Alerts
Overview
The Alerts page offers notification features related to resource access. By pre-setting trigger conditions for major anomalies, you can detect policy violations in real-time. This allows for the rapid identification and resolution of potential security incidents and helps protect sensitive information from exposure or excessive queries that exceed predefined thresholds.
This document covers the following topics
Creating Notifications
Click the Create Alert
button at the top right of the Alerts page to create a new notification. Click the OK
button to complete the notification creation.
Name : Notification Name
Alert Type : Refer to the notification types section below
Alert Detail : Notification sending conditions and message template
Sending Conditions: Sending Conditions: Refer to the notification types and sending conditions section below.
Message Template: Template for the message to be sent with the notification
Default templates are pre-filled based on notification type
You can check supported variable types in
Message Template Variables
(varies by Alert Type)
Channel : Channel for sending notifications
Select from the channels listed under Administrator > General > Channels
For more details about channels, refer to the Channels document
Notification Types
Supports common notifications as well as notifications specialized for DB access and system access. Refer to the table below to see the supported notification types for each service.
Service Classification | Notification Type | Description |
---|---|---|
SAC, DAC, KAC | New Request | New Approval Request Notification |
General | Unusual Login Attempt | User Login Activity Notification by IP Range |
DAC | SQL Execution | Notification for SQL Statement Execution Matching Defined Conditions |
DAC | Prevented SQL Execution | Unauthorized SQL Execution Notification |
DAC | DB Connection Attempt | Database Connection Success or Failure Notification |
DAC | Sensitive Data Access | Notification for Accessing Sensitive Data Based on Defined Conditions |
DAC | SQL Export | Notification for SQL Export Execution Based on Defined Conditions |
SAC | Server Connection Attempt | Server Connection Success or Failure Notification |
SAC | Restricted Command | Notification for Execution of Blocked Commands by Server/Server Group |
SAC | Specific Command | Specific Command Execution Notification |
SAC | File Transfer (SFTP) | File Transfer Execution Notification via SFTP |
Notification Types and Sending Conditions
When creating a notification, you can specify the sending conditions in the Alert Detail based on the selected notification type.
1. New Request
Notification for New Approval Request Registration
Approval Type : Select the workflow request type (single choice)
Select All : Send notifications for all types
Alert Trigger Condition (Urgent Mode) : Specify the trigger condition for the alert
On : Send notifications only for post-approval requests
Off : Send notifications only for requests that are not post-approval
Select All : Send notifications for all approval requests
2. Unusual Login Attempt
Notification for User Login Activity by IP Range
Action Count : Number of failed authentication attempts required to trigger the notification
Specific Time Interval (Minutes) : Time interval (in minutes) used as the basis for sending notifications
For example, to send a notification for abnormal login attempts after 3 failed login attempts within 5 minutes
Alert Type : Unusual Login Attempt
Action Count : 3
Specific Time Internal : 5
3. SQL Execution
Notification for SQL Statement Execution Matching Defined Conditions
Alert Trigger Condition (Rows) : Number of rows for which the SQL execution should trigger a notification
SQL Events : SQL queries that should trigger a notification (multiple selections allowed)
Select All : Send notifications for all queries that meet the row count condition
Connection : Target connection for sending notifications (single choice)
Select All : Send notifications for all connections
Example 1: Notification for Large Data Retrieval
Alert Type : SQL Execution
Trigger Condition (Rows) : 100
SQL Events : SELECT
Example 2: Notification for Data Modification and Deletion Attempts
Alert Type : SQL Execution
Trigger Condition (Rows) : 1
SQL Events : UPDATE, DELETE
Example 3: Notification for Attempts to Create, Alter, Truncate, Drop Tables, or Delete Privileges
Alert Type : SQL Execution
Trigger Condition (Rows) : 0
SQL Events : CREATE, ALTER, DROP, TRUNCATE, REVOKE
4. Prevented SQL Execution
Notification for Unauthorized SQL Execution
Connection : Target connection for sending notifications (single choice)
Select All : Send notifications for all connections
5. DB Connection Attempt
Notification for Database Connection Success or Failure
Alert Trigger Condition : Condition for sending notifications
Success : Send notifications for successful database connections
Failure : Send notifications for failed database connections
Connection Failure Trigger with Interval : Set conditions for connection failure notifications
Off: No conditions (send notifications for every connection failure)
On: With conditions (send notifications only if failures exceed a defined number/period)
Action Count : Number of failures required to trigger a notification
Specific Time Interval (Minutes) : Time period (in minutes) used to evaluate connection failures
Connection : Target connection for sending notifications (single choice)
Select All : Send notifications for all connections
Example: Notification for Abnormal Database Connection Attempts
Alert Type : DB Connection Attempt
Alert Trigger Condition : Failure
Connection Failure Trigger with Internal
Action Count : 3
Specified Time Internal (Minutes) : 5
6. Sensitive Data Access
Notification for Accessing Sensitive Data Based on Defined Conditions
Alert Trigger Condition : Condition that triggers the notification
Sensitive Level : Select from the registered sensitivity levels - Low, Medium, or High
Policy : Choose from the sensitive data policies registered in QueryPie
To use the Sensitive Data Access notification type, sensitive data policies must pre-define tables and columns containing personal information. For more details, refer to the Sensitive Data document.
Example 1: Notification for Accessing Personal Data with High Sensitivity Level
Alert Type : Sensitive Data Access
Alert Trigger Condition : Sensitive Level = High
Example 2: Notification for Accessing Personal Data in a Specific Database
Alert Type : Sensitive Data Access
Alert Trigger Condition : Policy = {사전에 등록된 Sensitive Data 정책}
For this notification type, ensure that personal data tables and columns are pre-defined in the Sensitive Data policy.
7. SQL Export
Notification for SQL Export Execution Matching Defined Conditions
Alert Trigger Condition (Rows) : Number of rows for which the SQL export should trigger a notification
Connection : Target connection for sending notifications (single choice)
Select All : Send notifications for all connections
Example: Notification for Attempting to Export More Than 100 Rows of Data
Alert Type : SQL Export
Trigger Condition (Rows) : 100
8. Server Connection Attempt
Notification for Server Connection Success or Failure
Alert Trigger Condition : Condition for sending notifications
Success : Send notifications for successful server connections
Failure : Send notifications for failed server connections
Connection : Target connections for sending notifications (multiple selections allowed)
You can select servers and server groups, and duplicate selections are allowed
Even if multiple targets are selected, the notification will be sent only once
Select All : Send notifications for all connections
Example: Send Notification Only When a Server Connection Attempt Fails
Alert Type : Server Connection Attempt
Alert Trigger Condition : Check only Failure
9. Restrict Command
Notification for Execution of Blocked Commands by Server/Server Group
Connection : Target connections for sending notifications (multiple selections allowed)
You can select servers and server groups, and duplicate selections are allowed
Even if multiple targets are selected, the notification will be sent only once
Select All : Send notifications for all connections
10. Specific Command
Notification for Execution of Specific Commands
Connection : Target connections for sending notifications (multiple selections allowed)
You can select servers and server groups, and duplicate selections are allowed
Even if multiple targets are selected, the notification will be sent only once
Select All : Send notifications for all connections
Command : Conditions for triggering notifications for specific commands.
Keyword : Trigger notification if the command contains specified keywords.
RegExr : Trigger notification if the command matches the specified regular expression.
Example: Send Notification When a User Executes a Pre-defined Specific Command
Alert Type : Specific Command
Command : Keyword >
rm
ls
11. File Transfer (SFTP)
Notification for File Transfer Execution via SFTP
Alert Trigger Condition : Conditions for sending notifications
FIle Upload : Send notification when a file is uploaded
File Download : Send notification when a file is downloaded
Connection : Target connections for sending notifications (multiple selections allowed)
You can select servers and server groups, and duplicate selections are allowed
Even if multiple targets are selected, the notification will be sent only once
Select All : Send notifications for all connections
Example: Send Notification Only When a User Downloads a File via SFTP
Alert Type : File Transfer (SFTP)
Alert Trigger Condition : Check only File Download
Viewing and Editing Notification Details
To view or modify the details of a notification, select the notification you want to review on the Alerts page. In the Details tab of the detailed page, you can view and edit the notification conditions and messages that were set during creation. Click the Save Changes
button at the top right to apply any modifications.
Testing Notification Integration
On the Alerts page, select the notification you want to test. Click the Test
button at the top right of the detailed page to send a test notification to the selected channel.
The test message will be sent with the content: QueryPie Alert Test.
Viewing Notification Sending History
In the Alerts list, select the notification for which you want to view the sending history. On the detailed page, navigate to the Log section to review the notification history.
Deleting Notifications
There are two methods for deleting existing notifications.
1. Delete from the Alerts Page
In the Alerts list, select the notifications you wish to delete using the checkboxes. Click the Delete
button that appears. A confirmation modal will be displayed. Click the OK
button to complete the deletion.
2. Delete from the Notification Detail Page
Go to the detailed page of the notification you want to delete. Click the Delete
button at the top right of the page. A confirmation modal will appear. Click theOK
button to finalize the deletion.