IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
I have one concern. I have enabled Selective Audit Policy to only capture Traffic from single DB Server(18.104.22.168) , Database Name (Test) & Database User (GuardTest). The database server is MS SQL Server. I am login and performing some manual DB Operation using "MICROSOFT SQL SERVER MANAGEMENT STUDIO". and it is getting captured by Guardium very well. The Source Program showing in the Report is "MICROSOFT SQL SERVER MANAGEMENT STUDIO - QUERY". That is correct & fine.
However, The concern Is , I am seeing lot of other DB Traffic(Transactions) which is from Source Program "MICROSOFT SQL SERVER MANAGEMENT STUDIO - TRANSACT-SQL INTELLISENSE" AND "MICROSOFT SQL SERVER MANAGEMENT STUDIO".
AND the FULL SQL are totally different those are even not executed by me. These FULL SQLs are like seems like system generated. I am not executing them... So, I am not sure about these traffic. Can anyone guide - throw some light on this scenario.
For example :-
This is what I have with me for your query:
IntelliSense:-The editors in SQL Server Management Studio support Microsoft IntelliSense options that reduce typing, provide quick access to syntax information, or make it easier to view the delimiters of complex expressions.
sp_executesql (Transact-SQL):-Executes a Transact-SQL statement or batch that can be reused many times, or one that has been built dynamically. The Transact-SQL statement or batch can contain embedded parameters.
Logging of SELECT Statements:This is because a selective audit policy should not prevent logging of certain SQLs that may be needed for other functions, like application user translation.