Howto create a query based white list

•

1 like•3,909 views

1. Create a new query group called "White List" and configure it for the appropriate database and proxy. 2. Create a new IPS/IDS rule to block SQL injections and log intrusion events for the database. 3. Create a new database firewall rule that uses the "White List" query group and allows those queries to access the database.

Technology

Create a query-based white list:
4 simple steps

1. Create a new Query Group
2. Create a new IPS/IDS rule
3. Create a new Database
Firewall rule
4. Propagate the white list
Query Group

Step 1: Log on to the GreenSQL management GUI.

Step 1a: Click on the Policies icon at the top of the management screen.

Step 1b: Click on the Query Groups policy option to proceed to the query
groups configuration function.

Step 1c: Click on the Create New button in order to create a new Query
Group.

Step 1d: Give the new Query Group a meaningful name, e.g., "White
List".

Step 1e: Choose your database type, e.g., MySQL.

Step 1f: Choose the proxy that protects your database type.

Step 1g: Choose the appropriate color for the newly created Query Group.

Step 1h: Click the Create button to finalize the configuration.

Step 1i: Check that the White List Query Group was created and displays
in the Query Groups section.

Step 2 (optional): Minimize the floating notification bar for a better view
of the management GUI.

Step 2a: Click on Policy to create a new IPS/IDS (intruder prevention
system/intruder detection system) rule.

Step 2b: Click on the Create New button.

Step 2c: Choose the Risk Based - IPS/IDS Rule Type.

Step 2d: Select the Database that the new rule will apply to.

Step 2e: Make sure that the Mode is set to Active Protection.

Step 2f: Make sure that the SQL Injection Detection box is checked.

Step 2g: Make sure that the Action is set to Block.

Step 2h: The Blocking action has a number of options; for this example,
we will choose Close SQL Connection.

Step 2i: Make sure that the Logging option is set to Intrusion Events.

Step 2j: Scroll down and click the Create button to confirm rule creation.

Step 2k: Notice that our new Blocking rule, which defends our database
against SQL injections, appears before the Allow Any rule.

Step 3a: To create the White List rule, click on the Create New button.

Step 3b: Choose the Database Firewall Rule Type.

Step 3c: Select the Database that the new rule will apply to.

Step 3d: Choose Query Groups as the Firewall Type. Remember, we
created the White List Query Group and now we want to use it.

Step 3e: Choose the White List Query Group we created earlier for this
specific rule.

Step 3f: Select Allow as the Action, to allow White List queries to access
the database.

Step 3g: Click Create to finalize rule creation.

Step 3h: Your policy should now contain three policy rules, as shown in
the example above.

Step 4a: Now, we need to investigate if there are legitimate queries that
were blocked by the SQL Injection rule. Click on the Logs icon.

Step 4b: Click on Intrusion Logs to look for legitimate blocked queries.

Step 4c: This example shows that there was an intrusion event. Click on
the event to view the event details.

Step 4d: Scroll down in the event details to look for the Pattern field.

Step 4e: Review the pattern and note that this query is legitimate. Click
on the pattern to add it to our White List Query Group.

Step 4f: Choose White List from the pop-up window and click Assign.

Step 4g: See that the new Query Group contains our white-listed pattern.

That’s it!
The white list is
configured and
operational.

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Similar to Howto create a query based white list

Hpalm

satu2412

Login methodology for Primavera V8.3 (EPPM)

CADD Centre Software Solutions Private Limited

How To Set Up Insightly CRM

Fit Small Business

Informatica PowerAnalyzer 4.0 3 of 3ganblues

SAP Business One Hana backup

Atif Bashir

GigaSpaces pet clinic demo

Nati Shalom

Wiki sap query

masoomjajoo

Sap query creation & transcation code creation for sap query

SURESH BABU MUCHINTHALA

Windows logging cheat sheet

Michael Gough

Database firewall policies copy

Oracle Apps DBA

Big Data: The 4 Layers Everyone Must Know

Bernard Marr

Cpanel GuideGurus Online

Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology

Michael Gough

Sale Record System

kalpita surve

Admin Habits & Hacks Handout - Salesforce World Tour Boston

Salesforce Admins

Step by Step design cube using SSAS

Ahsan Kabir

Manual bookAnas Zakaria

GigaSpaces CCF Quick Tour - 2.3.6

Shay Hassidim

GigaSpaces Cloud Computing Framework 4 XAP - Quick Tour - v2

Shay Hassidim

Jaspersoft and Clarity PPM - Advanced Reporting with Data Warehouse

Thiago Bottoni

Similar to Howto create a query based white list (20)

Hpalm

How To Set Up Insightly CRM

Informatica PowerAnalyzer 4.0 3 of 3

SAP Business One Hana backup

GigaSpaces pet clinic demo

Wiki sap query

Sap query creation & transcation code creation for sap query

Windows logging cheat sheet

Database firewall policies copy

Big Data: The 4 Layers Everyone Must Know

Cpanel Guide

Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology

Sale Record System

Admin Habits & Hacks Handout - Salesforce World Tour Boston

Step by Step design cube using SSAS

Manual book

GigaSpaces CCF Quick Tour - 2.3.6

GigaSpaces Cloud Computing Framework 4 XAP - Quick Tour - v2

Jaspersoft and Clarity PPM - Advanced Reporting with Data Warehouse

Recently uploaded

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Enhancing Performance with Globus and the Science DMZ

Globus

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Free Complete Python - A step towards Data Science

RinaMondal9

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

Recently uploaded (20)

Climate Impact of Software Testing at Nordic Testing Days

Pushing the limits of ePRTC: 100ns holdover for 100 days

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Leading Change strategies and insights for effective change management pdf 1.pdf

Enhancing Performance with Globus and the Science DMZ

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Free Complete Python - A step towards Data Science

Securing your Kubernetes cluster_ a step-by-step guide to success !

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Video Streaming: Then, Now, and in the Future

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

PCI PIN Basics Webinar from the Controlcase Team

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Assure Contact Center Experiences for Your Customers With ThousandEyes

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

Howto create a query based white list

1. How to create a query-based white list

2. Create a query-based white list: 4 simple steps 1. Create a new Query Group 2. Create a new IPS/IDS rule 3. Create a new Database Firewall rule 4. Propagate the white list Query Group

3. 1 Create a new Query Group

4. Step 1: Log on to the GreenSQL management GUI.

5. Step 1a: Click on the Policies icon at the top of the management screen.

6. Step 1b: Click on the Query Groups policy option to proceed to the query groups configuration function.

7. Step 1c: Click on the Create New button in order to create a new Query Group.

8. Step 1d: Give the new Query Group a meaningful name, e.g., "White List".

9. Step 1e: Choose your database type, e.g., MySQL.

10. Step 1f: Choose the proxy that protects your database type.

11. Step 1g: Choose the appropriate color for the newly created Query Group.

12. Step 1h: Click the Create button to finalize the configuration.

13. Step 1i: Check that the White List Query Group was created and displays in the Query Groups section.

14. 2 Create a new IPS/IDS rule

15. Step 2 (optional): Minimize the floating notification bar for a better view of the management GUI.

16. Step 2a: Click on Policy to create a new IPS/IDS (intruder prevention system/intruder detection system) rule.

17. Step 2b: Click on the Create New button.

18. Step 2c: Choose the Risk Based - IPS/IDS Rule Type.

19. Step 2d: Select the Database that the new rule will apply to.

20. Step 2e: Make sure that the Mode is set to Active Protection.

21. Step 2f: Make sure that the SQL Injection Detection box is checked.

22. Step 2g: Make sure that the Action is set to Block.

23. Step 2h: The Blocking action has a number of options; for this example, we will choose Close SQL Connection.

24. Step 2i: Make sure that the Logging option is set to Intrusion Events.

25. Step 2j: Scroll down and click the Create button to confirm rule creation.

26. Step 2k: Notice that our new Blocking rule, which defends our database against SQL injections, appears before the Allow Any rule.

27. 3 Create a new Database Firewall rule

28. Step 3a: To create the White List rule, click on the Create New button.

29. Step 3b: Choose the Database Firewall Rule Type.

30. Step 3c: Select the Database that the new rule will apply to.

31. Step 3d: Choose Query Groups as the Firewall Type. Remember, we created the White List Query Group and now we want to use it.

32. Step 3e: Choose the White List Query Group we created earlier for this specific rule.

33. Step 3f: Select Allow as the Action, to allow White List queries to access the database.

34. Step 3g: Click Create to finalize rule creation.

35. Step 3h: Your policy should now contain three policy rules, as shown in the example above.

36. 4 Propagate the white list query group

37. Step 4a: Now, we need to investigate if there are legitimate queries that were blocked by the SQL Injection rule. Click on the Logs icon.

38. Step 4b: Click on Intrusion Logs to look for legitimate blocked queries.

39. Step 4c: This example shows that there was an intrusion event. Click on the event to view the event details.

40. Step 4d: Scroll down in the event details to look for the Pattern field.

41. Step 4e: Review the pattern and note that this query is legitimate. Click on the pattern to add it to our White List Query Group.

42. Step 4f: Choose White List from the pop-up window and click Assign.

43. Step 4g: See that the new Query Group contains our white-listed pattern.

44. That’s it! The white list is configured and operational.

Howto create a query based white list

Recommended

Recommended

More Related Content

Similar to Howto create a query based white list

Similar to Howto create a query based white list (20)

Recently uploaded

Recently uploaded (20)

Howto create a query based white list