Configure audits

In PSM, you can further refine the settings for your audit.

Filter SQL command audits

PSM can filter SQL command audits that are recorded during PSM-Toad and PSM-SQLPlus connections to minimize unwanted audit records, reducing the number of audit records stored in the Vault and increasing server performance. Filters can be created at system level to apply to all SQL commands issued through PSM connections, or at platform level to apply to SQL commands issued through connections that are linked to a specific platform.

You can define lists to filter commands that are recorded according to the following criteria:

Commands to audit

An allowlistis a list of SQL commands that are included in the command audit records. All other commands are not included. By default, all commands that are issued during privileged sessions are audited. However, after you create an allowlist, only the listed commands are audited, if they do not appear in the denylist.

Commands not to audit

A denylistis a list of SQL commands that are excluded from audit records. All other commands are included.

By defining denylists and allowlists, you assert granular control over audit records in the Vault and determine exactly which commands are audited. These lists are created in audit filter rules as regular expressions which define specific commands. You can create as many rules as you require for denylists as well as allowlists, as well as lists that combine them both.

 

Denylist:

By default, PSM includes a single denylist that excludes the multiple commands that are issued automatically at the start of each Toad session. These commands are predetermined as part of the Toad setup, and are not relevant to the privileged session, other than to start it. This denylist excludes these commands from the session audit, and reduces the number of audit records stored in the Vault.

 

Allowlist:

The following example describes an example of when you would require an allowlist: You wish to audit all DDL queries such as ‘update’, ‘insert’, and ‘delete’ so that you know who issues these commands, when, and from which station. However, you don’t need to audit other commands that are issued. You can create an allowlist that contains these commands, ensuring that every time these specific commands are issued during the privileged session, they are audited.