Alec,
I believe Event Type is a SQL Criteria for Access Rules. If you are looking for Exception Type you need to build an Exception Rule. When building a new rule inside of a policy look inside of the 'Rule Definition' section (the same place you define the Rule Name). Ensure that the Rule Type is set to 'Exception', not 'Access'.
To elaborate on why you need an Exception Rule instead of an Access rule, Exception Rules are used to evaluate
unsuccessful database activity: such as SQL Errors, Failed Logins, etc. Access rules on the other hand are used to evaluate
successful database activity.
------------------------------
Chase Walkup
------------------------------
Original Message:
Sent: Tue June 18, 2019 03:48 PM
From: Alec Kloss
Subject: Use Cases in 10.6 [Login Failed Threshold]
So when searching the 'SQL Criteria Field' I don't see the exact naming of Exception Type, however I do see Event Type.
If I try to manually input Exception Type the field errors out.
------------------------------
Alec Kloss
Original Message:
Sent: Tue June 18, 2019 03:15 PM
From: Chase Walkup
Subject: Use Cases in 10.6 [Login Failed Threshold]
Alec,
LOGIN_FAILED still exists as an Exception_Type in the 10.6 Policy Builder. It is a 'SQL Criteria' parameter that can be added as part of an exception rule; make sure you are looking in 'SQL Criteria' and not 'Session Level Criteria' or 'Other Criteria'.
------------------------------
Chase Walkup
Guardium User
Original Message:
Sent: Tue June 18, 2019 11:56 AM
From: Alec Kloss
Subject: Use Cases in 10.6 [Login Failed Threshold]
Hey there,
After creating a simple use case in an earlier version, Exception Type = LOGIN_FAILED no longer exists as a policy item category.
What is the new naming syntax for Exception Type in 10.6 Policy Builder?
Ultimately I would like a walk through of making a simple login failed use case threshold for 10.6.
------------------------------
Alec
------------------------------