......................................................................................................... 95
14.5.3 Disabling SMTP Servers ....................................................................................................... 95
15
CONFIGURING AND MANAGING LOGS ......................................................................................... 96
15.1
Viewing Traffic Logs ......................................................................................................... 97
15.2
Viewing Intrusion Logs ..................................................................................................... 98
15.3
Viewing System Logs ........................................................................................................ 99
15.4
Viewing Caching Performance Logs ................................................................................ 100
15.5
Viewing Caching Efficiency Logs ..................................................................................... 100
15.6
Viewing a Log of the Most Popular Queries .................................................................... 101
15.7
Viewing the Archives Logs .............................................................................................. 101
15.8
Setting Logs Archive Rotation ........................................................................................ 102
15.9
Configuring Syslog Settings ............................................................................................ 102
16
REPORTS ............................................................................................................................................ 104
16.1
Creating a Report ........................................................................................................... 104
16.2
Editing Reports Definitions ............................................................................................ 106
16.3
Generating Reports ........................................................................................................ 108
16.4
Viewing Reports ............................................................................................................ 108
16.5
Saving Reports ............................................................................................................... 108
16.6
Deleting Generated Reports........................................................................................... 108
17
IMPLEMENTING HIGH AVAILABILITY ..................................................................................... 109

6

GreenSQL 2.5 User Guide
Introducing GreenSQL

17.1
Overview ....................................................................................................................... 109
17.2
Prerequisites.................................................................................................................. 109
17.2.1 Default Gateway Prerequisites ......................................................................................... 110
17.3
How High Availability Works .......................................................................................... 110
17.4
Viewing and Configuring High Availability ...................................................................... 111
17.4.1 Configuring Failover Policy ................................................................................................ 114
17.4.2 Running GreenSQL High Availability Services ................................................................... 114
17.4.3 Stopping GreenSQL High Availability ................................................................................ 116
17.4.4 Disabling GreenSQL High Availability ................................................................................ 116
18
INDEX .................................................................................................................................................. 118

7

GreenSQL 2.5 User Guide
Introducing GreenSQL

1

Introducing GreenSQL

GreenSQL is a family of unified database security solutions that provide ultimate protection for your
databases. To protect databases from internal and external threats, in real time, GreenSQL Unified
Database Security Solutions include the following features:








firewalls
separation of duties
database activity monitoring
SQL injection detection and protection
advanced activity monitoring
dynamic data masking
caching

The GreenSQL solution is a non-disruptive solution, is easy to install and configure, and provides
extensive management reporting and audit trails, without degrading responsiveness to users.

1.1

The GreenSQL Architecture

GreenSQL is installed as a front-end to databases and works as a reverse proxy, successfully hiding
and securing database content.
A variety of implementation options are available to you. You can install GreenSQL on a database
server, on a dedicated server protecting multiple databases, or on an application server. GreenSQL
also supports installation on virtual machines.
GreenSQL reviews and inspects both database queries and database responses making it the perfect
tool to secure, accelerate, audit and mask the sensitive information stored in your database.

8

GreenSQL 2.5 User Guide
Introducing GreenSQL

1.2

Software Specifications

1.2.1

Supported Databases

GreenSQL supports the following databases:





Microsoft SQL Server
Microsoft SQL Azure
MySQL
PostgreSQL

NOTE
GreenSQL is agnostic to the operating system on which your databases are running.

1.2.2

Operating Systems

GreenSQL supports both x64 and x86 installations.
GreenSQL can be installed on the following operating systems:



Windows Server 2003R2/2008/2008R2
Linux distributions - GreenSQL has been tested on CentOS, Ubuntu and Debian Linux
distributions

1.2.3

Supported Browsers

GreenSQL management runs on the following browsers:




Microsoft Internet Explorer
Mozilla Firefox
Google Chrome

Note that additional browsers are likely to be supported by GreenSQL.

1.3

GreenSQL’s Four Key Elements

Four key elements combine to protect your database systems:







Database Security - database firewalls (Query or Table based) and separation of duties. This
element covers detection, alerting and prevention of real-time intrusion risks, including SQL
injections.
Database Activity Monitoring - provides administrative and access activity monitoring up to the
database column level. Advanced activity monitoring includes before and after views of sensitive
database tables and columns, enabling you to independently monitor and analyze database
activity and receive alerts on unauthorized activities.
Dynamic Data Masking - sensitive data is masked in real-time to make sure that users are not
exposed to sensitive information.
Caching - improves database performance by automatically responding to SQL query from an
intermediate cache. Caching also protects your databases from SQL denial of service attacks.

9

GreenSQL 2.5 User Guide
Introducing GreenSQL

1.3.1

Database Security

GreenSQL deploys various security solutions to safeguard your databases. These include database
firewalls, separation of duties and SQL injection detection and prevention.
GreenSQL has also implemented PCI standards for enhanced security as follows:







Passwords must be a combination of English letters and numbers and be at least 8 characters
When entering an account for the first time, the password must be changed. This also applies to
the built-in Admin account.
For new users, additional accounts must be created and predefined permission profiles matching
the user's role must be attached
Backing up and restoring GreenSQL's configuration must be performed with a password
Accounts are timed out after a configurable session idle time, forcing the user to logon again.
Access to GreenSQL's management user interface must be done securely with HTTPS.

1.3.1.1

Database Firewall

A database firewall protects databases from attacks. GreenSQL provides three database firewall rule
types:





Learning Mode - automatically analyzes how applications access your databases and establishes
a baseline for typical database access patterns. This information can be used to create a security
policy.
Firewall - custom rules based on user-defined parameters, queries or tables.
Risk-Based IPS/IDS - rule-based implementation of a real-time intrusion detection system (IDS)
and intrusion prevention system (IPS) based upon actual risk to the database. The IDS engine
monitors data packets traversing the network and issues an alarm if it detects an SQL injection
attempt or an abnormal behavior. The IPS can actually stop malicious traffic such as SQL injection
attempts from invading the network. The combination of both solutions provides maximum
protection for your databases.

1.3.1.2

Separation of Duties

GreenSQL enforces access control through separation of duties policy, whereby, for example,
authorized users can perform administrative functions while other users can only access data.
GreenSQL's dynamic data masking feature enables you to mask sensitive fields in databases, hiding
the content from unauthorized users while allowing them to perform their role. In addition, accounts
with elevated privileges can be audited regularly to ensure they are not being misused.
1.3.1.3

SQL Injection Detection and Prevention

GreenSQL detects SQL injection attempts to your databases according to pre-defined and customized
rules. It also allows you to block these attempts and send alerts when such events occur.

1.3.2

Caching (Database Acceleration)

GreenSQL’s patented smart caching solution significantly increases database performance by
automatically responding to SQL query behavior patterns and change frequencies of stored data. The
caching policy is very granular and can be determined per proxy, database, table or query, and

10

GreenSQL 2.5 User Guide
Introducing GreenSQL

provides full control of caching behavior. Caching reduces bandwidth consumption, increases hit
ratios, and improves overall database efficiency. The performance improvement is due to the fact
that GreenSQL stores the results in an intermediate cache, reducing the amount of multiple database
access occurrences. Caching also protects your databases from SQL denial of service attacks.

1.3.3

Database Activity Monitoring (Auditing)

By independently monitoring and analyzing database activity, GreenSQL records every administrative
access and/or data access up to the database column level according to the policy you set. It also
alerts you on unauthorized activities. Its Advanced Activity Monitoring option provides a full audit of
all sensitive tables, including a "before and after" view of all changes made to the table or column,
and an indication as to who made them. This option ensures that companies comply with key
industry and government regulations, such as, Sarbanes-Oxley (SOX), the payment card industry data
security standard (PCI DSS), the Gramm-Leach-Bliley Act (GLBA), and Basel II.
GreenSQL’s activity monitoring policy is very granular, allowing you to set activity monitoring rules at
the column level.
Activity monitoring is sometimes referred to as auditing.

1.3.4

Dynamic Data Masking

GreenSQL’s data masking feature allows you to mask sensitive information from non-privileged users
or applications. The GreenSQL solution provides real-time data masking and ensures that database
users are not exposed to sensitive information. Masked data is generated in real time and is not
stored on the database, thereby preserving data integrity.

1.4

The GreenSQL Line of Products

GreenSQL offers a line of products utilizing different combinations of its solutions. For more
information, please refer to www.greensql.com http://www.greensql.com.

1.5

Concepts

A policy represents the database security perception of an organization. A policy is comprised of a set
of rules.
You can define the following types of rules:


Database Security Rules






Learning Mode - learns the behavior of how applications access your database and
automatically generates a custom rule for each database in accordance with its specific
behavior. You can decide to accept or reject the rules generated. You can also enable
intrusion detection or prevention during the learning mode process.
Database Firewall - lets create custom rules by specifying the type of the rule (query groups
or table-based), source IP address(es), database user(s), application name(s), schedule and
patterns, or conditions where a query will be blocked (with the required blocking behavior),
allowed, or monitored. You can also enable or disable caching and logging per rule.
Risk Based IPS/IDS - Monitors or blocks SQL injection attacks and/or queries according to a
preconfigured risk profile. If the IDS mode is selected, GreenSQL will monitor queries
detected as intrusions. If the IPS mode is selected, GreenSQL will block queries detected as
intrusions.

11

GreenSQL 2.5 User Guide
Introducing GreenSQL



Database Activity Monitoring




You can set rules to audit administrative commands as well as transactions on specific
databases and for queries originating from specific source IPs, users and applications.

Data Masking Rules


You can set rules to mask information on specific databases and for queries originating from
specific source IPs, users and applications.

GreenSQL will respond to breaches of policy in the manner defined by the relevant rule. The breach
will also cause an event to be recorded in the relevant log. To keep the events log to a usable size,
you can archive events logs.

1.5.1

Instance

It is possible to run more than one SQL Server service, on a given server. Each service has its own
ports, logins, and databases. Each of these services is actually an "instance" of SQL Server.

1.5.2

GreenSQL Proxy

A proxy server acts as an intermediary for requests from clients seeking resources from other
servers. A client connects to the proxy server, requesting some service, such as a file, connection,
web page, or other resource, available from a different server. The proxy server evaluates the
request according to its filtering rules. If the request is validated by the filter, the proxy provides the
resource by connecting to the relevant server and requesting the service on behalf of the client. A
proxy server may optionally alter the client's request or the server's response, and sometimes it may
serve the request without contacting the specified server. In this case, it 'caches' responses from the
remote server, and returns subsequent requests for the same content directly.
A reverse proxy is (usually) an Internet-facing proxy used as a front-end to control and protect access
to a server on a private network, commonly also performing tasks such as load-balancing,
authentication, decryption or caching. GreenSQL is used as a reverse proxy to the database. A proxy
is created to act as the front-end of an instance. Once the proxy is created, and an instance is
assigned to it, configure the clients to connect to the appropriate proxy, which subsequently relays
the queries to their destinations. You can then configure which rule to apply to each proxy or to each
database assigned to a proxy.
A GreenSQL Proxy is defined to serve an Instance.

1.5.3

Database

A database is a set of data items managed by an instance. Creating a database means that an object
is created in GreenSQL to which the administrator can apply a specific policy on queries directed to
that database. If a database is not created, a policy can be applied globally to all queries of a defined
proxy or to all queries, regardless of their destination. Creating a database in GreenSQL also allows
an additional configuration level of caching.

1.5.4

Objects

Objects are components to which a rule is applied. Rules can be applied to specific IP addresses,
database users, applications or time schedules. Rules can also be applied globally to any object or
based on a risk profile. You can also create groups of objects, according to the object type.

12

GreenSQL 2.5 User Guide
Introducing GreenSQL

1.6

Related Documents

Refer to the following documents for additional information:




GreenSQL Installation Guide (Windows, Linux Ubuntu and Linux Centos)
GreenSQL Best Practices
GreenSQL License Activation

Please see www.greensql.com http://www.greensql.com for additional available documents.

13

GreenSQL 2.5 User Guide
Activating and Configuring GreenSQL

2

Activating and Configuring GreenSQL

To launch GreenSQL after installation
1.

Enter the following address in your browser
https://<address>:5000, where address is the host name or IP address where you have installed
GreenSQL.

2.

Accept the SSL certificate, then click Start GreenSQL Securely.

3.

In the Product Activation window, enter your product key activation then click Continue.

4.

Using English characters only, enter a strong PCI-compliant password for GreenSQL’s
administrator account (admin). Click Change Password.

5.

In the Quick Connect window, click Connect to configure the database connections.

6.

In the Connect to Database window, set up the connection proxy and configure the system.
a.

Under Database Instance, configure the following parameters:
Connection Name

The logical name of the database instance connection.

Database Type

The database product (taken from a list of supported
databases).

Host/IP

Host name or IP address of the database instance.

Instance (optional)

The name of the database instance to connect to.
This option is only available for the MS-SQL database type.
If selected, you can choose to configure either the Instance
or Port parameters.

Port

The port used to connect to the instance.

Connect To Database The default database, within the database instance, that
GreenSQL will automatically connect to.
b.

Under Instance Logon Credentials, configure the following mandatory parameters. The
Instance Logon Credentials should be a privileged database login (such as sa in SQL Server or
root in MySQL):
User Name

User name used to log on to database instance.

Password

Password used to log on to database instance.

14

GreenSQL 2.5 User Guide
Activating and Configuring GreenSQL

c.

Under GreenSQL Proxy, configure the following parameters:
Proxy Name

A logical name representing the proxy. This name is used
when creating a database and policies and logically
attaching the proxy to the database.

Host/IP

The Host name or IP address of any GreenSQL server
network interface cards (NICs) that are exposed to the
clients.
NOTE
0.0.0.0 will open the proxy port to traffic on any Network
Interface Card.

Port

The port on the proxy server through which clients
connect to the proxy (relays communications to the
database).

Use Defaults

Select this check box if you want GreenSQL to
automatically fill in the Proxy information.

7.

Click Check Connection.
If you experience a connection problem, check connectivity to GreenSQL and the database
machine.
If connectivity is ok, check the user's credentials.
You will not be able to connect to the database if you do not check the connection.

8.

Click Continue.

9.

In the Secure your applications with GreenSQL window, click Finish.
Change the connection strings in your applications according to the parameters you configured
for GreenSQL. If you configured GreenSQL Proxy to listen on 0.0.0.0 (all interfaces), or with a
host name and the port number, GreenSQL will display a list of IP addresses in the Quick Connect
dialog box.

15

GreenSQL 2.5 User Guide
Getting to Know GreenSQL’s Interface

3

Getting to Know GreenSQL’s Interface

The main areas of the GreenSQL user interface are described below.


The Task Bar lets you perform tasks from anywhere in GreenSQL by clicking the required item as
follows:






Registered - lets you view the License Information. See Viewing License Information on
page 88.
Quick Connect - lets you configure GreenSQL connections, and provides quick links to create
or change different policies. See Configuring Basic GreenSQL Options through Quick
Connect on page 31
Help - lets you view the Help according to where you are in the application.
Logoff - lets you exit GreenSQL.

In addition, the task bar displays critical system messages as they occur.







The Main Menu lets you navigate between the main functional areas of GreenSQL.
The Context Menu lets you access additional menus, based on the function you selected on the
Main Menu. For example, if you chose the Data Masking option, the Context Menu will show you
the functions that are related to the Data Masking function. You can close the Context Menu by
clicking Hide.
The Command Bar lets you create new items or objects for the selected function, customize the
view by selecting which Workspace columns to view or by creating a filter, and reorder the rules
in the policy view.
The information displayed in the Workspace lets you perform different tasks and view
information such as logs.

16

GreenSQL 2.5 User Guide
Getting to Know GreenSQL’s Interface



The Status Bar displays the name of the user currently logged on.

17

GreenSQL 2.5 User Guide
Getting to Know GreenSQL’s Interface

3.1

The Main Menu

The section describes the main functions available with GreenSQL.
Dashboard

Shows a quick overview of the various areas of your system.

Database Security

Allows you to manage database firewall and risk (Intrusion Detection or
Prevention) policy.

Activity Monitoring

Allows you to manage your database activity monitoring policy and view
audit logs of database access, logon/logoff and administrative commands.
The advanced activity monitoring function provides a "before and after"
view of any changes made to sensitive tables.

Data Masking

Allows you to manage your data masking policy and view data masking
events.

Logs

Allows you to view and configure traffic, intrusion, system, caching, and
top-used queries detection logs. It also allows you to configure and
manage the log archives.

Databases

Allows you to define and modify GreenSQL settings for Instances, Proxies
and databases.

Alerts

Allows you to manage alerts, recipients and alerts settings.

Reports

Allows you to define, generate, view and export reports, including
statistics of database activity.

System

Allows you to set up global system settings and maintenance options for
the GreenSQL system.

18

GreenSQL 2.5 User Guide
Getting to Know GreenSQL’s Interface

3.2

The Workspace

For most items (such as rules, events and logs) in the workspace, you can perform the tasks
described in this section.









Editing Items on page 19
Disabling Items on page 20
Deleting Items on page 20
Sorting Items on page 20
Customizing views on page 21
Filtering on page 21
Switching between Global and Database Views on page 21
Reordering Rules on page 22

3.2.1

Editing Items

To edit items such as rules, objects, and databases in the Workspace
Click

at the end of the row.

19

GreenSQL 2.5 User Guide
Getting to Know GreenSQL’s Interface

3.2.2

Disabling Items

To disable items such as rules, objects, and databases from the Workspace
1.

In the Workspace, locate the item you want to disable.

2.

In the Active column, clear the check box.

To disable rules (additional method)
1.

In the Workspace, locate the rule you want to disable and click

2.

Select the Disable Rule check box.

3.

Click Update.

3.2.3

.

Deleting Items

To remove items such as rules, objects, and databases from the Workspace
Click

at the end of the row.

To remove individual items such as events and logs from the Workspace
1.

Select check box next to one or more items IDs that you want to remove.

2.

On the Command Bar, click Delete Items.

To remove all items such as events and logs from the current Workspace
1.

On the Command Bar, click Select All.

2.

On the Command Bar, click Delete Items.

3.2.4

Sorting Items

To sort items in the Workspace
1.

Click any underlined column heading. An arrow appears next to the heading to indicate that the
list is being sorted by that column.

2.

Click the same heading again to change the sort order.

20

GreenSQL 2.5 User Guide
Getting to Know GreenSQL’s Interface

3.2.5

Customizing views

To configure which columns are displayed in the Workspace
1.

On the Command Bar, click Customize.

2.

Select the check box next to the item you want to display. Up to 10 columns can be displayed.

To configure how many items are listed per page


At the bottom right of the Workspace, click the Per Page list and select a number.

3.2.6

Filtering

You can focus on items occurring between a specific time frame, and which fall into a particular
category, by filtering the information in the Filter dialog. The Filter option is available for Logs,
Activity Monitoring, and Data Masking functions.

21

GreenSQL 2.5 User Guide
Getting to Know GreenSQL’s Interface

3.2.7

Switching between Global and Database Views

You can select from two view options in the Database Security Workspace within the context of the
Policy option:



Global - allows you to view database security rules from all databases and change the order in
which rules are applied (see Reordering Rules on page 22).
Per Database - easily locate rules affecting a designated database, especially when multiple rules
are defined. You cannot change the order in which rules are applied in this view.

To switch views


On the Command Bar, click the View list and select the required view.

3.2.8

Reordering Rules

GreenSQL enables you to set the order in which to apply rules. The higher the rule appears in the
table, the higher its priority.
To Reorder Rules
1.

On the Main Menu, click Database Security.

2.

In the View list, click Global.

3.

On the Command Bar, click Reorder.

4.

In the Workspace, drag a rule to the desired location (up or down) in the policy list.

5.

Click Save Reorder.
NOTE
Reorder and Save Reorder are only displayed in Global view and not in Per Database view.

22

GreenSQL 2.5 User Guide
Using the Dashboard

4

Using the Dashboard

The dashboard provides a birds-eye view of the current status of your system. The data is displayed
in widgets which are small windows of information. You can easily remove or add widgets to the
dashboard, or change the order in which widgets are displayed.
The following widgets may be displayed on the dashboard:











Most Popular Queries - a graph displaying the most used queries. Every bar on the graph
represents a different query. Clicking on the bar allows you to drill down to a specific query and
observe additional information on the query you selected.
Latest Intrusion Attempts - displays a list of the latest intrusion attempts and the IP address that
they originated from.
System Information - provides general system information, logs and license information.
Instances - displays the names of the databases that are being monitored, in addition to their
corresponding type and proxy.
Proxies - displays a list of the configured proxies and the databases they are connected to.
Caching Performance - displays the top five query patterns and statistics on their average
response time.
High Availability Status - displays the high availability mode and status of the system. See How
High Availability Works (on page 110).
Latest Masking Events - lists the latest data masking events and the dates when they occurred.
Database caching efficiency - shows the caching efficiency of each database

4.1

Adding or Removing Widgets

To add a widget to the dashboard
1.

In the Task Bar, move the mouse over Add/Remove Widget to display the list of available
widgets.

2.

Select the check box for the widget you want to display.

To remove a widget from the dashboard


Do one of the following:



In the Task Bar, move the mouse over Add/Remove Widget to display the list of available
widgets and clear the check box for the widget you want to remove.
Click the ‘x’ in the upper right corner of the widget you want to remove.

To update the information displayed in a widget


Click the refresh icon displayed in the upper right corner of the widget you want to update.

23

GreenSQL 2.5 User Guide
Using the Dashboard

4.2


Changing the Dashboard Layout

You can determine the order in which information is displayed on the dashboard by selecting and
dragging a widget to a different location.

24

GreenSQL 2.5 User Guide
Configuring the Basics

5

Configuring the Basics

When installing GreenSQL, a wizard guides you through the basic configuration, but it can also be
modified later as required.
The basic configuration consists of the following tasks:




Activating GreenSQL on page 25
Instances in GreenSQL (on page 25)
Creating Proxies on page 28

5.1

Activating GreenSQL

To run GreenSQL, a valid license must be installed. If a license has expired or has not been installed,
the GreenSQL proxies will be inactive and the connection to databases will not be available through
GreenSQL. You can configure most parameters in the system and activate GreenSQL at a later date.
To activate GreenSQL
1.

On the Main Menu, click System.

2.

On the Context Menu, click License.

3.

In the text box, enter the serial number sent to you by e-mail when you registered.

4.

Click Update. The message "Waiting for confirmation from the GreenSQL service is displayed"
until the license is activated. If the process is taking too long (more than 10 minutes), check that
all GreenSQL services are running (Windows and Linux). See Configuring the System (on page
82).

NOTE
If GreenSQL is installed in an offline environment (not connected to the Internet), refer to the offline
license activation instructions located in the GreenSQL License Activation document.

25

GreenSQL 2.5 User Guide
Configuring the Basics

5.2

Instances in GreenSQL

You must define an instance in GreenSQL before a proxy can be assigned as a front-end to the
database server.

5.2.1

Creating an Instance

To Create an Instance
1.

On the Main Menu, click Databases.

2.

On the Context Menu, click Instances.

3.

On the Command Bar, click Create New.

4.

Set the options as required (see table below):

5.

Connection Name

The logical name of the database instance connection.

Database Type

The database product (taken from a list of supported
databases).

Host/IP

Host name or IP address of the database instance.

Port

The port used to connect to the instance.

User Name

User name used to log on to database instance.

Password

Password used to log on to database instance.

Connect to Database

The default database, within the database instance, that
GreenSQL will automatically connect to.

Click Check Connection.
You must check the connection to the Instance. You cannot create the Instance until the
connection is verified.

6.

Click Create.

26

GreenSQL 2.5 User Guide
Configuring the Basics

5.2.2

Editing Instances

To edit an item
1.

Set the options as required (see table below) and click Update.
Connection Name

The logical name of the database instance connection.

Database Type

The database product (taken from a list of supported databases).

Host/IP

Host name or IP address of the database instance.

Port

The port used to connect to the instance.

User Name

User name used to log on to database instance.

Password

Password used to log on to database instance.

Connect to Database

The default database, within the database instance, that
GreenSQL will automatically connect to.

You will be prompted to check the connection to verify credentials. If the system fails to verify the
connection, it will display the reason that the connection failed, or will display a message stating that
the connection failed. Check if you entered the connection details properly and then check the
connection again.

5.2.3

Disabling Instances

To disable an instance from the Workspace
1.

In the Workspace, locate the instance you want to disable.

2.

In the Active column, clear the check box.

NOTE
If there are active Proxies associated with the Instance, and there are active database connections
using the Proxy, these connections will be terminated.

5.2.4

Deleting Instances

NOTE
Warnings may be displayed if you cannot delete the database, such as due to associated proxies.
See Deleting Items on page 20.

27

GreenSQL 2.5 User Guide
Configuring the Basics

5.3

Proxies in GreenSQL

A proxy is used to relay all queries to the instance. A query directed to a front-end IP address and
port of the GreenSQL server is relayed to the original IP address and port of the database or instance.
Such queries are monitored or intercepted by GreenSQL before reaching the database or instance as
soon as a rule is created (See Creating a Database Security Rule on page 35).
NOTE
GreenSQL is preconfigured with a default policy which allows all queries. If this policy is removed or
disabled, all queries will be denied, due to the nature of GreenSQL to block all traffic by default.
Configuring a proxy and a database will not forward the traffic to your backend Database without a
policy.

5.3.1

Creating Proxies

To Create a Proxy
1.

On the Main Menu, click Databases.

2.

On the Context Menu, click Proxies.

3.

On the Command Bar, click Create New.

4.

Set the options as required (see table below), then click Create.
Proxy name

A name representing this proxy. This name is then used when
creating a database and policies and logically attaching the
proxy to the database.

Host/IP

The IP address of any GreenSQL server network interface cards
(NICs) which are exposed to the clients.
NOTE
Using the address 0.0.0.0 will open the proxy port to traffic on
any Network Interface Card.

Proxy port

The port on the proxy server through which clients connect to
the proxy (which relays the communications to the database).

Primary Instance

The primary database instance as defined in GreenSQL.

Enable fallback

When the primary instance is down or not responding, a fallback
to a defined secondary instance occurs after the defined number
of retries.

Secondary instance

The secondary database server.

Retries

The number of times the proxy will try to connect to the primary
server before switching to the secondary database server.

28

GreenSQL 2.5 User Guide
Configuring the Basics

5.3.2

Editing Proxies

To edit an item
1.

Set the options as required (see table below) and click Update.
Proxy name

A name representing this proxy. This name is then used when
creating a database and policies and logically attaching the proxy
to the database.

Host/IP

The IP address of any GreenSQL server network interface cards
(NICs) which are exposed to the clients.
NOTE
Using the address 0.0.0.0 will open the proxy port to traffic on any
Network Interface Card.

Proxy port

The port on the proxy server through which clients connect to the
proxy (which relays the communications to the database).

Primary Instance

The primary database instance as defined in GreenSQL.

Enable fallback

When the primary instance is down or not responding, a fallback
to a defined secondary instance occurs after the defined number
of retries.

Secondary instance

The secondary database server.

Retries

The number of times the proxy will try to connect to the primary
server before switching to the secondary database server.

29

GreenSQL 2.5 User Guide
Configuring the Basics

5.3.3

Disabling Proxies

To disable Proxies from the Workspace
1.

In the Workspace, locate the Proxy you want to disable.

2.

In the Active column, clear the check box.

NOTE
If there are active database connections using the Proxy, these connections will be terminated.

5.3.4

Deleting Proxies

NOTE
Warnings may be displayed if you cannot delete the Proxy, such as due to associated databases.
See Deleting Items on page 20.

30

GreenSQL 2.5 User Guide
Configuring Basic GreenSQL Options through Quick Connect

6

Configuring Basic GreenSQL Options through Quick
Connect

The Quick Connect menu lets you easily access the following options:





Connect - determine how to connect to a database. See Connecting to a Database on page 32.
Protect - to protect your data by configuring the Firewall policy. See Defining a Basic Policy on
page 35.
Mask - to mask sensitive data through the Data Masking policy. See Dynamic Data Masking on
page 71.
Audit - to configure how sensitive data is accessed by configuring the Activity Monitoring policy.
See Database Activity Monitoring on page 62.

31

GreenSQL 2.5 User Guide
Connecting to a Database

7

Connecting to a Database

To configure how to connect to a database
1.

In the Task Bar, click on Quick Connect.

2.

In the Quick Connect window, click Connect to configure the database connections.

3.

In the Connect to Database window, set up the connection proxy and configure the system.
a.

Under Database Instance, configure the following parameters:
Connection Name

The logical name of the database instance connection.

Database Type

The database vendor type (taken from a list of supported
databases).

Host/IP

Host name or IP address of the database instance.

Instance (optional)

The name of the database instance to connect to.
This option is only available for the MS-SQL database type.
When this option is available, you can choose to configure
either the Instance or Port parameters.

Port

The port used to connect to the instance.
When an instance name is configured, GreenSQL uses the
SQL Server Browser service to locate the port.

Connect to Database
b.

The default database, within the database instance, that
GreenSQL will automatically connect to.

Under Instance Logon Credentials, configure the following parameters (these parameters
are mandatory). The Instance Logon Credentials should be a privileged database login (such
as dbo in SQL Server or root in MySQL):
User Name

User name used to log on to database instance.

Password

Password used to log on to database instance.

32

GreenSQL 2.5 User Guide
Connecting to a Database

c.

Under GreenSQL Proxy, configure the following parameters:
Proxy Name

A logical name representing the proxy. This name is used
when creating a database and policies and logically
attaching the proxy to the database.

Host/IP

The Host name or IP address of any GreenSQL server
network interface cards (NICs) that are exposed to the
clients.
Note
0.0.0.0 will open the proxy port to traffic on any Network
Interface Card.

4.

Port

The port on the proxy server through which clients
connect to the proxy (relays communications to the
database).

Use Defaults

Select this check box if you want GreenSQL to
automatically fill in the Proxy information.

Click Check Connection.
You must check the connection. If you don't check the connection, you will not be able to
connect to the database.

5.

Click Continue.

6.

In the Secure your applications with GreenSQL window, click Finish.
Change the connection strings in your applications according to the parameters you configured
for GreenSQL. If you configured GreenSQL Proxy to listen on 0.0.0.0 (all interfaces), or with a host
name and the port number, GreenSQL will display a list of IP addresses.

33

GreenSQL 2.5 User Guide
Certificates and SSL Support

8

Certificates and SSL Support

GreenSQL supports Secured Sockets Layer (SSL) connections to the databases it serves. SSL encrypts
the segments of network connections above the transport layer, using asymmetric cryptography for
privacy and a keyed message authentication code for message reliability.
GreenSQL uses the server’s certificate for encryption/decryption purposes for viewing the data
transmissions between the clients and the database, but without changing it. GreenSQL supports
most of the industry common ciphers.
IMPORTANT
If an instance supports connections using both SSL and non-SSL, you must define two instances to
support this configuration. The IP address and port combination must be different in this case
between the two instances.
Enabling SSL through a certificate affects the following features:







Caching - unavailable
Data Masking - unavailable
Secondary Instance- unavailable
High Availability - unavailable
Query Blocking Actions - only close connection is available
Global Error - only Original Error Response is available

34

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9

Defining Your Security Policy (Advanced Options)

This section describes the policy feature, the core of GreenSQL’s ability to provide constant
protection to databases.
GreenSQL enables organizations to define their own security policy using the GreenSQL Policy
function. Should there be a breach of a policy, you may elect to be immediately alerted (see Creating
Alerts on page 90). The system will respond to a breach in the manner defined by the relevant
enacted policy.
A policy represents the database security perception of an organization. A policy is comprised of a set
of rules.
GreenSQL enables you to define three types of rules:






Learning Mode – GreenSQL Policy has an automated Learning Mode which learns the queries and
transforms the information into a database firewall rule once the defined learning duration has
ended. You can accept or reject the database security rules that are generated. Learning Mode
reduces the operational overhead required to implement a secure and reliable policy for access
to your database.
Database Firewall – this rule type enables you to manually configure a policy and create custom
rules by creating Query Groups which consist of patterns to be monitored, allowed or blocked
and/or creating Table Based rules which consist of database tables to be monitored, allowed or
blocked.
Risk Based – IPS/IDS – this rule type enables you to apply an Intrusion Prevention System (IPS) or
Intrusion Detection System (IDS) policy based on anomaly detection and preconfigured signature
detection according to a risk profile (see Using Risk Profiles on page 41).

9.1

Defining a Basic Policy

This section describes how to define a basic security policy by creating rules in GreenSQL. See
Creating a Database Security Rule on page 35.

9.1.1

Creating a Database Security Rule

Before creating a rule, the following steps are recommended:







Create policy objects to apply a policy to queries originating from a specific IP address, database
user, application or time schedule (see Creating Policy Objects on page 50).
If a Learning Mode or an IPS / IDS rule is created, a Risk Profile can be created in advance (see
Using Risk Profiles on page 41). GreenSQL supports any combination of SQL injection detection
and/or Risk Profile.
If a Database Firewall policy is created, an existing Query Group or Table can be selected or
created manually (see Creating Query Groups on page 43 and Creating a Table (on page 57)), or
by using a Query Group or Table previously created by a Learning Mode policy.
GreenSQL's policy engine scans defined rules for an exact match. When the engine finds the first
matching rule, it stops scanning for additional rules. Therefore it is good practice to first define
rules that block access, and then define rules that enable access. To change the order in which
rules are applied, see Reordering Rules on page 22.

35

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

To Create a Rule:
1.

On the Main Menu, click Database Security.

2.

On the Command Bar, click Create New.

3.

In the Rule Type list, click the type of rule you want to create.

4.

In the Database list, click the database(s) to apply the rule to, or All Databases.

5.

In the Proxy list, click a proxy or proxies to apply the rule to, or All Proxies.

6.

If you are creating a Database Firewall rule, in the Firewall Type list, click the firewall type. For
details, see Database Firewall Rule Options on page 37.

7.

(Optional) In Source IP, Database User and Application Name, select whether to apply the rule
only to queries originating from specific source IPs, database users and applications. To create
these objects, see Creating Policy Objects on page 50.

8.

(Optional) In Schedule, select whether to apply the rule only to queries sent during specific
times. To create a schedule, see Creating a One-Time Schedule on page 55.

9.

According to the Rule Type you selected, options differ. For details, see the relevant section:




Learning Mode Rule Options on page 36
Database Firewall Rule Options on page 37
Risk-Based IPS/IDS Rule Options on page 39

10. Click Create.
9.1.1.1

Learning Mode Rule Options

GreenSQL offers a mechanism that learns database activity behavior over a defined time period and
generates groups of query patterns to be used as the rules of a Database Firewall policy.
There are two methods for using the Learning Mode Rule:




Applying the Learning Mode Rule in a risk-free environment – GreenSQL will record all queries,
which are valid queries, and create a group of patterns (Query Group). This group can then be
used as the valid pattern rules of a Firewall Policy (Whitelist) or as a group of patterns that are
not allowed (Blacklist).
Applying the Learning Mode Rule in a production environment – GreenSQL will record all queries
while applying an IPS or IDS as well as an SQL injection detecting system. This will enable
GreenSQL to create a Query Group while monitoring or blocking intrusion attempts.

36

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

To create a rule, see Creating a Database Security Rule on page 35. See the following table for
Learning Mode Rule options:
Query Group

Select an existing Query Group to be populated with additional learned
patterns.
You can click New to create an empty Query Group to be populated with
the learned patterns. This opens the Create New Group window. Type a
name for the Query Group and pick a color for the appearance of this
group, if desired.

Learning Duration

Select the duration for learning database behavior.

Comment

Enter free text as needed.

Disable Rule

Select the check box to disable the rule.

9.1.1.2

Database Firewall Rule Options

In the Firewall Type list, click one of the following firewall types:



Query Groups – applies a database security rule to a query group you created or was created by
a learning mode rule.
Table Based – applies a database security rule to a specific table in a specific database or any
table.

The following tables describe the rule options according to Firewall Type.
For Query Groups type rules
Query Groups

Click one of the following:


Any Query – apply the rule to any query, according to the Source IP,
Database User, Application Name and Schedule values you have
defined.



Select a Query Group – apply the rule to existing queries. The values
defined in Source IP, Database User, Application Name and Schedule,
in addition to the Query Group, are applied.

To create Query Groups, see Creating Query Groups on page 43.
Action

Click one of the following:


Allow - queries which match firewall rule are allowed



Block - queries which match the firewall rule are blocked

37

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

Blocking Action

If Blocking is selected in the Action list, select one of the following:


Empty Result Set



Close SQL Connection



Generate SQL Error

Logging

Write blocked queries to the Traffic log. See Viewing Traffic Logs on page
97.

Alerts (SMTP)

Send an alert each time the rule is activated according to the parameters
defined in Alerts. See Alerts on page 90.

Syslog

Send a message to a Syslog server each time the rule is activated. See
Configuring Syslog Settings (on page 102).

Caching

Enables caching of the returned data of accepted queries according to the
parameters defined in Caching. See Caching on page 79.

Comment

Enter free text as needed.

Disable Rule

Select the check box to disable the rule.

For Table Based type rules
Table

Click one of the following:


Any Table – apply the rule to any table, according to the Source IP,
Database User, Application Name and Schedule values you have
defined.



Select a Table – apply the rule to an existing table. Apply the rule to
any query, according to the Source IP, Database User, Application
Name and Schedule values you have defined.

Click New to create a new Table. See Creating a Table (on page 57).
Action

Click one of the following:


Allow - select which query types to allow by selecting the check boxes.



Blocking - in Blocking Action, click a response to the blocked query

38

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

Blocking Action

If Blocking is selected in the Action list, select one of the following:


Empty Result Set



Close SQL Connection



Generate SQL Error

Logging

Select whether blocked queries are written to the Traffic log or not. See
Viewing Traffic Logs on page 97.

Alerts (SMTP)

An alert is sent each time the rule is activated according to the parameters
defined in Alerts. See Alerts on page 90.

Syslog

A message is sent to a Syslog server each time the rule is activated. See
Configuring Syslog Settings (on page 102).

Caching

Enables caching of the returned data of accepted queries according to the
parameters defined in Caching. See Caching on page 79.

Comment

Enter free text as needed.

Disable Rule

Select the check box to disable the rule.

39

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.1.1.3

Risk-Based IPS/IDS Rule Options

The Risk-Based IPS/IDS rules are intended either for monitoring SQL injection attempts and queries
with risk potential (IDS) or for blocking them (IPS). For details about the process of selecting the
queries to be monitored or blocked, see Creating Risk Profiles on page 42.
Once a Risk Profile is created, a risk-based rule can be created.
Mode

Risk Profile

Click one of the following tasks to be performed simultaneously with SQL
injection detection:


Active Protection – IPS - applies an Intrusion Prevention System and
blocks queries which match an existing risk profile (see Creating Risk
Profiles on page 42).



Monitoring – IDS - applies an existing Risk Profile and/or an Intrusion
Detection System and monitors queries (see Creating Risk Profiles on
page 42).

For:


Active Protection - IPS - click an existing Risk Profile that determines
which actions to block.



Monitoring - IDS - click an existing Risk Profile that determines which
actions to monitor.

SQL Injection Detection For:


Active Protection - IPS - enables blocking of SQL injection attempts.



Monitoring - IDS - enables detection of SQL injection attempts.

The detection of SQL injection attempts is based on GreenSQL’s built-in
detection system. Select to create injection patterns that detect SQL
injection attempts. See Injection Patterns (on page 45).
Action

Blocking Action

The action to be taken by the rule:


Active Protection – IPS, the action will always be Blocking.



Monitoring – IDS, the action will always be Allow.

If Active Protection - IPS is selected in the Mode list, select one of the
following:


Empty Result Set



Close SQL Connection



Generate SQL Error

40

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

Logging

Write blocked queries to the Intrusion events log. See Viewing Intrusion
Logs on page 97.

Alerts (SMTP)

Send an alert each time the rule is activated according to the parameters
defined in Alerts. See Alerts on page 90.

Syslog

Send a message to a Syslog server each time the rule is activated. See
Configuring Syslog Settings (on page 102).

Comment

Enter free text as needed.

9.1.2

Viewing the Database Security Policy

To view the list of database security rules


On the Main Menu, click Database Security.

9.1.3

Editing Database Security Rules

To edit a Database Security Rule


See Learning Mode Rule Options on page 36, Database Firewall Rule Options on page 37 or
Risk-Based IPS/IDS Rule Options on page 39, according to the type of rule you are editing.

9.2

Defining Advanced Options for a Policy

This section describes how to define advanced options for security rules in GreenSQL. Options
include:





Using Risk Profiles on page 41
Using Query Groups on page 43
Using Regular Expression Patterns (on page 45)
Using Learned Patterns (on page 48)

9.2.1

Using Risk Profiles

When creating an IPS / IDS policy, it is recommended that a Risk Profile be created as a basis for
identifying threats. You can define a Risk Profile for specific types of threats. For example, a risk
profile can identify all MySQL database modification attempts.
Risk Profiles consist of groups of actions (Risk Groups). Each group describes a different risk. For
example, the group "MySQL change DB object" consists of the queries ALTER table, RENAME table,
and ALTER view. These are queries that change MySQL database objects.
Risk Profiles include two types of settings:



Action Behavior – the action to perform for each group of queries
Logging Behavior – the log settings for each group of queries

41

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

When creating a Risk Profile you have the option of using Basic Mode or Advanced Mode. In Basic
Mode you can create definitions for server, security and database objects. Additionally, in the
Advanced Mode, you can view and specify different behaviors for each action in the group by clicking
the Risk Group in the table.
9.2.1.1

Creating Risk Profiles

To Create a Risk Profile
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Risk Profiles.

3.

On the Command Bar, click Create New.

4.

In the Workspace, enter a name and description for the Risk Profile.

5.

On the Database Type list, click a database type.

6.

The Workspace opens in Basic Mode. Click Advanced Mode to display advanced commands.

7.

In the Action Behavior columns, select one of the following commands for each group:






8.

In the Logging Behavior columns, select one of the following commands for each group:





9.

Allow – allow all actions of this group.
Blocking – deny all actions of this group.
Ignore – ignore all actions of this group. This option saves resources by not processing the
queries.
Custom – allows you to specify different behavior for each action in the group, if you select
Advanced Mode. To view each action in the group and specify its behavior, use the
Advanced Mode.
Default – uses the default action configured in the IPS or IDS policy.
Enable – enable logging for all actions of this group.
Disable – disable logging for all actions of this group.
Custom – allows you to specify different logging behavior for each action in the group, if you
select Advanced Mode. To view each action in the group and specify its logging behavior,
use the Advanced Mode.
Default – uses the default log behavior configured in the IPS or IDS policy.

Click Create.

9.2.1.2

Editing Risk Profiles

To edit a risk profile


Set the options as detailed in Creating Risk Profiles on page 42.

9.2.1.3

Deleting Risk Profiles

NOTE
If a risk profile is associated with an existing rule, you will not be able to delete it. Disassociate the
profile from the rule and then repeat the steps here (see Creating a Database Security Rule on page
35).

42

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.2.2

Using Query Groups

You can define a SQL statement as a pattern that can be a member of a query group for use as an
option in database security rules.
For example, you can define a pattern that selects all personnel defined as executive managers in an
HR database, and then block any queries that match the pattern.
Patterns must belong to query group to be used in a rule. Query groups can be created using either
of the two methods below:



Automatically - by creating a Learning Mode type rule and defining which query group will be
populated with the learned query patterns. See Creating a Database Security Rule on page 35.
Manually - by creating individual query group and assign existing query patterns to them.

NOTE
Three query groups are included with GreenSQL to easily classify query patterns as normal patterns if
they are detected as injection patterns. These groups are:




Default Allowed MS-SQL Queries Group
Default Allowed MySQL Queries Group
Default Allowed PostgreSQL Queries Group

9.2.2.1

Creating Query Groups

To create a Query Group
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Query Groups and select Groups.

3.

On the Command Bar, click Create New.

4.

Set the options as required (see table below), then click Create.
Name

The name of the Query Group

Color

The color the group appears in the Query Groups list.

Available Members

Available members are either existing patterns (learned or
injection) or Query Groups. Add or remove Available Members
to/from Current Members by clicking the member and clicking
Add or Remove.
Alternatively, the new query group can be populated when a
Learning Mode Rule is applied.

43

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

Database Type

Although queries appear in a specific Database Type format,
you can modify the Database Type field. Selecting a different
Database Type will change the options available in the
following fields. Selecting a Database Type will make the
Query Group available only in rules that use this Database
Type.

Proxy

The Query Group is available for use only in rules using this
proxy or all proxies.

Database

The Query Group is available for use only in rules using this
database or all databases.

9.2.2.2

Editing Query Groups

To edit an item
1.

Set the options as required (see table below) and click Update.
Name

The name of the Query Group

Color

The color the group appears in the Query Groups list.

Available Members

Available members are either existing patterns (learned or
injection) or Query Groups. Add or remove Available Members
to/from Current Members by clicking the member and clicking
Add or Remove.
Alternatively, the new query group can be populated when a
Learning Mode Rule is applied.

Database Type

Although queries appear in a specific Database Type format,
you can modify the Database Type field. Selecting a different
Database Type will change the options available in the
following fields. Selecting a Database Type will make the
Query Group available only in rules that use this Database
Type.

Proxy

The Query Group is available for use only in rules using this
proxy or all proxies.

Database

The Query Group is available for use only in rules using this
database or all databases.

44

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.2.2.3

Injection Patterns

GreenSQL identifies malicious attacks by comparing every query’s structure with its continuously
updated signature bank of known attacks. Suspected attacks are automatically defined as a injection
pattern (which is essentially an SQL statement). Injection patterns must belong to a query group to
be used in a rule.
False positive injection patterns can be associated to a query group for use in a whitelist rule that
does not block legitimate traffic.
GreenSQL provides a Risk-Based IDS rule that automatically creates injection patterns for suspicious
SQLs (see Risk-Based IPS/IDS Rule Options on page 39.
To associate injection patterns with query groups, see Creating Query Groups (on page 43).

9.2.3

Using Regular Expression Patterns

A regular expression (Regex) provides a concise and flexible way to "match" (specify and recognize)
strings of text, such as particular characters, words, or patterns of characters. A regular expression
pattern is an object containing the following fields:



Name
Regular expression definition string

Regular expression patterns can be created manually or by clicking on the Transform into Regular
Expression in the Learned Patterns or Injection Patterns windows.
In this case, a new pattern is created. The original learned pattern is not affected.
NOTE
The match process of learned patterns is more efficient than using the match process of regular
expressions (may affect performance).
Regex Flags
The following Regex flags are used:





PCRE_DOTALL
PCRE_CASELESS
PCRE_NEWLINE_ANY
PCRE_UTF8

Regex Anchors
Regex expressions are tested on entire SQL strings. GreenSQL automatically adds a ^ anchor to the
beginning of a string, and a $ anchor to the end of a string, if these anchors are missing. These
anchors match a position before or after the characters.
Anchors are used to "anchor" the regex match at a certain position. The ^ anchor matches the
position before the first character in the string. The $ anchor, matches the position after the last
character in the string. For example, the use of anchors prevents strings containing a digit matched
to a pattern with a \d definition, from being accepted. If you want to catch all the strings containing a
digit, use the following parameters: .*\d.*

45

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

The use of anchors means that:




.* catches all strings
Empty regex expressions catch no strings at all
The expression: select x from y\w* catches select x from y123 but not select AB from CD where
H in (select x from y123)

How whitespaces are treated
Whitespaces are normalized when testing for a match.
For example:
word1\s+word2
returns the same result as
word1 word2 (with any number of spaces between the two strings).
SQL Comments
SQL comments are ignored when matching SQL statements to regex templates. The syntax of SQL
comments differs, depending on the type of database you are using.
Stored Procedures
Regular expressions are matched with the contents of stored procedures.
For example: EXEC SP_DEMO matches any string beginning with EXEC SP_DEMO.
9.2.3.1

Creating a Regular Expression Query Pattern

This procedure describes how to create regular expressions for SQL statements.
To create Regular Expression Query Patterns
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Query Groups.

3.

Click RegExp Patterns.

4.

On the Command Bar, click Create New.

5.

In the Pattern Name field, enter the name of the pattern object.

6.

In the Database Type list, click the database type of the Query Pattern.
Options include: My SQL; MS-SQL; PostgreSQL. Note that Query Patterns can belong to a group
of the same type. Groups can also be part of a Database Security Rule. If a group is included in a
Database Security Rule, it can only belong to the same database type as that defined in the
Database Security Rule.

7.

In the Regular Expression Definition text box, type a regular expression.
Use the Macros and Legend links to provide hints as to possible parameters that can be added to
the regular expression you are creating. The options displayed depend on the Database Type you
selected from the Database Type list, as follows:

46

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)





Click on one of the Macros links (Any, Const, Number, Quoted String) to add possible
characters relevant to the regular expression defined in the Regular Expression Definition
text box.
Click on the Legend link to view possible regex idioms relevant to the parameters that are
valid for the database type you selected.

The system automatically displays whether the Regular Expression you entered is valid or invalid,
in the status bar. You will not be able to save or test the regular expression if the expression is
invalid.
8.

In the Test Sample field, type in an SQL query or statement and click Test Match to determine if
it matches the definition of the regular expression.

9.

(Optional) In the Color list, click on a color to choose which color the Query Pattern will be
displayed in, when viewed in the Regular Expression Query Patterns list.

10. Click Create to save the Regular Expression you created.

47

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.2.3.2

Editing a Regular Expression Query Pattern

To edit Regular Expression Query Patterns
1.

Locate the pattern you want to edit and click on the

icon at the end of the row.

2.

In the Pattern Name field, modify the name of the pattern object, if necessary.

3.

In the Database Type list, click the database type of the Query Pattern.
Options include: My SQL; MS-SQL; PostgreSQL. Note that Query Patterns can belong to a group
of the same type. Groups can also be part of a Database Security Rule. If a group is included in a
Database Security Rule, it can only belong to the same database type as that defined in the
Database Security Rule.

4.

In the Regular Expression Definition text box, type a regular expression.
Use the Macros and Legend links to provide hints as to possible parameters that can be added to
the regular expression you are creating. The options displayed depend on the Database Type you
selected from the Database Type list, as follows:




Click on one of the Macros links (Any, Const, Number, Quoted String) to add possible
characters relevant to the regular expression defined in the Regular Expression Definition
text box.
Click on the Legend link to view possible regex idioms relevant to the parameters that are
valid for the database type you selected.

The system automatically displays whether the Regular Expression you entered is valid or invalid,
in the status bar. You will not be able to save or test the regular expression if the expression is
invalid.
5.

In the Test Sample field, type in an SQL query or statement and click Test Match to determine if
it matches the definition of the regular expression.

6.

If the pattern is assigned to query groups, the query group names appear here. Click any query
group name to make changes to the group.

7.

(Optional) In the Color list, click on a color to choose which color the Query Pattern will be
displayed in, when viewed in the Regular Expression Query Patterns list.

8.

Click Create to save the Regular Expression you created.

48

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.2.4

Using Learned Patterns

You can define a SQL statement as a pattern that can be a member of a query group for use as an
option in database security rules.
For example, you can define a pattern that selects all personnel defined as executive managers in an
HR database, and then block any queries that match the pattern.
Patterns must belong to a query group to be used in a rule. Patterns can be created using either of
the two methods below:



Automatically - by creating a Learning Mode type rule and defining which query group will be
populated with the learned query patterns. See Creating a Database Security Rule on page 35.
Manually - by creating an individual query pattern and assign it to one or more query groups.

NOTE
Two learned patterns are included with GreenSQL as examples.
9.2.4.1

Creating Query Patterns

To Create Query Patterns
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Query Groups.

3.

Click Learned Patterns.

4.

On the Command Bar, click Create New.

5.

In the Workspace, enter the Query Pattern in the text field.
The query pattern format should include data parameters as question marks. For example: select
* from billing where m_id=?

6.

In the Database Type list, click the database type of the Query Pattern.

7.

(Optional) In the Color list, click a color for the appearance of the Query Pattern in the list of
queries.

8.

Click Create.

49

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.2.4.2

Editing Query Patterns

To Edit a Query Pattern
1.

Locate the pattern and click

at the end of the row.

2.

In the Workspace, edit the Query Pattern in the text field.

3.

Click Transform into Regular Expression to automatically convert the learned expression to a
regular expression. A new pattern is created. The original learned pattern is not changed. The
new regular expression consists of a regex “const” idiom for any “?” placeholder, and the
expression will be escaped. White spaces are normalized into a single space.
The match process of learned patterns is more efficient than using the match process of regular
expressions (may affect performance)

4.

In the Database Type list, click the database type of the Query Pattern.

5.

If the pattern is assigned to query groups, the query group names appear here. Click any query
group name to make changes to the group.

6.

(Optional) In the Color list, click a color for the appearance of the Query Pattern in the list of
queries.

7.

Click Update.

9.3

Creating Policy Objects

Objects are the main components of rules. Examples of objects include: specific IP addresses,
database users, applications, time schedules and tables. Each object created can be associated to a
specific database type, proxy or database (or a combination of them). Rules can be applied to these
objects.
NOTE
Rules can also be applied based on a risk profile. To create a risk profile, see Using Risk Profiles on
page 41.
Objects can also be combined into groups of objects. You can define a SQL statement as a pattern
that can be a member of a query group for use as an option in database security rules. Based on the
patterns that are included in a query group, a query will either match or not match the query group.
Regular expression patterns can be included in the definition of query groups.
For more information on regular expressions, see Using Regular Expression Patterns (on page 45).

50

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.3.1

Creating IP Addresses

To apply a rule to a specific client IP address, you must first create the IP Address Object and select it
in the rule.
To Create an IP Address Object
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Command Bar, click Create New.

4.

In the Workspace, enter the name and IP address.

5.

Use the drop-down menus to select options for the remaining fields.

6.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured IP Address object to
appear only for this type of database.

9.3.2

Creating IP Address Ranges

To apply a rule on a specific range of IP addresses source, you must first create the IP Address Range
and connect it to the rule.
To Create an IP Address Range
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Ranges.

4.

On the Command Bar, click Create New.

5.

In the Workspace, enter the name of the IP Range Object and define the range.

6.

Use the drop-down menus to select options for the remaining fields.

7.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured IP Address Range
object to appear only for this type of database.

51

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.3.3

Creating IP Groups

To apply a rule on multiple IP address source ranges or multiple IP addresses which may or may not
be sequential, an IP Group object can be created by joining IP Address and IP Range objects
connected to a rule.
To Create an IP Group
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Groups.

4.

On the Command Bar, click Create New.

5.

In the Workspace, enter the name of the IP Group.

6.

In the Available Members list, double-click IP addresses that you want included in the group (or
select them and click Add).
To remove IP addresses, double-click the address in the Current Members list or select it and
click Remove).
Both IP Address objects and IP Range objects can be selected. Also, an IP Group can include IP
Groups.

7.

Use the drop-down menus to select options for the remaining fields.

8.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured IP Group Object to
appear only for this type of database.

52

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.3.4

Creating Database Users

To apply a rule to specific database users, Database User Objects must be created and selected in the
rule.
To Create Database Users
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click DB Users.

4.

On the Command Bar, click Create New.

5.

In the Workspace, enter the name of the DB User.

6.

Use the drop-down menus to select options for the remaining fields.

7.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Database User object
to appear only for this type of database.

9.3.5

Creating Database User Groups

To apply a rule to multiple database users, Database User Groups Objects must be created and
selected in the rule.
You can create Database User Groups by adding database users to a group.
To Create Database User Group
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click DB Users.

4.

Click Groups.

5.

On the Command Bar, click Create New.

6.

In the Workspace, enter the name of the User Group.

7.

In the Available Members list, double-click the database user that you want included in the
group (or select them and click Add).
To remove a database user, double-click the address in the Current Members list or select it and
click Remove).
Both Database User objects and Database User Groups can be selected.

8.

Use the drop-down menus to select options for the remaining fields.

9.

Click Create.

53

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Database User Group
object to appear only for this type of database.

9.3.6

Creating Application Names

You can create names for the applications used to connect to GreenSQL.
To Create an Application Name
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Applications.

4.

On the Command Bar, click Create New.

5.

In the Workspace, enter the name of the Application Name.

6.

Use the drop-down menus to select options for the remaining fields.

7.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Application Name
object to appear only for this type of database.

9.3.7

Creating Application Groups

You can create Application Groups from existing Application Names.
To Create an Application Group
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Applications

4.

Click Groups.

5.

On the Command Bar, click Create New.

6.

In the Workspace, enter the name of the Application Group.

7.

In the Available Members list, double-click Application Names that you want included in the
group (or select them and click Add).
To remove Application Names, double-click the Application Names in the Current Members list
or select it and click Remove).

54

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

Both Application Names objects and Application Names Groups can be selected.
8.

Use the drop-down menus to select options for the remaining fields.

9.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Application Group
object to appear only for this type of database.

9.3.8

Creating a One-Time Schedule

Scheduling is the process where you define when a firewall rule is enabled. A One-Time schedule
starts and ends on a date and time you define.
To Create a One-Time Schedule
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Schedules.

4.

On the Command Bar, click Create New.

5.

Enter a name for the schedule.

6.

Define the date and time for the schedule's start and stop.

7.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Schedule object to
appear only for this type of database.

55

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.3.9

Creating a Recurring Schedule

Scheduling is the process where you define when a firewall rule is enabled. A recurring schedule
starts and ends at defined times on selected days of the week.
To Create a Recurring Schedule
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Schedules.

4.

Click Recurring.

5.

On the Command Bar, click Create New.

6.

In the Workspace, enter the name of the Recurring Schedule object.

7.

Select the days on which the schedule will run and define the start and stop times.

8.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule for each of these objects. If these items are not selected, the schedule will always
appear when creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Schedule object to
appear only for this type of database.

9.3.10 Creating a Schedule Group
To combine multiple schedules into one, you can create a schedule group. A schedule group can
include any combination of one-time schedules, recurring schedules and schedule groups.
To Create a Schedule Group
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Schedules.

4.

Click Groups.

5.

On the Command Bar, click Create New.

6.

In the Workspace, enter the name of the Application Name Group.

7.

In the Available Members list, double-click schedules that you want included in the group (or
select them and click Add).
To remove schedules, double-click the schedule in the Current Members list or select it and click
Remove).
Both Schedules objects and Schedules Groups can be selected.

56

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

8.

Use the drop-down menus to select options for the remaining fields.

9.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Schedule Group object
to appear only for this type of database.

9.3.11 Creating a Table
When creating a Table Based Database Firewall rule, you can select a Table object you have created
or you have the option to define Any Table in the rule. A view or a synonym can also be defined as a
table in GreenSQL.
NOTE
You can select tables only if you entered credentials in the instance which hosts this database.
To Create a Table
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Tables.

4.

On the Command Bar, click Create New.

5.

Enter a name for the table, view or synonym. You have to enter the exact name as it is in the
database (including fully qualified table names) or:
a.

Click Browse.

b.

Select a proxy.

c.

Select a table.

d.

Click Update.

You can select tables only if you entered credentials in the instance which hosts this database.
6.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Table object to appear
only for this type of database.

57

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.3.12 Creating a Tables Group
You can combine multiple tables into one by creating a Tables Group.
To Create a Tables Group
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Objects.

3.

On the Context Menu, click Tables.

4.

Click Groups.

5.

On the Command Bar, click Create New.

6.

In the Workspace, enter the name of the Application Name Group.

7.

(Optional) Add available members to the Current Members list, otherwise, the new Tables Group
can be populated when a Database Firewall policy is applied.



In the Available Members list, double-click Tables that you want included in the group (or
select them and click Add).
To remove Tables, double-click the schedule in the Current Members list or select it and
click Remove).

Both Table objects and Tables Groups can be selected.
8.

Use the drop-down menus to select options for the remaining fields.

9.

Click Create.
NOTE
You can optionally select a Database Type, Proxy and/or a Database to enable scheduling when
creating a rule.
Selecting a value for each field will cause the object to appear only in specific configuration
groups. For example, selecting a Database Type will cause the configured Table Group object to
appear only for this type of database.

9.4

Databases in GreenSQL

Databases can be logically created (declared) in GreenSQL. GreenSQL automatically adds databases
to its configuration when they are being used by SQL statements running through its proxies. You are
not required to create databases, but once they are created, you can apply specific policies and
configurations to each database, rather than applying policies globally on the instance or proxy
levels.
A database is attached to a proxy. You must define the proxy before defining the database.
NOTE
Some of the dialogs allowing you to input a database, allow you to create a new database entity.

58

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.4.1

Viewing Databases

To view the list of Databases
1.

On the Main Menu, click Databases.

2.

On the Context Menu, click Databases.

9.4.2

Creating a Database in GreenSQL

To Define a Database in GreenSQL
1.

On the Main Menu, click Databases.

2.

On the Context Menu, click Databases.

3.

On the Command Bar, click Create New.

4.

In the Create Database dialog box, select the proxy.

5.

In the Database name field, enter the exact name (case-sensitive) of the database.

6.

Click Create.

59

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.4.3

Editing a Database in GreenSQL

To edit an item
1.

Set the options as required (see table below) and click Update.

Database name

The name of the database.

GreenSQL Proxy

The configured proxy used to connect to the database.

Caching status
Minimum cache
retention (sec)
Maximum cache
retention (sec)

For details, see Setting Caching per Database on page 80.

Caching queries
Caching procedures
Audit user logon
For details, see Enabling Database Logon/Logoff Auditing on page 62
Audit user logoff
Error template

The default error to be sent to a client, when an invalid query causes a SQL
error.
Select from the following response types:


Global Error Response - applies the Global Default Error defined in
System Configuration.



General Error Response - GreenSQL sends a generic error to the client
regardless of the original error that the database sends. The error text
will be "Generic SQL error detected by GreenSQL".



Original Error Response - GreenSQL sends the client the original
response generated by the database management system without any
modification.



Sanitized Error Response - GreenSQL sends the client the original
error generated by the database (while masking sensitive data in the
error text such as the object type or object name).

60

GreenSQL 2.5 User Guide
Defining Your Security Policy (Advanced Options)

9.4.4

Disabling Databases

To disable databases from the Workspace
1.

In the Workspace, locate the database you want to disable.

2.

In the Active column, clear the check box.

9.4.5

Deleting Databases

NOTE
Warnings may be displayed if you cannot delete the database, such as due to associated policies.
See Deleting Items on page 20.

61

GreenSQL 2.5 User Guide
Database Activity Monitoring

10

Database Activity Monitoring

GreenSQL logs transactions performed on databases, enabling compliance with regulations and
computer forensics. It provides IT personnel and security officers with information any queries that
reached databases, such as database content extraction, modification and deletion, as well as
changes to database configuration and system settings.
You can set rules to audit transactions on specific databases and for queries originating from specific
source IPs, users and applications.
GreenSQL’s activity monitoring capabilities are very granular and include auditing of a whole
database, specific tables or specific columns within tables.
When you select GreenSQL's Advanced Activity Monitoring option, it displays the original and
modified data in red for quickly identifying changes to data, including verbose information on the
event (such as source IP, user, application names, rows affected, modification time, and more).








To create activity monitoring rules, see Activity Monitoring Rule Types on page 62.
To view activity monitoring events generated by the rules you defined, see Viewing Activity
Monitoring Events on page 67.
To modify an existing rule, see Editing Activity Monitoring Rules on page 65.
To keep the events log to a usable size, you can archive events logs. See Setting Activity
Monitoring Archive Rotation (on page 67).
To view archived events logs, see Viewing Activity Monitoring Log Archives on page 68.
For a detailed list of auditable objects and commands, see Auditable Objects and Commands on
page 68.
To change the order in which database activity monitoring rules are applied, see Reordering
Rules on page 22.

10.1 Activity Monitoring Rule Types
You can create two types of audit rules:



Administrative – enables activity monitoring of various database configuration and system
setting changes.
Table Based – enables activity monitoring of data changes in tables and columns.

For details, see Creating an Administrative Activity Monitoring Rule on page 63.
In addition, you can audit when users log on or log off from specified databases. For more
information, see Enabling Database Logon/Logoff Auditing on page 62.

62

GreenSQL 2.5 User Guide
Database Activity Monitoring

10.1.1 Enabling Database Logon/Logoff Auditing
To audit database logging on or logging off events
1.

On the Main Menu, click Databases.

2.

On the Context Menu, click Databases.

3.

Edit the required database.

4.

Select the Audit user logon check box to audit logon attempts to that database.

5.

Select the Audit user logoff check box to audit logoffs from that database.

10.2 Creating an Administrative Activity Monitoring Rule
To create an activity monitoring rule
1.

On the Main Menu, click Activity Monitoring.

2.

On the Context Menu, click Policy.

3.

On the Command Bar, click Create New.

4.

In the Activity Monitoring Type list, click Administrative or Table Based as required.

5.

Set the other options as required (see tables below), then click Create.

Activity Monitoring Rule Options - Administrative
Database

Determines which databases are audited by this rule.
If you select All Databases, you can audit either all proxies or a specific
proxy.
If required, you can create a new database and define the proxy and
database name.

Source IP

Applies the rule to queries from any IP or just to queries from a specific IP,
IP Range or IP Group.
If required, you can create a new IP address.

Database User

Applies the rule to queries from any database user or just to queries from
a specific user or user group.
If required, you can create a new IP address.

Application Name

Applies the rule to queries from any application or just to queries from a
specific application or application group.

63

GreenSQL 2.5 User Guide
Database Activity Monitoring

Alerts (SMTP)

Sends an alert by email when the event defined by this rule occurs.
To use this option, make sure that Alerts has been properly configured
and you have enabled Auditing alerts. See Alerts on page 90.

Disable Rule

Disables the rule without deleting it. Disabled rules are also indicated in
the Active column of the policy Workspace.

Advanced Activity
Monitoring

You can perform detailed audits of sensitive administrative operations.
See Database Activity Monitoring on page 62.

Activity Monitoring
operations

You can narrow the audit to specific administrative operations by selecting
them.

Activity Monitoring Rule Options - Table Based
Database

Determines which databases are audited by this rule.
If you select All Databases, you can audit either all proxies or a specific
proxy.
If required, you can create a new database and define the proxy and
database name.

Source IP

Applies the rule to queries from any IP or just to queries from a specific IP,
IP range or IP Group.
If required, you can create a new IP address.

Database User

Applies the rule to queries from any database user or just to queries from
a specific user or user group.
If required, you can create a new IP address.

Application Name

Applies the rule to queries from any application or just to queries from a
specific application or application group.

Alerts (SMTP)

Sends an alert by email when the event defined by this rule occurs.
To use this option, make sure that Alerts has been properly configured
and you have enabled Auditing alerts. See Alerts on page 90.

Disable Rule

Disables the rule without deleting it. Disabled rules are also indicated in
the Active column of the policy Workspace.

64

GreenSQL 2.5 User Guide
Database Activity Monitoring

Advanced Activity
Monitoring

You can perform detailed audits of sensitive tables and columns. See
Database Activity Monitoring on page 62.
NOTE
You cannot perform Advanced Activity Monitoring when Any
Table/Column is selected under Activity Monitoring operations.

Activity Monitoring
operations

Performs activity monitoring on any combination of viewing, modifying
and deletion events, according to the check boxes you select.
You can narrow the audit to specific tables or columns of the database by
selecting them from the pull down list, or if required, you can add new
tables and columns by clicking New.
NOTE
You can select tables or columns only if you entered credentials in the
database server which hosts this database.

10.3 Editing Activity Monitoring Rules
To edit an activity monitoring rule
1.

Set the options as required (see tables below).

Activity Monitoring Rule Options - Administrative
Database

Determines which databases are audited by this rule.
If you select All Databases, you can audit either all proxies or a specific
proxy.
If required, you can create a new database and define the proxy and
database name.

Source IP

Applies the rule to queries from any IP or just to queries from a specific IP,
IP Range or IP Group.
If required, you can create a new IP address.

Database User

Applies the rule to queries from any database user or just to queries from
a specific user or user group.
If required, you can create a new IP address.

Application Name

Applies the rule to queries from any application or just to queries from a
specific application or application group.

65

GreenSQL 2.5 User Guide
Database Activity Monitoring

Alerts (SMTP)

Sends an alert by email when the event defined by this rule occurs.
To use this option, make sure that Alerts has been properly configured
and you have enabled Auditing alerts. See Alerts on page 90.

Disable Rule

Disables the rule without deleting it. Disabled rules are also indicated in
the Active column of the policy Workspace.

Advanced Activity
Monitoring

You can perform detailed audits of sensitive administrative operations.
See Database Activity Monitoring on page 62.

Activity Monitoring
operations

You can narrow the audit to specific administrative operations by selecting
them.

Activity Monitoring Rule Options - Table Based
Database

Determines which databases are audited by this rule.
If you select All Databases, you can audit either all proxies or a specific
proxy.
If required, you can create a new database and define the proxy and
database name.

Source IP

Applies the rule to queries from any IP or just to queries from a specific IP,
IP range or IP Group.
If required, you can create a new IP address.

Database User

Applies the rule to queries from any database user or just to queries from
a specific user or user group.
If required, you can create a new IP address.

Application Name

Applies the rule to queries from any application or just to queries from a
specific application or application group.

Alerts (SMTP)

Sends an alert by email when the event defined by this rule occurs.
To use this option, make sure that Alerts has been properly configured
and you have enabled Auditing alerts. See Alerts on page 90.

Disable Rule

Disables the rule without deleting it. Disabled rules are also indicated in
the Active column of the policy Workspace.

66

GreenSQL 2.5 User Guide
Database Activity Monitoring

Advanced Activity
Monitoring

You can perform detailed audits of sensitive tables and columns. See
Database Activity Monitoring on page 62.
NOTE
You cannot perform Advanced Activity Monitoring when Any
Table/Column is selected under Activity Monitoring operations.

Activity Monitoring
operations

Performs activity monitoring on any combination of viewing, modifying
and deletion events, according to the check boxes you select.
You can narrow the audit to specific tables or columns of the database by
selecting them from the pull down list, or if required, you can add new
tables and columns by clicking New.
NOTE
You can select tables or columns only if you entered credentials in the
database server which hosts this database.

10.4 Viewing Activity Monitoring Events
To view audit events
1.

On the Main Menu, click Activity Monitoring.
Events that occurred according to the policy you defined are displayed in the Workspace.

2.

Click an event to see more details about it.

NOTE
If advanced activity monitoring is selected in the relevant rule, Modified Object windows will also be
displayed according to the rule's settings.

67

GreenSQL 2.5 User Guide
Database Activity Monitoring

10.5 Setting Activity Monitoring Archive Rotation
To configure log files archiving for audit events
1.

On the Main Menu, click Activity Monitoring.

2.

On the Context Menu, click Archives Rotation.

3.

Configure the following options as required:






Number of Log Files – the maximum number of log files to save on the disk (the files are also
listed in the Archives Workspace). When this number is reached, the oldest log file is
overwritten.
Maximum File Size – the maximum log file size allowed. When a log file reaches the
maximum size, a new log file is created. However, if the maximum Number of Log Files
already exists in the Archives Workspace, the oldest log file is overwritten.
Scheduled Rotation - you can define a regular time (daily, weekly or monthly) to create a
new log file, even if the maximum file size limit has not been reached.

10.6 Viewing Activity Monitoring Log Archives
To view the events in an archive
1.

On the Main Menu, click Activity Monitoring.

2.

On the Context Menu, click Archives.

3.

Click the required archive.

4.

The archive is opened in the Workspace, showing any events stored in the archive.

NOTE
In the Events Workspace, you can only view events from the selected archive.

10.7 Auditable Objects and Commands
The following tables describe the objects and commands that can be audited by GreenSQL.

10.7.1 MySQL Database
Object\Command

CREATE

DROP

ALTER

GRANT

REVOKE

USER











PLUGIN, SERVER, EVENT, INDEX, TRIGGER,
FUNCTION, PROCEDURE, DATABASE, VIEW,
TABLE







In addition to the above, sensitive tables or columns also audit: INSERT, UPDATE, DELETE, TRUNCATE
and SELECT (SELECT is audited for sensitive tables or columns only if configured in the database
settings in the GreenSQL management console).

68

GreenSQL 2.5 User Guide
Database Activity Monitoring

10.7.2 PostgreSQL Database
Object\Command

CREATE

TABLE, DATABASE, INDEX, VIEW, USER, SCHEMA, LANGUAGE, TYPE,
CONVERSION, FUNCTION, TRIGGER, CAST, RULE, GROUP, ROLE,
OPERATOR, TABLE SPACES, OPERATOR CLASS, SEQUENCE, FULL TEXT

CONFIGURATION, FULL TEXT TEMPLATE, FULL TEXT DICTIONARY,
FULL TEXT PARSER

DROP

ALTER





In addition to the above, sensitive tables or columns also audit: INSERT, UPDATE, DELETE, TRUNCATE
and SELECT (SELECT is audited for sensitive tables or columns only if configured in the database
settings in the GreenSQL management console).

69

GreenSQL 2.5 User Guide
Database Activity Monitoring

10.7.3 MS SQL
Object\Command

CREATE

LOG SHIPPING MONITOR, TYPE, EXTENDED PROCEDURE, SPECIAL
INDEX, RENAME OBJECT*, SYSTEM CONFIGURATION, STATISTICS,
LOG SHIPPING SECONDARY, LOG SHIPPING PRIMARY, FUNCTION,
SIGNATURE, DATABASE MASTER KEY, SERVICES MASTER KEY, LINKED
SERVER, OPERATOR, ALERT, CATEGORY, SCHEDULE, JOB, MESSAGE,
ASSEMBLY, PROCEDURE, TABLE, USER, DATABASE, INDEX, BACKUP

DEVICE, VIEW, PARTITION FUNCTION, PARTITION SCHEMA, SCHEMA,
SERVER AUDIT, SERVER AUDIT SPECIFICATION, CERTIFICATE,
CREDENTIAL, SYMMETRIC KEY, ASYMMETRIC KEY, APPLICATION
ROLE, DATABASE ROLE, REMOTE LOGIN, LOGIN, FULLTEXT CATALOG,
FULLTEXT INDEX, TRIGGER, SEQUENCE

DROP

ALTER





* Any Object
In addition to the above, sensitive tables or columns also audit: INSERT, UPDATE, DELETE, TRUNCATE
and SELECT (SELECT is audited for sensitive tables or columns only if configured in the database
settings in the GreenSQL management console).

70

GreenSQL 2.5 User Guide
Dynamic Data Masking

11

Dynamic Data Masking

GreenSQL’s data masking feature allows you to mask sensitive information such as credit card
numbers, email addresses and license numbers from unauthorized users. The GreenSQL solution
provides real-time data masking and ensures that database users are not exposed to sensitive
information. Masked data is generated in real time data when it leaves the database. It is not stored
on the database, thereby preserving data integrity.
To enable data masking, you do not need to change anything in your databases or applications; just
set the proper policy in GreenSQL.
You can set rules to mask information on specific databases and for queries originating from specific
source IPs, users and applications.







To create data masking rules, see Creating a Data Masking Rule on page 71.
To view data masking events generated by the rules you defined, see Viewing Data Masking
Events on page 77.
To modify an existing rule, see Editing Data Masking Rules on page 74.
To keep the events log to a usable size, you can archive events logs. See Setting Data Masking
Archive Rotation (on page 77).
To view archived events logs, see Viewing Data Masking Log Archives on page 78.
To change the order in which data masking rules are applied, see Reordering Rules on page 22.

11.1 Creating a Data Masking Rule
To create a data masking rule
1.

On the Main Menu, click Data Masking.

2.

On the Context Menu, click Policy.

3.

On the Command Bar, click Create New.

4.

Set options as required (see table below), then click Create.

Data Masking Rule Options
Database

Determines which databases are masked by this rule. This field is mandatory.
If required, you can create a new database and define the proxy and database
name.

Source IP

Applies the rule to queries from any IP or just to queries from a specific IP, IP
range or IP Group.
If required, you can create a new IP address.

Database User

Applies the rule to queries from any database user or just to queries from a
specific user or user group.
If required, you can create a new database user.

71

GreenSQL 2.5 User Guide
Dynamic Data Masking

Application
Name

Applies the rule to queries from any application or just to queries from a specific
application or application group.

Alerts (SMTP)

Sends an alert by email when the event defined by this rule occurs.
To use this option, make sure that Alerts has been properly configured and you
have enabled Auditing alerts. See Alerts on page 90.

Disable Rule

Disables the rule without deleting it. Disabled rules are also indicated in the
Active column of the policy Workspace.

Columns

Determines which columns are masked by this rule.
If required, you can add new columns through the new column wizard.
NOTE
You can select columns only if you entered credentials in the database server
which hosts this database.

72

GreenSQL 2.5 User Guide
Dynamic Data Masking

Behavior

Determines the type of data masking that is applied, dependent on the selected
columns type (see table below):




Mask All - all data is masked.
Empty - field data is returned as an empty string.
Credit Card Masking - the last four digits of a credit card are displayed, other
characters are masked.
• Last Three Masking - the last three characters are masked; other characters
are displayed.
• Last Four Masking - the last four characters are masked; other characters are
displayed.
• Basic Email Masking - the username section of the email address is masked
(except for the first and last characters). For example:
'[email protected]' is converted to '[email protected]'.
• Full Email Masking – the username and domain sections of the email address
are masked. For example: '[email protected]' is converted to
'[email protected]'.
• Keep first character - keeps the 1st character in the string, and replaces the
remaining characters with '0'. For example: 'City' is converted to 'C000'.
• Keeps first and last 1 characters - keeps the 1st and last characters in the
string, and replaces the remaining characters with '0'. For example: 'City' is
converted to 'C00y'.
• Keeps first and last 2 characters - keeps the 1st and last two characters in the
string, and replaces the remaining characters with '0'. For example: 'City' is
converted to 'City'; 'Country is converted to 'Co000ry'.
• Mask all digits - masks all digits in the string. For example: all digits in a zip
code are masked as follows: '70002' is converted to '*****'.
• Keep email domain only - masks the username section of an email address;
the domain name remains the same. For example: '[email protected]' is
converted to '***@gmail.com'.
• Keep first 2 characters - keeps the first 2 characters and replaces the
remaining characters with '0'. For example: 'City' is converted to 'Ci00'.
• Fixed string - replaces all values in the column with 'CONFIDENTIAL'.
• Mask last 6 characters - replaces the last six characters in the string with the
character chosen from the 'Replace with' field.
Options include: 'X' or '0'.
• Keeps first and last 4 characters - replaces the first and last 4 characters in the
string with the character chosen from the 'Replace with' field.
Options include: 'X' or '0'. For example: '[email protected]' is converted to
'[email protected]'.
• Random Number - a random number is displayed instead of the original data.
NOTE
If you defined two or more types of columns, you can only select Mask All.

73

GreenSQL 2.5 User Guide
Dynamic Data Masking

Replace with

Determines the value that will replace the original masked data.
Value options depend on the behavior selected and data type of the selected
columns.
Note
If you have defined two or more types of columns, you can only select Default by
column type. See default values below for more information.
Default values according to column type are:

Logging



Date – 01-01-1970



String values – replace all characters with "X"



Numeric values – replace all characters with "1"

Determines if data masking events are logged.

The following table defines the possible data masking behaviors (see Behavior in previous table)
according to column types:
Column Type

Masking Behaviors

String

Mask All, Empty, Credit Card Masking, Last Three Masking, Last Four Masking,
Basic Email Masking, Full Email Masking

Date

Mask All

Numeric

Mask All, Random Number

74

GreenSQL 2.5 User Guide
Dynamic Data Masking

11.2 Editing Data Masking Rules
To edit an item
1.

Set the options as required (see table below) and click Update.

Data Masking Rule Options
Database

Determines which databases are masked by this rule. This field is mandatory.
If required, you can create a new database and define the proxy and database
name.

Source IP

Applies the rule to queries from any IP or just to queries from a specific IP, IP
range or IP Group.
If required, you can create a new IP address.

Database User

Applies the rule to queries from any database user or just to queries from a
specific user or user group.
If required, you can create a new database user.

Application
Name

Applies the rule to queries from any application or just to queries from a specific
application or application group.

Alerts (SMTP)

Sends an alert by email when the event defined by this rule occurs.
To use this option, make sure that Alerts has been properly configured and you
have enabled Auditing alerts. See Alerts on page 90.

Disable Rule

Disables the rule without deleting it. Disabled rules are also indicated in the
Active column of the policy Workspace.

Columns

Determines which columns are masked by this rule.
If required, you can add new columns through the new column wizard.
NOTE
You can select columns only if you entered credentials in the database server
which hosts this database.

75

GreenSQL 2.5 User Guide
Dynamic Data Masking

Behavior

Determines the type of data masking that is applied, dependent on the selected
columns type (see table below):



















Mask All - all data is masked.
Empty - field data is returned as an empty string.
Credit Card Masking - the last four digits of a credit card are displayed, other
characters are masked.
Last Three Masking - the last three characters are masked; other characters
are displayed.
Last Four Masking - the last four characters are masked; other characters are
displayed.
Basic Email Masking - the username section of the email address is masked
(except for the first and last characters). For example:
'[email protected]' is converted to '[email protected]'.
Full Email Masking – the username and domain sections of the email address
are masked. For example: '[email protected]' is converted to
'[email protected]'.
Keep first character - keeps the 1st character in the string, and replaces the
remaining characters with '0'. For example: 'City' is converted to 'C000'.
Keeps first and last 1 characters - keeps the 1st and last characters in the
string, and replaces the remaining characters with '0'. For example: 'City' is
converted to 'C00y'.
Keeps first and last 2 characters - keeps the 1st and last two characters in the
string, and replaces the remaining characters with '0'. For example: 'City' is
converted to 'City'; 'Country is converted to 'Co000ry'.
Mask all digits - masks all digits in the string. For example: all digits in a zip
code are masked as follows: '70002' is converted to '*****'.
Keep email domain only - masks the username section of an email address;
the domain name remains the same. For example: '[email protected]' is
converted to '***@gmail.com'.
Keep first 2 characters - keeps the first 2 characters and replaces the
remaining characters with '0'. For example: 'City' is converted to 'Ci00'.
Fixed string - replaces all values in the column with 'CONFIDENTIAL'.
Mask last 6 characters - replaces the last six characters in the string with the
character chosen from the 'Replace with' field.
Options include: 'X' or '0'.
Keeps first and last 4 characters - replaces the first and last 4 characters in the
string with the character chosen from the 'Replace with' field.
Options include: 'X' or '0'. For example: '[email protected]' is converted to
'[email protected]'.
Random Number - a random number is displayed instead of the original data.

NOTE
If you defined two or more types of columns, you can only select Mask All.

76

GreenSQL 2.5 User Guide
Dynamic Data Masking

Replace with

Determines the value that will replace the original masked data.
Value options depend on the behavior selected and data type of the selected
columns.
Note
If you have defined two or more types of columns, you can only select Default by
column type. See default values below for more information.
Default values according to column type are:

Logging



Date – 01-01-1970



String values – replace all characters with "X"



Numeric values – replace all characters with "1"

Determines if data masking events are logged.

The following table defines the possible data masking behaviors (see Behavior in previous table)
according to column types:
Column Type

Masking Behaviors

String

Mask All, Empty, Credit Card Masking, Last Three Masking, Last Four Masking,
Basic Email Masking, Full Email Masking

Date

Mask All

Numeric

Mask All, Random Number

11.3 Viewing Data Masking Events
To view data masking events
1.

On the Main Menu, click Data Masking.
Events that occurred according to the policy you defined are displayed in the Workspace.

2.

Click an event to see more details about it.

77

GreenSQL 2.5 User Guide
Dynamic Data Masking

11.4 Setting Data Masking Archive Rotation
To configure log files archiving for data masking events
1.

On the Main Menu, click Data Masking.

2.

On the Context Menu, click Archives Rotation.

3.

Configure the following options as required:






Number of Log Files – the maximum number of log files to save on the disk (the files are also
listed in the Archives Workspace). When this number is reached, the oldest log file is
overwritten.
Maximum File Size – the maximum log file size allowed. When a log file reaches the
maximum size, a new log file is created. However, if the maximum Number of Log Files
already exists in the Archives Workspace, the oldest log file is overwritten.
Scheduled Rotation - you can define a regular time (daily, weekly or monthly) to create a
new log file, even if the maximum file size limit has not been reached.

11.5 Viewing Data Masking Log Archives
To view the events in an archive
1.

On the Main Menu, click Data Masking.

2.

On the Context Menu, click Archives.

3.

Click the required archive.

4.

The archive is opened in the Workspace, showing any events stored in the archive.

NOTE
In the Events Workspace, you can only view events from the selected archive.

78

GreenSQL 2.5 User Guide
Caching

12

Caching

GreenSQL uses dynamic database caching to resolve data access bottlenecks and latency without any
change to existing applications or databases.
GreenSQL’s patented smart caching solution greatly accelerates your applications' performance and
improves response time by storing database content (responses to queries) on the server where
GreenSQL is installed. When content is retrieved from the cache, a query to the database is not
performed, thereby saving system resources.
As a Unified Database Security solution, GreenSQL allows you to cache results allowed by the
database firewall, including results from queries that were audited or had dynamic data masking
rules applied on one or more of their columns.
The cached information is saved in a defined memory space. Web applications connected to a
database can get massive performance acceleration using the caching feature.

12.1.1 Caching Hierarchy
Caching can be set either globally or individually for objects according to the following hierarchy:





system - enabled by default
proxy - enabled by default
database - enabled by default)
policy (Tables, Queries, Procedures) - disabled by default

Enabling caching for objects higher in the hierarchy also applies caching to objects underneath,
unless caching is disabled for those objects lower in the hierarchy.
Disabling caching for objects higher in the hierarchy overrides cache settings of objects lower in the
hierarchy.

12.1.2 Viewing Caching Results
You can view caching results according to:



Performance - caching results according to query pattern
Efficiency - caching results according to database

For details about caching logs, see Viewing Caching Performance Logs (on page 99).

12.2 How GreenSQL Database Caching Works
GreenSQL's database caching process works as follows:
1.

Each response to a unique query is retrieved from the database and cached on the GreenSQL
server for the "Cache Time". The Cache Time is initially set to the Minimum cache retention.

2.

As long as the Cache Time is not reached, responses to queries are read from the cache. If the
data in the database is changed during this time, GreenSQL will automatically invalidate the
cached results and obtain fresh results from the database when the next query is executed.

3.

Once the Cache Time is reached:
a.

The cached response is flushed.

b.

The flushed response's identification (MD5 signature) is stored for comparison with the next
time the specific query is used.

79

GreenSQL 2.5 User Guide
Caching

c.

4.

The next time the specific query is used, the response is retrieved from the database and an
MD5 comparison is performed. If the response to the query differs from the previous
response, the Cached Time is reset to Minimum cache retention; otherwise the Cache Time
gradually increases until it reaches the Maximum cache retention.

When the Maximum cache retention is reached, the Cache Time is retained until an MD5
comparison test finds a modification change in the Database content.

12.3 Setting Caching per Database
To configure caching for a specific database
1.

Make sure that system caching is enabled as described in Setting System Caching on page 81.

2.

On the Main Menu, click Databases.

3.

On the Context Menu, click Databases.

4.

Edit the required database and configure the following options as required:






Caching status – click Enabled or Disabled as required.
Minimum cache retention (sec) – type the minimum time, in seconds, that the database
responses will be cached on the GreenSQL server. Default: 5 seconds.
Maximum cached retention (sec) - type the maximum time, in seconds, that the database
responses will be cached on the GreenSQL server. Default: 3600 seconds.
Cache queries – select the check box to cache returned data of accepted queries for this
database.
Cache procedures – select the check box to cache procedures for this database.

NOTE
To disable caching for all databases, disable system caching as described in Setting System Caching
on page 81

12.4 Setting Caching Per Policy
When caching is enabled for a rule, the rule type determines the information that is cached, as
follows:
Rule Type

IPS / IDS

Cached Information

Learning Mode

Active Protection – IPS

Queries that were not blocked

Learning Mode

Monitoring/IDS

Returned data of accepted
queries

Database Firewall

N/A

Matched queries

Risk Based - IPS/IDS

Active Protection – IPS

Queries that were not blocked

Risk Based - IPS/IDS

Monitoring/IDS

Returned data of accepted
queries

80

GreenSQL 2.5 User Guide
Caching

To configure caching for a specific rule
1.

On the Main Menu, click Database Security.

2.

In the Workspace, locate the rule for which you want to enable/disable caching and click

3.

Select the Caching check box to enable caching all allowed requests.

4.

Click Update.

.

12.5 Setting Caching Per Query
To configure caching for a specific query
1.

On the Main Menu, click Database Security.

2.

On the Context Menu, click Query Groups.

3.

Click Patterns.

4.

In the Workspace, locate the query pattern for which you want to enable/disable caching and
click .

5.

In the Edit Query Pattern Workspace, select the Do not cache queries of this pattern check box
to disable caching for the query, or clear the check box to enable caching for this query.
To enable caching, make sure that caching is also enabled globally (see Setting System Caching
on page 81).

6.

Click Update.

12.6 Setting System Caching
To set system caching
1.

On the Main Menu, click System.

2.

On the Context Menu, click Configuration then click Caching.

3.

Configure the following options as required:






Caching status - click Enabled or Disabled as required.
Maximum cache memory size - type the maximum RAM you wish to allocate on the server
for caching all responses to queries (the default is 128 MB).
Cache size per connection - type the maximum RAM you wish to allocate on the server for
caching all responses to queries per connection.
Cache queries - select the check box to cache returned data of accepted queries.
Cache procedures - select the check box to cache procedures.

NOTE
On 32-bit systems, maximum cache memory size should not exceed 2GB.

81

GreenSQL 2.5 User Guide
Configuring the System

13

Configuring the System

The System Menu includes global settings and maintenance options.








To view system information, see Viewing System Information (on page 82).
To set general system settings, see Configuring General System Settings on page 82.
To set global caching options, see Setting System Caching on page 81.
To set user accounts and profiles, see Configuring Administrative Settings on page 84.
To configure system redundancy, see Implementing High Availability on page 109.
To configure management settings, see Configuring Management Settings on page 85.
To configure maintenance settings, see Maintaining GreenSQL on page 86.

For customer support, see Support (on page 89).

13.1 Viewing System Information
You can view the current system status, current software release information, and check for new
releases of GreenSQL on the System Information page.
To view system information
1.

On the Main Menu, click System.

2.

On the Context Menu, click Information.
The following information is displayed:







System Time
Time Zone
License
Last Session
Management Version
Firewall Version

To check if new GreenSQL versions are available


Click Check for Updates.

82

GreenSQL 2.5 User Guide
Configuring the System

13.2 Configuring General System Settings
To configure general settings
1.

On the Main Menu, click System.

2.

On the Context Menu, click Configuration.

3.

In the Workspace, set the options as required (see table below).

4.

Click Update.
Global Default Error

The default error to be sent to a client, when an invalid query
causes a SQL error. You can control this setting per Database in
the Edit Database screen, (see Editing a Database in GreenSQL
on page 60).
Select from the following response types:

Primary SMTP Server



Original Response – GreenSQL sends the client the original
response generated by the database management system
without any modification.



General Error Response – GreenSQL sends a generic error to
the client regardless of the original error the database sends.
The error text is "Generic SQL error detected by GreenSQL."



Sanitized Error Response – GreenSQL sends the client the
original error generated by the database while masking
sensitive data (i.e. any object such as table or column).

Select an SMTP server to be used for sending alerts.
To create SMTP servers, see Creating SMTP Servers on page 94.

Secondary SMTP Server (Optional) Select a backup SMTP server to be used when the
Primary SMTP server is unreachable.
Statistics Refresh
Interval

Objects Association

Determines how often the statistics are updated for the following
logs (and associated Dashboard widgets):


Caching Performance



Database Caching Efficiency



Most Popular Queries

If enabled, objects created from within a rule will be associated
to that rule's database type, proxy and database.

83

GreenSQL 2.5 User Guide
Configuring the System

13.3 Configuring Administrative Settings
You can create user accounts in GreenSQL and grant users specific permissions based on group
profiles. Each profile specifies a set of permissions.
This section describes the user account and profile tasks as follows:





Creating a User on page 84
Editing a User on page 84
User Profiles on page 84
Creating Profiles on page 84

13.3.1 Creating a User
To create a user
1.

On the Main Menu, click System.

2.

On the Context Menu, click Administrators and select Users.

3.

On the Command Bar, click Create New.

4.

In the Profile list, click a profile to apply to the user (see Creating Profiles on page 84).

5.

Define the user details and set passwords as required.
Passwords must be a combination of English letters and numbers and be at least 8 characters.

6.

(Optional) Select the Management IP check box and type an IP address from which the user can
access the GreenSQL Management Console.

7.

Click Create.

13.3.2 Editing a User
To edit a user


Set the options as required.

13.3.3 User Profiles
You can create profiles that define the permissible actions for the various tasks that can be
performed in GreenSQL. Profiles can then be assigned to individual user accounts to define which
tasks individual users are allowed to perform.
Two built-in profiles are included with GreenSQL: Administrators and Read only. These profiles can
be edited but not deleted.

84

GreenSQL 2.5 User Guide
Configuring the System

13.3.4 Creating Profiles
To create a profile
1.

On the Main Menu, click System.

2.

On the Context Menu, click Administrators then select Profiles.

3.

On the Command Bar, click Create New.

4.

Enter a profile name.

5.

To grant all permissions to all items for the profile, click Select All.
Or, only select the required check boxes in the tasks/permissions matrix.

6.

Click Create.

13.3.5 Editing User Profiles
To edit a user profile


Set the options in the tasks/permissions matrix as required and click Update.

13.3.6 Disabling User Profiles
To disable a user profile
1.

In the Workspace, locate the profile you want to disable and click

.

2.For each Permission you want to disable, select the Disable Rule check box at the end of
the row.
3.Click Update.

13.3.7 Deleting User Profiles
NOTE
Warnings may be displayed if you cannot delete the profile, such as due to associated users.
See Deleting Items on page 20.

85

GreenSQL 2.5 User Guide
Configuring the System

13.4 Configuring Management Settings
To define the management settings
1.

On the Main Menu, click System.

2.

On the Context Menu, click Management.

3.

Define the following fields:





4.

Certificate – GreenSQL installation generates a management certificate by default. If you
uploaded another management certificate (see Managing Management Certificates on
page 86), select it from the Certificate list.
Address – the IP address of any GreenSQL server network interfaces (NICs) which are
exposed to the clients (using the address 0.0.0.0 will open access on any NIC).
Port – the port that GreenSQL Management is listening on (default: 5000).
Session Idle Time – from the list, select the time when the user will be required to logon
again to GreenSQL in case of an idle session.

Click Update.

13.4.1 Managing Management Certificates
To enable your web server to accept HTTPS connections, you must upload a public key certificate for
the management web server (see Uploading Management Certificates on page 86). The certificate
allows the web browser to accept it without warning.
You can issue your own management certificate or obtain one from a certificate authority.
NOTE
If you are obtaining a certificate from VeriSign, make sure it is suitable for Apache.

13.4.2 Uploading Management Certificates
To upload a management certificate
1.

On the Main Menu, click System.

2.

On the Context Menu, click Management, then click Certificates.

3.

On the Command Bar, click Create New.

4.

For Certificate, click Choose File and select the required file.

5.

For Private key, click Choose File and select and select the required file.

6.

Click Upload.

86

GreenSQL 2.5 User Guide
Configuring the System

13.5 Maintaining GreenSQL
This section describes how to perform the following tasks for maintaining the GreenSQL system:






Backing Up GreenSQL Settings on page 87
Restoring GreenSQL Settings on page 87
Activating the License (on page 87)
Viewing License Information on page 88
Resetting GreenSQL to Default Settings on page 88

13.5.1 Backing Up GreenSQL Settings
To backup GreenSQL settings
1.

On the Main Menu, click System.

2.

On the Context Menu, click Backup & Restore.

3.

Enter a password to encrypt the backup file.
Passwords must be a combination of English letters and numbers and be at least 8 characters.

4.

Click Backup.

5.

Save the file in the location you require and note the path so that you can restore if required.

13.5.2 Restoring GreenSQL Settings
All GreenSQL users’ passwords will be reverted to the time of the backup file, including admin
password.
To restore GreenSQL settings from a backup
1.

On the Main Menu, click System.

2.

On the Context Menu, click Backup & Restore.

3.

Click Restore.

4.

Click Choose File and select your backup file.

5.

Enter the password you used when you backed up.

6.

(Optional) Select the Purge System Logs check box to delete all system logs.

7.

Click Restore.

87

GreenSQL 2.5 User Guide
Configuring the System

13.5.3 Activating the License
After installing GreenSQL and opening the application, a wizard guides you through the initial setup.
To activate a license
1.

On the Main Menu, click System.

2.

On the Context menu, click License.

3.

In the Serial Key field, enter the license serial key.

4.

Click Update.
The system will take a few moments to validate the license.

To activate a license on a computer not connected to the Internet
1.

On the Main Menu, click System.

2.

On the Context menu, click License.

3.

Copy the address displayed under To activate GreenSQL to a computer connected to the
Internet.

4.

When you receive the license key by email, copy the key to the field indicated in the window on
the computer not connected to the internet.

5.

Click Update.

13.5.4 Viewing License Information
To view the license information
1.

On the Main Menu, click System.

2.

On the Context Menu, click License Information.

3.

In the Workspace, the status for GreenSQL Updates Network is displayed, in addition to other
information regarding your license.

13.5.5 Resetting GreenSQL to Default Settings
To reset all custom configurations and delete all logs, while retaining the license
1.

On the Main Menu, click System.

2.

On the Context Menu, click Factory Reset.

3.

Click Factory Reset.

4.

Enter your current GreenSQL password.

5.

When prompted to accept the deletion of your custom settings, click OK.

88

GreenSQL 2.5 User Guide
Configuring the System

13.5.6 Support
If you require assistance, you can generate a compressed support file for sending to GreenSQL. The
support file contains mainly log files and does NOT contain any sensitive information from your
computer.
You can generate two types of support files:



Compact - creates a small zip file that contains a minimal amount of information
Full - creates a large zip file. Send this type of support file only if requested by GreenSQL.

To generate a support file
1.

On the Main Menu, click System.

2.

On the Context Menu, click Support.

3.

Click Compact or Full as required.

4.

Click Generate.

5.

Click Save File and note where you saved the file so you can send it to GreenSQL.

89

GreenSQL 2.5 User Guide
Alerts

14

Alerts

The GreenSQL alerts function allows you to send emails related to event types, such as GreenSQL
system changes, audit events, firewall events, and intrusion events, to a defined list of contacts. To
send alerts to contacts, an SMTP server must be defined.
The Alerts function can be enabled or disabled for each rule.





To create alerts, see Creating Alerts on page 90.
To edit alerts, see Editing Alerts on page 91.
For information related to contacts, see Contacts on page 92.
For information related to SMTP servers, see SMTP Servers on page 93.

14.1 Viewing Alerts
To view the list of Alerts


On the Main Menu, click Alerts.

14.2 Creating Alerts
It is recommended that you create a SMTP Server and one or more contacts before creating an alert.
See Creating SMTP Servers on page 94 and Creating Contacts on page 93.
To create alerts
1.

On the Main Menu, click Alerts.

2.

On the Command Bar, click Create New.

3.

Set the options as required (see table below), then click Create.
Alert Name

The name of the alert.

Alert interval

Determines the frequency at which alerts will be sent to the selected
contacts.

90

GreenSQL 2.5 User Guide
Alerts

Alert types

Type of events to appear in the alert. Select one of the following:


System – GreenSQL system logs, such as logons to management
console, rule creation or deletion, and others



Traffic - blocked queries resulting from the database firewall rules.



Intrusion – all queries detected either by the IPS or the IDS
mechanism.
An intrusion attempt can generate thousands of alerts per minute.
If the Alerts interval is not set properly, your mailbox can be
jammed with thousands of e-mail alerts and furthermore, you can
be identified as a spammer, GreenSQL will send you an alerts
summary based on the setting in Alerts interval.



Auditing – queries which passed through the GreenSQL proxy and
were not blocked



Masking – queries which passed through GreenSQL proxy and
matched a data masking rule

Verbose

Includes the SQL text in the alert.

Email contacts

Select existing contacts who will receive the alerts.
You can click New to create a new contact just with email address
details. To complete remaining details, edit the new contact later (see
Editing Contacts on page 93).

91

GreenSQL 2.5 User Guide
Alerts

14.3 Editing Alerts
To edit an alert


Change the options as required (see table below), then click Update.
Alert Name

The name of the alert.

Alert interval

Determines the frequency at which alerts will be sent to the selected
contacts.

Alert types

Type of events to appear in the alert. Select one of the following:


System – GreenSQL system logs, such as logons to management
console, rule creation or deletion, and others



Traffic - blocked queries resulting from the database firewall rules.



Intrusion – all queries detected either by the IPS or the IDS
mechanism.
An intrusion attempt can generate thousands of alerts per minute. If
the Alerts interval is not set properly, your mailbox can be jammed
with thousands of e-mail alerts and furthermore, you can be identified
as a spammer, GreenSQL will send you an alerts summary based on
the setting in Alerts interval.



Auditing – queries which passed through the GreenSQL proxy and
were not blocked



Masking – queries which passed through GreenSQL proxy and
matched a data masking rule

Verbose

Includes the SQL text in the alert.

Email contacts

Select existing contacts who will receive the alerts.
You can click New to create a new contact just with email address details.
To complete remaining details, edit the new contact later (see Editing
Contacts on page 93).

92

GreenSQL 2.5 User Guide
Alerts

14.4 Contacts
To send alerts, you must define the contacts who will receive the alerts. Contacts details include the
contact's names and email address.



To create contacts, see Creating Contacts on page 93.
To edit contacts, see Editing Contacts on page 93.

14.4.1 Creating Contacts
To create contacts
1.

On the Main Menu, click Alerts.

2.

On the Context Menu, click Contacts.

3.

On the Command Bar, click Create New.

4.

Define contact details.

5.

Click Create.

NOTE
You can create only one contact with the same e-mail address.

14.4.2 Editing Contacts
To edit a contact


Edit the contact details as required, and then click Update.

14.4.3 Disabling Contacts
To disable a contact
1.

In the Workspace, locate the contact you want to disable.

2.

In the Active column, clear the check box.

93

GreenSQL 2.5 User Guide
Alerts

14.5 SMTP Servers
To send the alerts you defined by email, you must define an SMTP server



To create an SMTP server, see Creating SMTP Servers on page 94.
To edit an SMTP server, see Editing SMTP Servers on page 94.

14.5.1 Creating SMTP Servers
To create an SMTP Server
1.

On the Main Menu, click Alerts.

2.

On the Context Menu, click SMTP Servers.

3.

On the Command Bar, click Create New.

4.

Enter the SMTP server details and sender’s information to appear in the emails (see table
below).
SMTP server name

A logical name for the SMTP server

SMTP server address

The IP address of the SMTP server

SMTP server port

The outgoing TCP/IP port of the SMTP server

Username

A valid username to access the SMTP server

Password

The password for the user defined in Username

From email

Choose the e-mail address to be used as the sender of the alerts.

From name

Choose the From name to be used as the sender of the alerts.

5.

Click Test Server to validate the SMTP server settings you entered.

6.

Click Create.

94

GreenSQL 2.5 User Guide
Alerts

14.5.2 Editing SMTP Servers
To edit an item
1.

Set the options as required (see table below) and click Update.
SMTP server name

A logical name for the SMTP server

SMTP server address

The IP address of the SMTP server

SMTP server port

The outgoing TCP/IP port of the SMTP server

Username

A valid username to access the SMTP server

Password

The password for the user defined in Username

From email

Choose the e-mail address to be used as the sender of the alerts.

From name

Choose the From name to be used as the sender of the alerts.

14.5.3 Disabling SMTP Servers
To disable items such as rules, objects, and databases from the Workspace
1.

In the Workspace, locate the item you want to disable.

2.

In the Active column, clear the check box.

95

GreenSQL 2.5 User Guide
Configuring and Managing Logs

15

Configuring and Managing Logs

GreenSQL generates logs that allow you to monitor your systems. All events are written to separate
database files and can be configured to be sent to a configured syslog server.
You can view the following types of logs in the Logs workspace:
Type of Log

Displays

Traffic

All events that meet the criteria defined by the rules are displayed in the
Traffic log.

Intrusion

Lists of queries that were blocked as a result of identified SQL injection
attempts.

System

Details on GreenSQL management console activities, such as:

Caching

Most Popular Queries



Logon and logoff from the management console



Configuration changes, such as proxy, database, objects and rule
creation, modifications or deletions



GreenSQL updates



Performance statistics of GreenSQL caching events (caching Log for a
specific query or pattern).



Efficiency statistics for each database that is cached.

List of most popular queries. Each event includes:


The query pattern



The total amount of times a specific query pattern was executed



Its average execution time

The Logs workspace also allows you to perform the following management functions:
Function

Archives
Archives Rotation

Syslog Settings

Description



Details of GreenSQL archives including archive name, size, and when it
was last modified and rotated.



Define number and size of log files to maintain.



Schedule how often to rotate the log archives.



Send log messages to a remote computer running a Syslog server.

96

GreenSQL 2.5 User Guide
Configuring and Managing Logs

15.1 Viewing Traffic Logs
Traffic logs display the list of allowed and blocked queries resulting from Database Firewall policy and
the list of allowed requests that failed to decrypt data when using the installed SSL certificate.
The following information is displayed in this workspace:
Log ID

ID of the event in the list of Traffic Log events.

Log Date

Date and time the event occurred.

Rule ID

The ID of the rule in the policy.

Rule Type

Type of activity monitoring rule applied to the Traffic Log events.

Database

The name of the database that is being audited, or all databases.

Query Group

The name of the Query Group containing patterns used as rules in a
policy.

Risk Profile

Profile used to identify threats.

Risk

Number of risks detected that answered the risk profile settings.

Action

Action applied to the query. Options include: Allow, Blocking, None.

Blocking Action

Action to be taken when query is blocked. For example: None, Close SQL
connection, Generate SQL error

To view the list of the Traffic logs
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click Traffic Logs.

3.

To view additional details on a specific log event, click the event. The window shows basic details
for the event.

4.

To view detailed information for the event, click Session Details.

97

GreenSQL 2.5 User Guide
Configuring and Managing Logs

15.2 Viewing Intrusion Logs
Intrusion logs display the lists of queries that were identified and/or blocked as a result of identified
SQL injection attempts.
The following information is displayed in this workspace:
Log ID

ID of the event in the list of Intrusion Log events.

Log Date

Date and time the event occurred.

Rule ID

The ID of the rule in the policy.

Rule Type

Type of activity monitoring rule applied to the Intrusion Log events.

Database

The name of the database that is being audited, or all databases.

Query Group

The name of the Query Group containing patterns used as rules in a
policy.

Risk Profile

Profile used to identify threats.

Risk

No of risks detected that answered the risk profile settings.

Action

Action applied to the query. Options include: Allow, Blocking, None.

Blocking Action

Action to be taken when query is blocked. For example: None, Close SQL
connection, Generate SQL error

To view the list of the Intrusion logs
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click Intrusion Logs.

3.

To view additional details on a specific log event, click the event. The window shows basic details
for the event.

4.

To view detailed information for the event, click Session Details.

98

GreenSQL 2.5 User Guide
Configuring and Managing Logs

15.3 Viewing System Logs
System logs display information on GreenSQL management console activities, such as:




Logon and logoff from the management console
Configuration changes, such as proxy, database, objects and rule creation, modifications or
deletions
GreenSQL updates

The following information is displayed in this workspace:
Log ID

ID of the event in the list of System Log events.

Date

Date and time the event occurred.

Page Name

The name of the page that was accessed.

Administration Name

Name of user performing the task.

Message

Description of task performed.

Severity

Severity of the event.

To view the list of the System logs
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click System Logs.

3.

To view additional details on a specific log event, click the event.

99

GreenSQL 2.5 User Guide
Configuring and Managing Logs

15.4 Viewing Caching Performance Logs
Caching logs display performance statistics of GreenSQL caching events (caching log for a specific
query or pattern).
The following information is displayed in this Caching Performance workspace:
Log ID

ID of the event in the list of Caching Log events.

Query Pattern

The query pattern of the event.

Executions

The number of times the query pattern was executed.

Average DB Time

Average database response time for a specific pattern.

Average Cache Time

Average caching response time for a specific pattern.

To view the performance data
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click Caching Logs.

3.

To view additional details on a specific log event, including the full SQL text, click the event.

15.5 Viewing Caching Efficiency Logs
Caching logs display efficiency statistics for each database that is cached.
The following information is displayed in this Caching Efficiency workspace:
Log ID

ID of the event in the list of Caching Log events.

Database

The database the queries were executed on.

Executions

The number of queries executed on the database.

Executions (DB)

Number of queries the database responded to.

Executions (Cache)

Number of queries the GreenSQL Caching responded to.

Efficiency %

Shows (in percentage) the rate of queries whose response originated from
GreenSQL compared to the total queries sent to the database.

To view the Caching efficiency data
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click Caching Logs, then click Efficiency.

3.

To view additional details on a specific database's caching efficiency, click the required log.

100

GreenSQL 2.5 User Guide
Configuring and Managing Logs

15.6 Viewing a Log of the Most Popular Queries
The Most Popular Queries log displays a list of the most popular queries.
The following information is displayed in this Most Popular Queries workspace:
Log ID

ID of the event in the list of Most Popular Queries.

Query Pattern

The query pattern of the event.

Database

The database the query was executed on.

Executions

The number of times that the query pattern was executed.

Avg. Execution Time
(sec)

The average execution time of the query pattern (in seconds).

To view the list of the Most Popular Queries
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click Most Popular Queries.

3.

To view additional details on a specific query pattern, click the query pattern.

15.7 Viewing the Archives Logs
To view the events in an archive
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click Archives.

3.

Click the required archive.

4.

The archive is opened in the Workspace, showing any events stored in the archive.

101

GreenSQL 2.5 User Guide
Configuring and Managing Logs

15.8 Setting Logs Archive Rotation
To configure log files archiving for logs
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click Archives Rotation.

3.

Configure the following options as required:






Number of Log Files – the maximum number of log files to save on the disk (the files are also
listed in the Archives Workspace). When this number is reached, the oldest log file is
overwritten.
Maximum File Size – the maximum log file size allowed. When a log file reaches the
maximum size, a new log file is created. However, if the maximum Number of Log Files
already exists in the Archives Workspace, the oldest log file is overwritten.
Scheduled Rotation - you can define a regular time (daily, weekly or monthly) to create a
new log file, even if the maximum file size limit has not been reached.

15.9 Configuring Syslog Settings
You can set up the system to send messages to a remote computer running a Syslog server. The
Syslog standard is used to capture log information from network devices.
To enable and configure Syslog functionality
1.

On the Main Menu, click Logs.

2.

On the Context Menu, click Syslog Settings.

3.

In the Logs Settings workspace, configure the following settings:
Status

Enable or disable writing to Syslog server.

Host/IP

IP address of remote Syslog server.

Syslog Server Port

By default, Syslog servers listen on port 514 and the
communication is performed over the UDP connection. You can
modify this port setting if necessary.

Minimum Severity

The minimum level of severity to be sent to the Syslog server.

Facility

The type of alert to be sent to the Syslog server.

102

GreenSQL 2.5 User Guide
Configuring and Managing Logs

Events

Click the check box next to the types of events you want to send to
the Syslog. Options include:
Intrusion Events
Activity Monitoring Events
Blocked SQL Events
Data Masking Events
System Events

4.

Click Send a Test to send an event to SYSLOG (as defined in the Syslog settings).

5.

Click Update to apply the settings.

103

GreenSQL 2.5 User Guide
Reports

16

Reports

You can view statistics on database activities by generating one of the built-in reports or a
customized report that you create.
The following built-in reports are available:









Top highest average execution time queries
Most popular queries
Top running execution span queries
Top intruders IP addresses
Top blocked queries
Top blocked users
Top blocked applications
Top bad logon attempts source IP addresses
NOTE
You cannot delete built-in reports.






To create a customized report, see Creating a Report on page 104.
To modify a report, see Editing Reports Definitions on page 106.
To generate built-in or customized reports, see Generating Reports on page 108.
To save a report to an Excel file or PDF file, see Saving Reports on page 108.

16.1 Creating a Report
To create a report
NOTE
If you are using GreenSQL Express or Standard, you cannot create reports.
1.

On the Main Menu, click Reports.

2.

On the Command Bar, click Create New.

3.

In the Report Properties - Step 1 Of 3 wizard, in the Report Name field, type the name of the
report that will be listed in the Workspace.

4.

In the Report Title field, type the name of the report that will be displayed in the generated
report.

5.

Click Next.

6.

In the Report Properties - Step 2 Of 3 wizard, in the Report Type list, click one of the report types
(see Customized Reports Types table below).

7.

In the Number of Events list, select the number of entries that you want to include in the report.

8.

Click Next.

9.

In the Report Properties - Step 3 Of 3 wizard, define the properties (see Modifiable Report
Options table below).

10. Click Update.

104

GreenSQL 2.5 User Guide
Reports

Customized Reports Types
Description

Report Type
Audit events

Lists all audit events.

Masking events

Lists all data masking events.

Blocked queries

Lists of blocked queries.

Allowed queries

Lists of allowed queries.

System logon events

Lists logon attempts to databases.

Traffic logs

Lists events of queries resulting from the database firewall policy.

Intrusion logs

Lists events of blocked queries resulting from identified SQL injection
attempts.

System logs

Includes details on GreenSQL management system activities, such as logon
and logoff from the management console, configuration changes, such as
proxy, database, objects and rule creation, modification or deletion, and
GreenSQL updates.

Database caching
efficiency

Shows the caching efficiency for each database that has been cached.

Caching performance

Shows the caching log for a queries or query patterns.

Modifiable Report Options
Report name

Name of report displayed in the Workspace.

Report title

Name of report displayed in the generated report.

Report type

See Customized Reports Types table above.

Number of entries

Number of entries to be included in the report. To include all entries
meeting the criteria, select Unlimited.

Time criteria

Specify the time frame covered by the report. You can choose to include
information collected in the last n days by selecting By recent days, or set
the time frame by selecting By time frame and defining the Start from and
End by times for the report.

105

GreenSQL 2.5 User Guide
Reports

Source criteria

Signifies the source criteria


IP address of client running the SQL



Name of database user running the SQL



Name of application used to send the SQL.

You can specify more than one type of source.
Click More to add conditions to the criteria. When the report is generated,
all the conditions defined must be met.
Destination criteria

Determines the destination of the event (proxy or database or both).

16.2 Editing Reports Definitions
To edit an existing report
1.

On the Main Menu, click Reports.

2.

In the Workspace, locate the report you need to modify and click

3.

For each of the wizard screens, change the options as required (see Customized Report Types
and Modifiable Report Options tables below), then click Update.

.

Customized Reports Types
Report Type

Description

Audit events

Lists all audit events.

Masking events

Lists all data masking events.

Blocked queries

Lists of blocked queries.

Allowed queries

Lists of allowed queries.

System logon events

Lists logon attempts to databases.

Traffic logs

Lists events of queries resulting from the database firewall policy.

Intrusion logs

Lists events of blocked queries resulting from identified SQL injection
attempts.

106

GreenSQL 2.5 User Guide
Reports

Description

Report Type
System logs

Includes details on GreenSQL management system activities, such as logon
and logoff from the management console, configuration changes, such as
proxy, database, objects and rule creation, modification or deletion, and
GreenSQL updates.

Database caching
efficiency

Shows the caching efficiency for each database that has been cached.

Caching performance

Shows the caching log for a queries or query patterns.

Modifiable Report Options
Report name

Name of report displayed in the Workspace.

Report title

Name of report displayed in the generated report.

Report type

See Customized Reports Types table above.

Number of entries

Number of entries to be included in the report. To include all entries
meeting the criteria, select Unlimited.

Time criteria

Specify the time frame covered by the report. You can choose to include
information collected in the last n days by selecting By recent days, or set
the time frame by selecting By time frame and defining the Start from and
End by times for the report.

Source criteria

Signifies the source criteria


IP address of client running the SQL



Name of database user running the SQL



Name of application used to send the SQL.

You can specify more than one type of source.
Click More to add conditions to the criteria. When the report is generated,
all the conditions defined must be met.
Destination criteria

Determines the destination of the event (proxy or database or both).

NOTE
For built in reports, you can only modify the number of entries.

107

GreenSQL 2.5 User Guide
Reports

16.3 Generating Reports
To generate a report
1.

On the Main Menu, click Reports.

2.

In the Context Menu, click Manage Reports.

3.

In the Workspace, locate the report you need to modify and click Generate on that row.
The Generated Reports Workspace appears with the generated report.

4.

Click the report you generated to view the report details.

16.4 Viewing Reports
To view a report
1.

On the Main Menu, click Reports.

2.

In the Context Menu, click Generated Reports.

3.

In the Workspace, locate the report to view and click it to view the report details.

16.5 Saving Reports
To save a generated report as a file
1.

On the Main Menu, click Reports.

2.

In the Context Menu, click Generated Reports.

3.

In the Workspace, locate the generated report you need to save and click Export on that row.

4.

In the Choose output file format, choose one of the following:



5.

PDF - saves the file in PDF format
Excel - saves the file in Microsoft Excel format

Click Create.

16.6 Deleting Generated Reports
To remove items such as rules, objects, and databases from the Workspace


Click

at the end of the row.

108

GreenSQL 2.5 User Guide
Implementing High Availability

17

Implementing High Availability

You can implement a High Availability (H/A) solution when continuity is crucial to your organization’s
operations. If a malfunction occurs on the main computer (Master), a second, stand-by computer
(Slave), can be configured to take over. To the network, the Master/Slave cluster appears to be a
single GreenSQL installation, processing SQL traffic and providing Unified Database Security (UDS)
services.

17.1 Overview
GreenSQL offers a high-availability cluster software solution. Configured as a group of two
applications running on two different computers (supporting GreenSQL installation), the High
Availability (H/A) solution can be reliably utilized with minimum to zero downtime. If a server running
the GreenSQL firewall application fails to respond, and the H/A clustering solution is not
implemented, GreenSQL will not be available until the faulted server is fixed. GreenSQL H/A
clustering remedies this situation by detecting hardware or software faults, and immediately
restarting the firewall application on another system without requiring administrative intervention a process known as failover. As part of this process, the H/A application configures the node before
running GreenSQL on it. It is necessary to configure the network hardware, along with the relevant
supporting applications, to successfully implement H/A.
The GreenSQL H/A cluster uses a heartbeat private network connection to monitor the health and
status of the Master node in the cluster.

17.2 Prerequisites
Both the Master server and Slave server hardware configurations must include a minimum of two
network cards (network interfaces) each:



A network interface dedicated to H/A (used for heartbeat and synchronization).
A network interface dedicated to the applications and database. The Master server should have
the “real” GreenSQL IP address, while in the initial configuration, the Slave server should have
some valid IP address that is different from the Master’s (having the “real” GreenSQL IP address).

For example, for a dedicated 198.18.0.0/31 network segment, the Master H/A dedicated interface is
configured with IP address 198.18.0.1, and the Slave H/A dedicated interface is configured with IP
address 198.18.0.2.
This type of configuration allows you to correctly apply an IP address on the Slave server. It is also
recommended to have exactly two network interfaces enabled on both the Master and the Slave to
avoid network ambiguities.
To modify the network cards (such as switch on/off and assign an IP), the H/A interface must have
administrator privileges (root on UNIX/Linux; administrator on Windows).
The H/A Workgroup Name and H/A Workgroup Password parameters must be the same on the
Master and Slave systems.
The network cards must have a static IP address. DHCP is not allowed.

109

GreenSQL 2.5 User Guide
Implementing High Availability

17.2.1 Default Gateway Prerequisites
The H/A dedicated network interfaces on the Master and Slave server should be configured on a
dedicated network segment. It is recommended to have a separate network segment dedicated only
for H/A.
The dedicated H/A interfaces on the Master and Slave server are part of the same closed network,
and therefore, should not have a default gateway configured.
The default gateway should be configured only on the Master and Slave servers’ public interfaces
(even though the Slave public interface uses a dummy IP address).

17.3 How High Availability Works
During the first stage of operation, the Master and Slave nodes are configured and activated. A
handshake process is activated between the two nodes. If the handshake process is successful, the
High Availability (H/A) system becomes operational.

NOTE
After initial configuration and start-up of High Availability, an active cluster is created. At this point,
the H/A process shuts down the firewall and management processes, and then shuts down the Slave
node's node’s public interface and reconfigures it to have the same IP address as the Master. This is
done to avoid an IP address conflict with the Master.
If the Slave node needs to be accessible from the network, configure an additional network interface
for this purpose. Make sure that Traffic routing is not configured via the public network interface that
the slave shuts down, but via this additional interface.
In general, the Master always talks to the Slave. If the connection from the Master server to the Slave
server is lost, the Slave server waits the amount of time configured in the heartbeat timeout (in
seconds). If the Master does not manage to connect, the Slave will automatically take over from the
Master server, and begin operating as if it were the Master server. The Slave server also takes
ownership of the GreenSQL IP address.

110

GreenSQL 2.5 User Guide
Implementing High Availability

Even after the Master server resumes operation, the Slave continues to work as the Master, and the
Master continues to work as the Slave. This "conflict resolution" mechanism solves the unique
problem of the Master server returning to life after a failure. The server that was originally
configured to be the Master server will only return to being the Master again if the Slave server,
which is currently acting as the Master server, fails.
After a failure, every H/A node starts up as a Slave. It waits a while for incoming connections from
the Master node. If it receives a connection from the Master during a defined period of time, it will
remain a Slave. However, if no connections are received during this time, the system will
automatically switch itself and become the Master.
GreenSQL constantly synchronizes configuration data from the Master server to the Slave server
(during normal operation, from Master to Slave, and in case of failover, from Slave to Master).

17.4 Viewing and Configuring High Availability
You can turn High Availability on or off in the High Availability workspace. If you turn off the H/A
cluster, both H/A peers return to their original configuration (as they were before the H/A cluster
was activated), that is, two separate GreenSQL installations.
NOTE
If proxies and databases that were configured on one peer, were copied to another peer while the
H/A cluster was active, they will not be reverted to their original configuration.
To turn on and configure the High Availability option
1.

On the Main Menu, click System.

2.

On the Context Menu, click High Availability.

3.

Configure the High Availability options as follows:
H/A Role

The role of the server.

H/A workgroup name

A logical name given to the High Availability Master/Slave cluster.
Note
The H/A workgroup name must be identical on both the Master and
Slave servers.

H/A workgroup
password

The High Availability workgroup password.
Note
The High Availability workgroup password must be identical on both
the Master and Slave servers.

H/A GreenSQL Proxy
IP

The IP address used to access DB clients (public IP). This address
must be static (DHCP is not allowed).
Note
On the Slave, this IP address will be reconfigured to the IP address
configured on Master.

111

GreenSQL 2.5 User Guide
Implementing High Availability

H/A dedicated
interface IP

The IP address used by the server (Master or Slave) for H/A
purposes. Choose an IP address from a list of detected IP addresses.
This address must be static (DHCP is not allowed).

H/A dedicated peer IP The IP address of the peer server (Master for Slave, Slave for
Master). This address must be static (DHCP is not allowed).
Takeover timeout

4.

The amount of time (in seconds) that the Master can be idle before
the Slave takes over. The Slave takes over from the Master after the
connection to the Master server is lost or no traffic is sent over the
channel between them. It will not take over the Master until the
"Heartbeat interval "amount of time has passed.

Click Update.
A message indicating that the High Availability Configuration was successfully updated is
displayed.

5.

Click Start H/A, then click OK to confirm.
The Start H/A button changes to Stop H/A. The Update button is no longer displayed. In this
state, you can not edit the High Availability parameters.

NOTE
After initial configuration and start-up of High Availability, an active cluster is created. At this point,
the H/A process shuts down the firewall and management processes, and then shuts down the Slave
node's node’s public interface and reconfigures it to have the same IP address as the Master. This is
done to avoid an IP address conflict with the Master.
To turn off the High Availability option
1.

On the Main Menu, click System.

2.

On the Context Menu, click High Availability.

3.

Click Stop H/A.
The Stop H/A button changes to Start H/A. The Update button is also displayed. You can now
possible edit the High Availability parameters.

112

GreenSQL 2.5 User Guide
Implementing High Availability

To view the status of the high availability configuration
1.

On the Main Menu, click System.

2.

On the Context Menu, click High Availability.

The following information is displayed in the High Availability Status workspace.
H/A GreenSQL Proxy IP The IP address used to access DB clients (public IP).
H/A dedicated Interface The IP address used by the server (Master or Slave) for H/A purposes.
IP
Last sync

The date when Master and Slave servers were last synchronized, that is,
all policies and rules were synchronized between the Master and Slave
servers.

Status

The status of the active server.
Possible values include:


Stopped



Stand-alone



Intializing



In cluster



Waiting for peer shutdown

113

GreenSQL 2.5 User Guide
Implementing High Availability

17.4.1 Configuring Failover Policy
GreenSQL High Availability is configured to automatically fail over to the Slave node in case of a
Master failure.
You can control GreenSQL’s failover policy to determine if the Slave node will take over automatically
or by user request.
To control the failover policy, follow the following steps on the Master and Slave nodes before
running GreenSQL High Availability:
1.

Go to GreenSQL’s installation directory. Default directories are:



2.
3.
4.
5.

6.

Windows - C:\Program Files\GreenSQL
Linux - /opt/GreenSQL

Go to data/conf directory.
Edit the file:

greensql.conf

In the file, locate the section [ha].
To allow automatic failover:

[ha]
manual_failover = false

To allow manual failover:

[ha]
manual_failover = true

17.4.2 Running GreenSQL High Availability Services
To run GreenSQL High Availability services
NOTE
The following procedure should be performed on both Master and Slave nodes. After performing this
procedure once, GreenSQL High Availability services will be started with every reboot of your servers
and you will be able to use the Start H/A and Stop H/A buttons.
1.

On the Main Menu, click System.

2.

On the Context Menu, click High Availability.

3.

If High Availability is currently running, click Stop H/A.

4.

Go to GreenSQL’s installation directory. Default directories are:



5.
6.

Windows - C:\Program Files\GreenSQL for Windows
Linux - /opt/GreenSQL

Go to data/conf directory.
Edit the file:
greensql-wd.conf

7.

Replace the line

#wd_proc_list=greensql-fw,greensql-mng

with the following:

114

GreenSQL 2.5 User Guide
Implementing High Availability

On Windows 64-bit systems:
wd_proc_list=greensql-fw.exe,../bin32/greensql-mng.exe,greensql-ha.exe

On Windows 32-bit systems:
wd_proc_list=greensql-fw.exe,greensql-mng.exe,greensql-ha.exe

On Linux 64-bit systems:
wd_proc_list=greensql-fw.exe,../bin32/greensql-mng.exe,greensql-ha.exe

On Linux 32-bit systems:
wd_proc_list=greensql-fw.exe,greensql-mng.exe,greensql-ha.exe

8.

Save the file.

9.

The service GreenSQL High Availability should be running. To verify, run the following:
On Windows:
Run Task Manager and verify that you can see the following processes running:





greensql-fw.exe
greensql-ha.exe
greensql-wd.exe
greensql-mng.exe

On Linux:
Run
ps –ef | grep greensql

and verify that the following processes are running:





greensql-fw
greensql-ha
greensql-wd
greensql-mng

10. Validate your High Availability configuration and click Start H/A.

115

GreenSQL 2.5 User Guide
Implementing High Availability

17.4.3 Stopping GreenSQL High Availability
To stop GreenSQL High Availability
1.

On the Master node, click Stop H/A.

2.

If an active cluster has never been created, use Stop H/A button on the Slave node also
(otherwise the Slave node’s management is shut down. If an active cluster has been created at
least once, then the Master node will wait for the Slave node to shut down High Availability).

17.4.4 Disabling GreenSQL High Availability
To disable GreenSQL High Availability services on the Slave node:
1.

Go to GreenSQL’s installation directory. Default directories are:



2.
3.
4.

Windows - C:\Program Files\GreenSQL for Windows
Linux - /opt/GreenSQL

Go to data/conf directory.
Edit the file:

greensql-wd.conf

Comment out the line beginning with wd_proc_list=
For example, change:

wd_proc_list=greensql-fw.exe,greensql-mng.exe,greensql-ha.exe

to

#wd_proc_list=greensql-fw.exe,greensql-mng.exe,greensql-ha.exe

5.
6.
7.

Save the file.
If it exists, delete the file:

greensql-wd.conf.override

Stop GreenSQL services as follows:
On Windows (as an administrator):
a.

Go to Start->Control Panel->System and Security->Administrative Tools->Services.

b.

Stop the service GreenSQL.

On Linux:


Run the following command as a superuser:

/etc/init.d/greensql stop

8.

If required, reconfigure your network interface cards to their original state.

116

GreenSQL 2.5 User Guide
Implementing High Availability

To disable GreenSQL High Availability services on the Master node:
1.

Repeat steps 1-8 above for disabling GreenSQL High Availability services on the Slave node.

2.

Start GreenSQL as follows:
On Windows (as an Administrator):
a.

Go to Start->Control Panel->System and Security->Administrative Tools->Services.

b.

Start the service GreenSQL.

On Linux:


Run the following command as a superuser:
/etc/init.d/greensql start

3.

Log on to GreenSQL management interface.

4.

On the Main Menu, click System.

5.

On the Context Menu, click High Availability.

6.

Click Stop H/A.

117

GreenSQL 2.5 User Guide
Index

18

Index

A
Activating and Configuring GreenSQL • 14
Activating GreenSQL • 25
Activating the License • 87, 88
Activity Monitoring Rule Types • 62
Adding or Removing Widgets • 23
Alerts • 38, 39, 41, 64, 66, 72, 75, 90
Auditable Objects and Commands • 62, 68
B
Backing Up GreenSQL Settings • 87
C
Caching • 38, 39, 79
Caching (Database Acceleration) • 10
Certificates and SSL Support • 34
Changing the Dashboard Layout • 24
Concepts • 11
Configuring Administrative Settings • 82, 84
Configuring and Managing Logs • 96
Configuring Basic GreenSQL Options through
Quick Connect • 16, 31
Configuring Failover Policy • 114
Configuring General System Settings • 82, 83
Configuring Management Settings • 82, 86
Configuring Syslog Settings • 38, 39, 41, 102
Configuring the Basics • 25
Configuring the System • 25, 82
Connecting to a Database • 31, 32
Contacts • 90, 93
Creating a Data Masking Rule • 71
Creating a Database in GreenSQL • 59
Creating a Database Security Rule • 28, 35, 37,
42, 43, 49
Creating a One-Time Schedule • 36, 55
Creating a Recurring Schedule • 56
Creating a Regular Expression Query Pattern •
46
Creating a Report • 104
Creating a Schedule Group • 56
Creating a Table • 35, 38, 57
Creating a Tables Group • 58
Creating a User • 84
Creating Alerts • 35, 90
Creating an Administrative Activity Monitoring
Rule • 62, 63
Creating an Instance • 26

Creating Application Groups • 54
Creating Application Names • 54
Creating Contacts • 90, 93
Creating Database User Groups • 53
Creating Database Users • 53
Creating IP Address Ranges • 51
Creating IP Addresses • 51
Creating IP Groups • 52
Creating Policy Objects • 35, 36, 50
Creating Profiles • 84, 85
Creating Proxies • 25, 28
Creating Query Groups • 35, 37, 43, 45
Creating Query Patterns • 49
Creating Risk Profiles • 40, 42
Creating SMTP Servers • 83, 90, 94
Customizing views • 19, 21
D
Database • 12
Database Activity Monitoring • 31, 62, 64, 65,
66, 67
Database Activity Monitoring (Auditing) • 11
Database Firewall • 10
Database Firewall Rule Options • 36, 37, 41
Database Security • 10
Databases in GreenSQL • 58
Default Gateway Prerequisites • 110
Defining a Basic Policy • 31, 35
Defining Advanced Options for a Policy • 41
Defining Your Security Policy (Advanced
Options) • 35
Deleting Databases • 61
Deleting Generated Reports • 108
Deleting Instances • 27
Deleting Items • 19, 20, 27, 30, 61, 85
Deleting Proxies • 30
Deleting Risk Profiles • 42
Deleting User Profiles • 85
Disabling Contacts • 93
Disabling Databases • 61
Disabling GreenSQL High Availability • 116
Disabling Instances • 27
Disabling Items • 19, 20
Disabling Proxies • 30
Disabling SMTP Servers • 95
Disabling User Profiles • 85
Dynamic Data Masking • 11, 31, 71
E
Editing a Database in GreenSQL • 60, 83

118

GreenSQL 2.5 User Guide
Index

Editing a Regular Expression Query Pattern •
48
Editing a User • 84
Editing Activity Monitoring Rules • 62, 65
Editing Alerts • 90, 92
Editing Contacts • 91, 92, 93
Editing Data Masking Rules • 71, 75
Editing Database Security Rules • 41
Editing Instances • 27
Editing Items • 19
Editing Proxies • 29
Editing Query Groups • 44
Editing Query Patterns • 50
Editing Reports Definitions • 104, 106
Editing Risk Profiles • 42
Editing SMTP Servers • 94, 95
Editing User Profiles • 85
Enabling Database Logon/Logoff Auditing •
60, 62, 63
F
Filtering • 19, 21
G
Generating Reports • 104, 108
Getting to Know GreenSQL’s Interface • 16
GreenSQL Proxy • 12
GreenSQL’s Four Key Elements • 9
H
How GreenSQL Database Caching Works • 79
How High Availability Works • 23, 110
I
Implementing High Availability • 82, 109
Injection Patterns • 40, 45
Instance • 12
Instances in GreenSQL • 25, 26
Introducing GreenSQL • 8
L
Learning Mode Rule Options • 36, 41
M
Maintaining GreenSQL • 82, 87
Managing Management Certificates • 86
O
Objects • 12
Overview • 109

P
Prerequisites • 109
Proxies in GreenSQL • 28
R
Related Documents • 13
Reordering Rules • 19, 22, 35, 62, 71
Reports • 104
Resetting GreenSQL to Default Settings • 87,
88
Restoring GreenSQL Settings • 87
Risk-Based IPS/IDS Rule Options • 36, 40, 41,
45
Running GreenSQL High Availability Services •
114
S
Saving Reports • 104, 108
Separation of Duties • 10
Setting Activity Monitoring Archive Rotation •
62, 68
Setting Caching per Database • 60, 80
Setting Caching Per Policy • 80
Setting Caching Per Query • 81
Setting Data Masking Archive Rotation • 71,
78
Setting Logs Archive Rotation • 102
Setting System Caching • 80, 81, 82
SMTP Servers • 90, 94
Software Specifications • 9
Sorting Items • 19, 20
SQL Injection Detection and Prevention • 10
Stopping GreenSQL High Availability • 116
Support • 82, 89
Switching between Global and Database
Views • 19, 22
T
The GreenSQL Architecture • 8
The GreenSQL Line of Products • 11
The Main Menu • 18
The Workspace • 19
U
Uploading Management Certificates • 86
User Profiles • 84
Using Learned Patterns • 41, 49
Using Query Groups • 41, 43
Using Regular Expression Patterns • 41, 45, 50

119

GreenSQL 2.5 User Guide
Index

Using Risk Profiles • 35, 41, 50
Using the Dashboard • 23
V
Viewing a Log of the Most Popular Queries •
101
Viewing Activity Monitoring Events • 62, 67
Viewing Activity Monitoring Log Archives • 62,
68
Viewing Alerts • 90
Viewing and Configuring High Availability •
111
Viewing Caching Efficiency Logs • 100
Viewing Caching Performance Logs • 79, 100
Viewing Data Masking Events • 71, 77
Viewing Data Masking Log Archives • 71, 78
Viewing Databases • 59
Viewing Intrusion Logs • 41, 98
Viewing License Information • 16, 87, 88
Viewing Reports • 108
Viewing System Information • 82
Viewing System Logs • 99
Viewing the Archives Logs • 101
Viewing the Database Security Policy • 41
Viewing Traffic Logs • 38, 39, 97

120

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close