Hello,
I was wondering whether it is possible within the Guardium Policy to exclude specific SQL statement strings from a policy rule in Guardium 10.5.
We have a Policy Rule 'Alert on Select * from Sensitive tables' .
This has been defined within the Policy Builder by having an asterisk '*' in Field, 'Select' as the Command and a Group containing Sensitive tables in Object.
In addition to alerting on genuine 'Select * from SensitiveTableName' SQL, alerts are also created for 'Select count(*) from SensitiveTableName' I am looking for a way to suppress alerts within Guardium on these 'Select count(*)' SQL statements as they are not required. Is this possible? (If not, I'll need to filter them out within Splunk - but would prefer to prevent them alerting in the first place ideally) Any assistance greatly appreciated.
Many thanks.
------------------------------
David Huckle
------------------------------