Database auditing, while it may seem a tedious endeavor, is vital to monitor database resource utilization with a specific focus on tracking user database actions. Auditing can be influenced by a number of mitigating factors from individual event actions to a particular combination of factors such as time and user name. Setting up analytical processes that continuously monitor your database through consistent, regular audit log analysis can significantly improve your internal security measures. Furthermore, database auditing supports organizational actions to align with increasingly stringent compliance measures.
Continuous monitoring is also a critical part of achieving reliability, availability, and performance on your AWS cloud infrastructure. Ideally, set up processes to collect monitoring data from all components of your AWS environments in a continual process so that debugging a multi-point failure is a much easier occurrence for your development team if one should occur.
Optimize the high-performance Advanced Auditing feature in Amazon Aurora to track database activity into an audit log especially for audit and compliance purposes. Enable the MariaDB Audit Plugin to parse the collected raw log data by configuring several DB cluster parameters. With Advanced Auditing, you can monitor any combination of supported events by viewing or downloading the audit logs to review them.
You can log any combination of the following events:
(From "Using Advanced Auditing with an Amazon Aurora MySQL DB Cluster - Amazon Aurora", 2019)
With the combined power of Amazon RDS for MariaDB and Amazon Aurora, it is possible to direct DB instance log events straight to Amazon CloudWatch Logs. Publishing your logs in this manner allows you to build "richer and more seamless interactions with your DB instance logs" through AWS. And all of this serves to establish a solid auditing foundation for compliance requirements.
You can configure your Aurora Maria DB cluster to publish general, slow, audit, and error log data to a log group in Amazon CloudWatch Logs. With CloudWatch Logs, you can store your log records in highly durable storage as well as perform real-time analysis of the log data, view metrics, and create custom alarms that send Slack alerts when monitored conditions occur. You also gain the ability to monitor your logs, in near-real-time, for specific values, patterns, and phrases.
Going a step further though, and factor in SIEM tool AT&T Cybersecurity's—formerly AlienVault— feature, AWS Log Discovery and Collection in USM Anywhere. Leveraging a SIEM tool such as AT&T Cybersecurity enables you to realize 24/7 security monitoring and recording of specific database activity. Such a use case integration allows you to expand the value of published logs across a comprehensive range of use cases, such as:
Log events from these resources get published as log streams (which cover sequences of log events) to specific log groups. Each DB instance and log type form a separate group in the same AWS Region as the DB instance, with the following naming pattern:
Go to CloudWatch >Log Groups to filter log streams
Click Edit Job to enter a name and description for a job.
Now, input the Region Name, Group Name, and Stream Name information for your AWS account. Select the asterisk option ( * ) in Region name to monitor all regions for a given group. And in Source Format, choose either syslog (all messages are syslog formatted) or raw (for non-syslog formatted data).
In the Schedule field, indicate when USM Anywhere should run the job:
Click Save to achieve continuous monitoring.
Audit trails as established by such intrusion detection processes as above can help increase data integrity by improving security breach detection. In this manner, an audited system acts as a deterrent against users from meddling with data because hackers can swiftly be identified.
Ibexlabs is an experienced DevOps & Managed Services provider and an AWS consulting partner. Our AWS Certified DevOps consultancy team evaluates your infrastructure and make recommendations based on your individual business or personal requirements. Contact us today and set up a free consultation to discuss a custom-built solution tailored just for you.