Session Policies

Session policies allow you define rules based on properties of the session to block, audit and alert on SSH, SFTP, RDP, HTTP/S, TCP and database activity. Additionaly for database sessions you can provide permission, data masking and row/column security.

Policy types:

Does the order of the connection & statement policies matter?

Yes, each policy has a position value and policies are executed from position 0 to position N. Processing stops once a policy matches. You can re-order policies in the grid by dragging them into position.

When a policy matches a row is inserted into the policy execution log.

Before Connection Policy

Details

Triggered : Before any authentication processing

Best for : Blocking unregistered logins or unauthorized use of service accounts.

To add a policy

Click Policies > Connection Policies

Click Before Connection Policy

Fill in these fields on the Rule Settings tab:

Field Description
Rule Description A description for the policy
Alert Channel (optional) The alert to trigger
Rule Enabled True or false
Rule Type Allow, Allow & Log, Deny & Deny without log
Rule Clause Add rule line(s)

Field	Description
Rule Description	A description for the policy
Alert Channel	(optional) The alert to trigger
Rule Enabled	True or false
Rule Type	Allow, Allow & Log, Deny & Deny without log
Rule Clause	Add rule line(s)

Examples

Click on thumbnail to see example policy

After Connecton Policy

Details

Triggered : After any authentication processing.

Best for : Policies that check a user's assigned roles or existing sessions.

To add a policy

Click Policies > Connection Policies

Click After Connection Policy

Fill in these fields on the Rule Settings tab:

Field Description
Rule Description A description for the policy
Alert Channel (optional) The alert to trigger
Rule Enabled True or false
Rule Type Allow, Allow & Log, Deny & Deny without log
Rule Clause Add rule line(s)

Field	Description
Rule Description	A description for the policy
Alert Channel	(optional) The alert to trigger
Rule Enabled	True or false
Rule Type	Allow, Allow & Log, Deny & Deny without log
Rule Clause	Add rule line(s)

Examples

Click on thumbnail to see example policy

Statement Policy

Details

Triggered : After any authentication processing & before a database command is analyzed, permission checked & processed.

Best for : Blocking & auditing database activity based on a regex and other patterns that are not handled by permission policies.

To add a policy

Click Policies > Statement Policies

Click Before Execute Policy

Fill in these fields on the Rule Settings tab:

Field Description
Rule Description A description for the policy
Alert Channel (optional) The alert to trigger
Rule Enabled True or false
Rule Type Allow, Allow & Log, Deny & Deny without log
Rule Clause Add rule line(s)

Field	Description
Rule Description	A description for the policy
Alert Channel	(optional) The alert to trigger
Rule Enabled	True or false
Rule Type	Allow, Allow & Log, Deny & Deny without log
Rule Clause	Add rule line(s)

Examples

Click on thumbnail to see example policy