Skip to main content
Skip table of contents

Alerts

Overview

The Alerts page offers notification features related to resource access. By pre-setting trigger conditions for major anomalies, you can detect policy violations in real-time. This allows for the rapid identification and resolution of potential security incidents and helps protect sensitive information from exposure or excessive queries that exceed predefined thresholds.

스크린샷 2024-07-28 오후 10.33.20.png

Administrator > General > Company Management > Alerts

This document covers the following topics

Creating Notifications

Click the Create Alert button at the top right of the Alerts page to create a new notification. Click the OK button to complete the notification creation.

스크린샷 2024-07-29 오후 2.17.28.png

Administrator > General > Company Management > Alerts > Create Alert

  1. Name : Notification Name

  2. Alert Type : Refer to the notification types section below

  3. Alert Detail : Notification sending conditions and message template

    1. Sending Conditions: Sending Conditions: Refer to the notification types and sending conditions section below.

    2. Message Template: Template for the message to be sent with the notification

      1. Default templates are pre-filled based on notification type

      2. You can check supported variable types in Message Template Variables (varies by Alert Type)

  4. Channel : Channel for sending notifications

    1. Select from the channels listed under Administrator > General > Channels

    2. For more details about channels, refer to the Channels document

Notification Types

Supports common notifications as well as notifications specialized for DB access and system access. Refer to the table below to see the supported notification types for each service.

Service Classification

Notification Type

Description

SAC, DAC, KAC

New Request

New Approval Request Notification

General

Unusual Login Attempt

User Login Activity Notification by IP Range

DAC

SQL Execution

Notification for SQL Statement Execution Matching Defined Conditions

DAC

Prevented SQL Execution

Unauthorized SQL Execution Notification

DAC

DB Connection Attempt

Database Connection Success or Failure Notification

DAC

Sensitive Data Access

Notification for Accessing Sensitive Data Based on Defined Conditions

DAC

SQL Export

Notification for SQL Export Execution Based on Defined Conditions

SAC

Server Connection Attempt

Server Connection Success or Failure Notification

SAC

Restricted Command

Notification for Execution of Blocked Commands by Server/Server Group

SAC

Specific Command

Specific Command Execution Notification

SAC

File Transfer (SFTP)

File Transfer Execution Notification via SFTP

Notification Types and Sending Conditions

When creating a notification, you can specify the sending conditions in the Alert Detail based on the selected notification type.

1. New Request

Notification for New Approval Request Registration

  • Approval Type : Select the workflow request type (single choice)

    • Select All : Send notifications for all types

  • Alert Trigger Condition (Urgent Mode) : Specify the trigger condition for the alert

    • On : Send notifications only for post-approval requests

    • Off : Send notifications only for requests that are not post-approval

    • Select All : Send notifications for all approval requests

2. Unusual Login Attempt

Notification for User Login Activity by IP Range

  • Action Count : Number of failed authentication attempts required to trigger the notification

  • Specific Time Interval (Minutes) : Time interval (in minutes) used as the basis for sending notifications

For example, to send a notification for abnormal login attempts after 3 failed login attempts within 5 minutes

  • Alert Type : Unusual Login Attempt

  • Action Count : 3

  • Specific Time Internal : 5

3. SQL Execution

Notification for SQL Statement Execution Matching Defined Conditions

  • Alert Trigger Condition (Rows) : Number of rows for which the SQL execution should trigger a notification

  • SQL Events : SQL queries that should trigger a notification (multiple selections allowed)

    • Select All : Send notifications for all queries that meet the row count condition

  • Connection : Target connection for sending notifications (single choice)

    • Select All : Send notifications for all connections

Example 1: Notification for Large Data Retrieval

  • Alert Type : SQL Execution

  • Trigger Condition (Rows) : 100

  • SQL Events : SELECT

Example 2: Notification for Data Modification and Deletion Attempts

  • Alert Type : SQL Execution

  • Trigger Condition (Rows) : 1

  • SQL Events : UPDATE, DELETE

Example 3: Notification for Attempts to Create, Alter, Truncate, Drop Tables, or Delete Privileges

  • Alert Type : SQL Execution

  • Trigger Condition (Rows) : 0

  • SQL Events : CREATE, ALTER, DROP, TRUNCATE, REVOKE

4. Prevented SQL Execution

Notification for Unauthorized SQL Execution

  • Connection : Target connection for sending notifications (single choice)

    • Select All : Send notifications for all connections

5. DB Connection Attempt

Notification for Database Connection Success or Failure

  • Alert Trigger Condition : Condition for sending notifications

    • Success : Send notifications for successful database connections

    • Failure : Send notifications for failed database connections

      • Connection Failure Trigger with Interval : Set conditions for connection failure notifications

        • Off: No conditions (send notifications for every connection failure)

        • On: With conditions (send notifications only if failures exceed a defined number/period)

          • Action Count : Number of failures required to trigger a notification

          • Specific Time Interval (Minutes) : Time period (in minutes) used to evaluate connection failures

  • Connection : Target connection for sending notifications (single choice)

    • Select All : Send notifications for all connections

Example: Notification for Abnormal Database Connection Attempts

  • Alert Type : DB Connection Attempt

  • Alert Trigger Condition : Failure

  • Connection Failure Trigger with Internal

    • Action Count : 3

    • Specified Time Internal (Minutes) : 5

6. Sensitive Data Access

Notification for Accessing Sensitive Data Based on Defined Conditions

  • Alert Trigger Condition : Condition that triggers the notification

    • Sensitive Level : Select from the registered sensitivity levels - Low, Medium, or High

    • Policy : Choose from the sensitive data policies registered in QueryPie

To use the Sensitive Data Access notification type, sensitive data policies must pre-define tables and columns containing personal information. For more details, refer to the Sensitive Data document.

Example 1: Notification for Accessing Personal Data with High Sensitivity Level

  • Alert Type : Sensitive Data Access

  • Alert Trigger Condition : Sensitive Level = High

Example 2: Notification for Accessing Personal Data in a Specific Database

  • Alert Type : Sensitive Data Access

  • Alert Trigger Condition : Policy = {사전에 등록된 Sensitive Data 정책}

  • For this notification type, ensure that personal data tables and columns are pre-defined in the Sensitive Data policy.

7. SQL Export

Notification for SQL Export Execution Matching Defined Conditions

  • Alert Trigger Condition (Rows) : Number of rows for which the SQL export should trigger a notification

  • Connection : Target connection for sending notifications (single choice)

    • Select All : Send notifications for all connections

 Example: Notification for Attempting to Export More Than 100 Rows of Data

  • Alert Type : SQL Export

  • Trigger Condition (Rows) : 100

8. Server Connection Attempt

Notification for Server Connection Success or Failure

  • Alert Trigger Condition : Condition for sending notifications

    • Success : Send notifications for successful server connections

    • Failure : Send notifications for failed server connections

  • Connection : Target connections for sending notifications (multiple selections allowed)

    • You can select servers and server groups, and duplicate selections are allowed

      • Even if multiple targets are selected, the notification will be sent only once

    • Select All : Send notifications for all connections

Example: Send Notification Only When a Server Connection Attempt Fails

  • Alert Type : Server Connection Attempt

  • Alert Trigger Condition : Check only Failure

9. Restrict Command

Notification for Execution of Blocked Commands by Server/Server Group

  • Connection : Target connections for sending notifications (multiple selections allowed)

    • You can select servers and server groups, and duplicate selections are allowed

      • Even if multiple targets are selected, the notification will be sent only once

    • Select All : Send notifications for all connections

10. Specific Command

Notification for Execution of Specific Commands

  • Connection : Target connections for sending notifications (multiple selections allowed)

    • You can select servers and server groups, and duplicate selections are allowed

      • Even if multiple targets are selected, the notification will be sent only once

    • Select All : Send notifications for all connections

  • Command : Conditions for triggering notifications for specific commands.

    • Keyword : Trigger notification if the command contains specified keywords.

    • RegExr : Trigger notification if the command matches the specified regular expression.

Example: Send Notification When a User Executes a Pre-defined Specific Command

  • Alert Type : Specific Command

  • Command : Keyword > rm ls

11. File Transfer (SFTP)

Notification for File Transfer Execution via SFTP

  • Alert Trigger Condition : Conditions for sending notifications

    • FIle Upload : Send notification when a file is uploaded

    • File Download : Send notification when a file is downloaded

  • Connection : Target connections for sending notifications (multiple selections allowed)

    • You can select servers and server groups, and duplicate selections are allowed

      • Even if multiple targets are selected, the notification will be sent only once

    • Select All : Send notifications for all connections

Example: Send Notification Only When a User Downloads a File via SFTP

  • Alert Type : File Transfer (SFTP)

  • Alert Trigger Condition : Check only File Download

Viewing and Editing Notification Details

To view or modify the details of a notification, select the notification you want to review on the Alerts page. In the Details tab of the detailed page, you can view and edit the notification conditions and messages that were set during creation. Click the Save Changes button at the top right to apply any modifications.

스크린샷 2024-07-29 오후 3.42.17.png

Administrator > General > Company Management > Alerts > List Details (Details)

Testing Notification Integration

On the Alerts page, select the notification you want to test. Click the Test button at the top right of the detailed page to send a test notification to the selected channel.

The test message will be sent with the content: QueryPie Alert Test.

Viewing Notification Sending History

In the Alerts list, select the notification for which you want to view the sending history. On the detailed page, navigate to the Log section to review the notification history.

스크린샷 2024-07-29 오후 3.42.23.png

Administrator > General > Company Management > Alerts > List Details (Logs)

Deleting Notifications

There are two methods for deleting existing notifications.

1. Delete from the Alerts Page

In the Alerts list, select the notifications you wish to delete using the checkboxes. Click the Delete button that appears. A confirmation modal will be displayed. Click the OK button to complete the deletion.

2. Delete from the Notification Detail Page

Go to the detailed page of the notification you want to delete. Click the Delete button at the top right of the page. A confirmation modal will appear. Click theOK button to finalize the deletion.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.