The Database Log Scan or Log Scanner is a system run task that is used to detect anomaly activities on the Structured Data Stores (databases) in accounts onboarded to DSPM.
Apart from this, Database Log Scan is also used to get the Last Access Time for the Tables and Columns for structured data stores.
Example: To detect if there are queries that return more than 1000 rows. If such events have occurred on the data stores, those are flagged and reported in DSPM. The risks are flagged with the corresponding Risk Signature defined by the system.
The Risk Signature which is used for mapping such event occurrence is Signature ID 7022. This risk signature captures the event for “User downloaded more or equal to 1000 rows from a RDS table that contains sensitive data”.
This feature is currently supported for AWS and Snowflake and is enabled by default for all the accounts for these cloud providers that are onboarded to DSPM. The Scan task is scheduled to run every 15 minutes on the eligible accounts.
Currently for AWS, only RDS data stores where DB Engine is MySQL is supported by Database Log Scan feature.