GreenSQL Pro User Guide

V.2.
0
User Guide
GreenSQL User Guide
Table of Contents
1. Introduction ...................................................................... 7
1.1 Overview................................................................................................. 7
1.2 Document Conventions .......................................................................... 8
2. Getting Started................................................................. 9
2.1 System Requirements ............................................................................. 9
2.2 Supported Database Servers ................................................................. 10
2.3 Login 10
2.4 Workflow .............................................................................................. 10
2.5 GreenSQL Common Functions .............................................................. 11
2.6 GreenSQL Top Toolbar .......................................................................... 12
2.7 Dashboard ............................................................................................ 13
2.8 Components ......................................................................................... 14
2.8.1 Services/Processes .......................................................................... 14
2.8.2 GreenSQL Directory ......................................................................... 15
3. Policies .......................................................................... 16
3.1 Overview............................................................................................... 16
3.2 Types of Policies ................................................................................... 17
3.3 Creating a Policy ................................................................................... 17
3.3.1 Creating a Learning Mode Policy ..................................................... 18
3.3.2 Creating a Database Firewall Policy ................................................. 22
3.3.3 Creating a Risk-Based IPS/IDS Policy ................................................ 27
3.4 Customizing the Policy Display.............................................................. 30
3.5 Reordering Policies ............................................................................... 30
3.6 Creating Policy Objects ......................................................................... 31
3.6.1 Creating IP Addresses ...................................................................... 31
3.6.2 Creating IP Address Ranges ............................................................. 33
3.6.3 Creating IP Groups........................................................................... 33
3.6.4 Creating Database Users ................................................................. 34
3.6.5 Creating Database User Groups....................................................... 36
3.6.6 Creating Application Names ............................................................ 36
3.6.7 Creating Application Name Groups ................................................. 37
3.6.8 Creating a Schedule ......................................................................... 38
3.6.9 Creating a Schedule Group .............................................................. 41
Page 2 of 111
GreenSQL User Guide
3.6.10 Creating a Table............................................................................... 41

3.6.11 Creating a Tables Group .................................................................. 43
3.7 Risk Profiles .......................................................................................... 44
3.7.1 Creating Risk Profiles ....................................................................... 44
3.7.2 Creating Pattern Groups .................................................................. 47
3.7.3 Creating Risk Patterns ..................................................................... 48
3.8 Creating Query Groups ......................................................................... 50
3.9 Editing Query Groups............................................................................ 51
3.10 Creating Query Patterns ....................................................................... 53
3.11 Selecting an Error Template.................................................................. 55
4. Databases and Proxies .................................................. 56
4.1 Overview............................................................................................... 56
4.2 Databases Page Overview ..................................................................... 57
4.3 Creating and Managing Proxies ............................................................ 58
4.4 Creating Databases ............................................................................... 60
4.5 Editing Databases ................................................................................. 61
4.6 Deleting Databases ............................................................................... 64
4.7 Uploading SSL Certificates .................................................................... 64
5. Caching ......................................................................... 66
5.1 Overview............................................................................................... 66
5.2 Cache Settings ...................................................................................... 66
5.3 Caching Process .................................................................................... 68
6. Alerts ............................................................................. 70
6.1 Overview............................................................................................... 70
6.2 Alerts Page Overview ............................................................................ 70
6.3 Creating Alerts ...................................................................................... 71
6.4 Creating Contacts ................................................................................. 73
6.5 Creating SMTP Servers .......................................................................... 74
7. Logs .............................................................................. 75
7.1 Overview............................................................................................... 75
7.2 Logs Page Overview .............................................................................. 75
7.3 Traffic Logs............................................................................................ 77
7.4 Intrusion Logs ....................................................................................... 80
7.5 System Logs .......................................................................................... 80
7.6 Configuring Syslog Settings ................................................................... 83
Page 3 of 111
GreenSQL User Guide
7.7 Configuring Log Settings ....................................................................... 84

8. Reports .......................................................................... 85
8.1 Overview............................................................................................... 85
8.2 Generate and View Reports .................................................................. 85
9. Auditing ......................................................................... 88
9.1 Overview............................................................................................... 88
9.2 Auditing Page Overview ........................................................................ 88
9.3 Viewing the Audit Log ........................................................................... 89
9.4 Auditing Policy ...................................................................................... 91
9.5 Viewing Audit Log Archives ................................................................... 94
9.6 Configuring Audit Settings .................................................................... 94
9.6.1 Auditing Rotation ............................................................................ 95
9.6.2 Auditing Settings ............................................................................. 95
10. System Settings ............................................................. 97
10.1 Overview............................................................................................... 97
10.2 Global Cache Settings ........................................................................... 98
10.2.1 Disable/Enable Caching Globally ..................................................... 99
10.2.2 Modify Maximum Cache Size........................................................... 99
10.2.3 Modify Caching Per Connection Size ............................................. 100
10.2.4 Modify Caching Queries ........................................................ 100
10.2.5 Modify Caching Procedures ................................................... 100
10.3 Setting the Default Error Response..................................................... 101
10.4 Selecting SMTP Servers ....................................................................... 101
10.5 Users and Management Permissions .................................................. 101
10.5.1 Creating Profiles ............................................................................ 102
10.5.2 Creating Administration Users....................................................... 104
10.6 Backup GreenSQL Settings .................................................................. 105
10.7 Restore GreenSQL Settings ................................................................. 105
10.8 License installation ............................................................................. 106
10.9 Viewing license information ............................................................... 107
10.10 Logs Cleanup ....................................................................................... 107
10.11 Factory Reset ...................................................................................... 108
11. Appendix...................................................................... 110
Page 4 of 111
GreenSQL User Guide
Important Notice
© Copyright GreenSQL Ltd 2007 – 2010. All rights reserved.
GreenSQL Ltd. (GreenSQL) reserves the right to make corrections, modifications, enhancements,
improvements, and other changes to its products and services at any time and to discontinue any
product or service without notice. Customers should obtain the latest relevant information before
placing orders and should verify that such information is current and complete. All products are sold
subject to GreenSQL's terms and conditions of sale supplied at the time of order acknowledgment.
GreenSQL warrants performance of its products to the specifications applicable at the time of sale in
accordance with GreenSQL's standard warranty. Testing and other quality control techniques are used
to the extent GreenSQL deems necessary to support this warranty. Except where mandated by
government requirements, testing of all parameters of each product is not necessarily performed.
GreenSQL assumes no liability for third-party applications assistance. Customers are responsible for their
products and applications using GreenSQL components. To minimize the risks associated with customer
products and applications, customers should provide adequate design and operating safeguards.
GreenSQL does not warrant or represent that any license, either express or implied, is granted under any
GreenSQL patent right, copyright or other GreenSQL intellectual property right relating to any
combination, machine, or process in which GreenSQL products or services are used. Information
published by GreenSQL regarding third-party products or services does not constitute a license from
GreenSQL to use such products or services or a warranty or endorsement thereof. Use of such
information may require a license from a third party under the patents or other intellectual property of
the third party, or a license from GreenSQL under the patents or other intellectual property of GreenSQL.
Resale of GreenSQL products or services with statements different from or beyond the parameters stated
by GreenSQL for that product or service voids all express and any implied warranties for the associated
GreenSQL product or service and is an unfair and deceptive business practice. GreenSQL is not
responsible or liable for any such statements.
All company and brand products and service names are trademarks or registered trademarks of their
respective holders.
All text and figures included in this publication are the exclusive property of GreenSQL Ltd (GreenSQL),
and may not be copied, reproduced, or used in any way without the express written permission of
GreenSQL. Information in this document is subject to change without notice and does not represent a
commitment on the part of GreenSQL. Although the information in this document has been carefully
reviewed, GreenSQL does not warrant it to be free of errors or omissions. GreenSQL reserves the right to
make corrections, updates, revisions or changes to the information in this document.
GreenSQL Ltd.
Page 5 of 111
GreenSQL User Guide
1 Harechev Street
Tel Aviv 67771
Israel
Tel: (+972)3-688-8090
Fax: (+972)3-760-1166
www.greensql.com
Page 6 of 111
GreenSQL User Guide
1
Introduction
1.1 Overview
GreenSQL is a Unified Database Security solution that is installed as a frontend to
databases, fully camouflaging and securing them.
GreenSQL works as a SQL reverse proxy and provides several database security and
acceleration features including automated learning mode, a database rule-based firewall,
database audit, database intrusion detection and prevention, database caching and
database virtual patching.
Figure 2.8.1-1: GreenSQL Firewall
Page 7 of 111
GreenSQL User Guide
1.2 Document Conventions

Several different strategies are used to draw your attention to certain pieces of
information. In ascending order of significance to your system or application, these items
will be marked as: Note, Tip, Caution, or Warning. For example:
Text set off in this manner presents clarifying information, specific

instructions, commentary, sidelights, or interesting information.
Text set off in this manner indicates that failure to follow directions
could result in damage to equipment or loss of information.
Text set off in this manner indicates a suggested method of

configuration.
Text set off in this manner indicates that failure to follow directions
could result in loss of data.
Page 8 of 111
GreenSQL User Guide
2
Getting Started
This chapter provides all the required information for getting started with GreenSQL. The
following sections are covered to help you get familiar with the application:
 Requirements
 Database Servers

 Common Buttons
 Top Toolbar
2.1 Requirements
To ensure GreenSQL operates properly, the following minimum system requirements
must be met:
Operating Systems
Windows® Server 2003 (x86 and x64)
Windows® Server 2008 (x86 and x64)
Ubuntu 9.04 or above (x86 and x64)
CentOS 5.4 or above (x86 and x64)
Memory and Hard Disk Space

2048 MB of RAM
200 MB for Installation, Audit information, Reporting and Logging
Page 9 of 111
GreenSQL User Guide
2.2 Supported Database Servers

The following Database servers are supported:
 Microsoft SQL Server 2000 / 2005 / 2008
 MySQL 4.x / 5.x
 PostgreSQL 7.x / 8.x
2.3 Login
To login to the GreenSQL management console, browse to ://IP_Address:5000/
While IP_Address is the IP address of any of the server’s Network Interface Cards.
Default username: admin
Default password: pwd
2.4 Workflow
The following workflow is recommended when first starting to use GreenSQL:
 Installation
Download the latest version of GreenSQL from ://portal.greensql.com/download
run it and follow the installation instructions located in the Installation Guide.
 License Installation
See installation.
 Create Proxy/Proxies
Set up new connections to your databases by enabling all database queries to
pass through the GreenSQL server. See and Managing Proxies.
 Create Database(s) (Optional)
Declare databases. This step is useful for creating specific database policies.
See Databases.
 Create Learning Mode Policy/Policies
Set up a learning mode policy, which will learn the behavior of queries sent to
the databases and will make the entire database firewall configuration much
easier. See a Learning Mode Policy.
 Create Firewall and IPS/IDS Policies
Set up GreenSQL actions according to your database security policies. See .
Page 10 of 111
GreenSQL User Guide
 Set up Caching
The Caching feature is enabled by default. Configure caching settings or disable
caching. See .
 Configure GreenSQL User Permissions and Settings
Reset the Admin password and create new accounts if necessary. See and
Management Permissions.
 Backup GreenSQL Configuration
Backup all policies, databases, proxies, users and additional GreenSQL settings.
See GreenSQL Settings.
2.5 GreenSQL Common Functions

Common operational functions used in the GreenSQL Web-Based Management
Interface include the following:
Button Description
Toggle for hiding/displaying the Functions Bar
Enables you to add another row in the required field
Toggle to expand/collapse display
Toggle for policy view type
Enables you to create a new item as required
Enables you to customize the display of table fields
Cancels action
Indicates action is completed
Enables you to reorder rules in policy view
Page 11 of 111
GreenSQL User Guide
Button Description
Enables you to edit an object’s settings
Enables you to delete an object
Table 2-1: GreenSQL Pro - Common Functions
2.6 GreenSQL Top Toolbar

The GreenSQL top toolbar includes the following options:
Icon Description
GreenSQL Dashboard. To see a quick overview of

system status, including the latest modifications, logs and
news
To create and list GreenSQL learning mode, database

firewall and risk (Intrusion Detection or Prevention)
policies
To declare and list databases, create and list proxies and

list SSL certificates
To manage the system, auditing, firewall and intrusion

alerts to be sent to specified recipients
To view and set management, firewall and intrusion

detection logs
Page 12 of 111
GreenSQL User Guide
Icon Description
To generate, edit properties and view custom reports
To manage and view audit events, audit and advanced

audit settings, and audit data rotation settings
To set up global system settings for GreenSQL
Table 2-2: GreenSQL – Top Toolbar
2.7 Dashboard
The GreenSQL Dashboard includes the following data:
Databases – All databases declared in the Databases page
Proxies – All configured proxies
System Information – General configuration, logs and license information
Top Used Queries – A graph which displays the top used queries. Clicking each bar
displays the specific query.
Latest Attacks – A list of the last attacks.
Caching Performance – provides the top five used queries and its statistics regarding
average response time from the caching module and from the database
Database Caching Efficiency – sums up the caching efficiency per database
Page 13 of 111
GreenSQL User Guide
Figure 2-3: Dashboard
2.8 Components
20B
GreenSQL consists of the following components:
2.8.1 Services/Processes
75B
The following services or processes run in the background, on Windows and

Linux servers:
 GreenSQL
This is the main service/process used to activate or disable GreenSQL
functionality.
 GreenSQL Management
This is the service/process used to activate the management GUI.
 GreenSQL update services
This is the service/process used to update the GreenSQL attack signatures
and software.
Page 14 of 111
GreenSQL User Guide
2.8.2 GreenSQL Directory
By default, GreenSQL is installed in the following directories:
Windows servers: C:\Program Files\GreenSQL\

Linux servers: /opt/greensqlpro/
Page 15 of 111
GreenSQL User Guide
3
Policies
3.1
This chapter describes the policy feature, the core of GreenSQL’s ability to provide
constant protection to databases.
GreenSQL enables organizations to define their own security policy using the GreenSQL
Policy function. Should there be a breach of policy, you may elect to be immediately
alerted (See: ). The system will respond to a breach in the manner defined by the
relevant enacted policy.
GreenSQL Policy has an automated Learning Mode which learns and builds policies,
according to the specific usage of each database. You can accept or reject the rules
custom made for you. Learning Mode dramatically reduces the operational overhead
required to implement a secure and reliable policy for all access to your database.
Similarly, you can manually configure policies and create custom rules by creating Query
Groups which consist of patterns to be monitored, allowed or blocked. You can also
apply an Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) policy
based on a risk profile, anomaly detection and preconfigured signature detection.
The Policy page is displayed by clicking the Policy tab on any of the GreenSQL
application’s pages.
Figure 3-1: Policy Page – Global View
Page 16 of 111
GreenSQL User Guide
Figure 3-2: Policy Page – Per Database View
3.2 Types of Policies

There are three types of policies which can be defined:
 Learning Mode – Learns database behavior and automatically generates a
custom rule policy for each database in accordance with its specific behavior.
You may elect to accept or reject the policies generated. This method is quick
and comprehensive. GreenSQL provides you the option to enable intrusion
detection or prevention during the learning mode process.
 Database Firewall – Enables you to create custom rules by specifying the
type of the rule (Query Groups or Table Based), source IP address(es),
database user(s), application name(s), schedule and patterns or conditions
where a query will be blocked, allowed or monitored. You can also enable or
disable caching per policy.
 Risk Based – IPS/IDS – Monitors or blocks SQL injection attacks and/or
queries according to preconfigured a risk profile (See: Risk Profiles). If the
IDS policy is selected, GreenSQL will monitor queries detected as intrusions.
If the IPS policy is selected, GreenSQL will block queries detected as
intrusions.
You are strongly advised to define policies in Learning Mode, at least

in the initial phase.
3.3 Creating a Policy

Before creating a policy, the following steps must be performed:
Page 17 of 111
GreenSQL User Guide
 Determine the type of policy you wish to create. See: of Policies.

 (Optional) Create Policy Objects, to apply a policy to queries originating from a
specific IP address, database user, application or time schedule. See: Policy
Objects.
 (Optional) If a Learning Mode or an IPS/IDS policy will be created, a Risk
Profile can be created in advance. A Risk Profile is created manually and
customized according to your risk assessments. It is also possible to use SQL
injection detection instead of a Risk Profile. See: Risk Profiles. Note: It is
possible to use both a Risk Profile and SQL injection detection for the same
policy.
 If a Database Firewall Policy will be created, a Query Group or a Table can
be selected or created either manually (See: Query Groups/Creating Table
Based) or by using a Query Group or a Table previously created by a
Learning Mode policy.
The following sections explain how to:

 a Learning Mode Policy
 a Database Firewall Policy
 a Risk Based IPS/IDS Policy
3.3.1 Creating a Learning Mode Policy

GreenSQL offers a learning mechanism that learns database activity behavior
and generates groups of query patterns to be used as the rules of the database
Firewall Policy.
There are two methods for using the Learning Mode Policy:
1. Applying the Learning Mode Policy in a risk-free environment –
GreenSQL will record all queries, which are valid queries, and create a group
of patterns (Query Group). This group can then be used as the valid pattern
rules of a Firewall Policy.
2. Applying the Learning Mode Policy in a risk environment – GreenSQL will
record all queries while applying an IPS or IDS as well as an SQL injection
detecting system. This will enable GreenSQL to create a Query Group while
monitoring or blocking intrusion attempts.
Page 18 of 111
GreenSQL User Guide
 To Create a Learning Mode Policy:
Click to open the Policy page.

Click the Create New button or the Create Policy option on the Functions Bar.
The Create New Policy page is displayed.
Figure 3-3: Create New Policy Page
In the Rule Type dropdown menu, select Learning Mode.

In the Database dropdown menu, select a database in order to apply the policy
to a specific database or select All Databases. If All Databases was selected,
either select a proxy for which to apply the policy or keep the default value: All
Proxies. The Create New Policy page expands and presents additional settings.
Page 19 of 111
GreenSQL User Guide
Figure 3-4: Create New Policy Page - Learning Mode
(Optional) In Source IP, Database User and Application Name, select whether
to apply the policy only on queries originating from specific source IPs, database
users and applications. To create these objects, see Policy Objects.
(Optional) In the Schedule dropdown menu, select whether to apply the policy
only on queries sent in specific time schedules. To create a schedule, see a
Schedule.
In the Learning Group dropdown menu, either click the New button to create an
empty Query Group to be populated with the learned patterns, or select an
existing Query Group to be populated with additional learned patterns. Clicking
the New button will open the Create New Group window. Type a name for the
Query Group and pick a color for the appearance of this group, if desired.
In the Learning Duration dropdown menu, choose the duration for learning
database behavior.
Page 20 of 111
GreenSQL User Guide
Check the Turn To Firewall Rule checkbox to turn all learned patterns into
“Allow” rules. If this checkbox is not selected, the policy will be disabled when
Learning Duration expires. A Query Group will be created and can be used to
create Firewall Policies.
In the IPS/IDS dropdown menu, select one of the following tasks to be
performed simultaneously with the learning operation:
 Active Protection – IPS - Applies an Intrusion Prevention System and
blocks queries which match a risk profile created previously (See:
Risk Profiles)
 Monitoring – IDS - Applies an Intrusion Detection System and
monitors queries which match a risk profile created previously (See:
Risk Profiles).
 No IPS/IDS – Does not apply an IPS or IDS to the queries.
If Monitoring – IDS is selected, the following fields should be completed:
 Risk Profile – Selects a previously created Risk Profile that determines
which queries to monitor.
 SQL Injection Detection – Enables detection of SQL injection
attempts. The detection of SQL injection attempts is based on
GreenSQL’s built-in detection system.
 Caching Enabled – Enables caching of the returned data of accepted
queries.
If Active Protection – IPS is selected, the following fields should be completed:
 Risk Profile – Selects a previously created risk profile, which
determines which queries to log in the Intrusion log.
 SQL Injection Detection – Enables blocking of SQL injection
attempts. The detection of SQL injection attempts is based on
GreenSQL’s built-in detection system.
 Block Action – Selects type of response when blocking a query.
 Logging – Enables writing of blocked queries to the Traffic log.
 Caching Enabled – Enables caching of accepted queries.
Click Create. The Policy page is displayed with the new policy rule displayed at
the bottom of the list.
Page 21 of 111
GreenSQL User Guide
3.3.2 Creating a Database Firewall Policy
The database firewall policy enables the creation of sets of custom rules based
on user defined parameters. For example: to allow all queries from a specific IP
address, block specific user-defined queries, allow queries based on query
groups generated by a learning policy, etc.
 To Create a Database Firewall Policy:

In the Rule Type dropdown menu, select Database Firewall.

Proxies. The Create New Policy window expands and presents additional
settings.
In the Filter Type dropdown menu, select one of the following type to be
performed:
 Query Groups – Applies a policy according to the query group you
created or been created by a learning rule
Page 22 of 111
GreenSQL User Guide
 Table Based – Applies a policy concerning to a specific table in a

specific database or any table.
Figure 3-6: Create Database Firewall Policy Page
In Source IP, Database User and Application Name, select whether to apply
the policy only on queries originating from specific source IPs, database users
and applications. To create these objects, see Policy Objects.
In the Schedule dropdown menu, select whether to apply the policy only on
queries sent in specific time schedules. To create a schedule, see a Schedule.
If Query Groups selected the following fields have to be filled:
In the Query Group dropdown menu, choose one of the following options:
 Any Query – Apply the policy to any query. The values selected in the
left-hand-side parameters will be the conditions under which the policy
will apply.
 Select a Query Group – Apply the policy to predefined queries. The
values selected in the left-hand-side parameters, in addition to the
Query Group, will be the conditions under which the policy will apply.
Page 23 of 111
GreenSQL User Guide
Click the New button – Create a new Query Group. The values selected in the
left- side parameters, in addition to the newly created Query Group, will be the
conditions under which the policy will apply.In the Action dropdown menu,
select an action. The available actions are:
Allow, Block or None. The None action is used to enable caching to specific
queries without applying any action to them.
If Table Based selected the following field have to be filled:

In the Table dropdown menu, choose one of the following options:
 Any Table – Apply the policy to any table. The values selected in the
left-hand-side parameters will be the conditions under which the policy
will apply.
 Select a Table – Apply the policy to predefined table. The values
selected in the left-hand-side parameters will be the conditions under
which the policy will apply.
 Click The New Button – Create a new Table. The values selected in
the left-hand-side parameters will be the conditions under which the
policy will apply.
Figure 3-7: Create a Table Object
Click Browse button – Database browser/crawler will pop up and provide

you the option to select which table under which Database you would like
to enforce action upon.
Page 24 of 111
GreenSQL User Guide
Figure 3-8: Proxy/Database Browser
In the Action dropdown menu, select an action. The available actions are:
Allow, Block or None. The None action is used to enable caching to specific
queries without applying any action to them.
Page 25 of 111
GreenSQL User Guide
Figure 3-9: Create a Table based policy
In the Action dropdown menu, if Allow action selected. The available actions are:
View – Applies a policy of View type queries only
Modify – Applies a policy of Modify type queries only
Delete – Applies a policy of Delete type queries only
Administrative – Applies a policy of Administrative type queries only
(Any - select all of the above options ) select whether to apply the policy on View
type queries, Modify type queries, Delete type queries and Administrative type
queries.
Page 26 of 111
GreenSQL User Guide
In both types, Query Groups or Table Based. The following fields are optional:
Select the Caching Enabled checkbox to enable caching for matched queries.
In the Comment text box, a comment can be added.
Check the Disable Rule checkbox to disable the rule.
3.3.3 Creating a Risk-Based IPS/IDS Policy
The Risk-Based IPS/IDS policies are intended either for monitoring SQL injection
attempts and queries with risk potential (IDS) or for blocking them (IPS). The
process of selecting the queries to be monitored or blocked is explained in the
section Risk Profiles.
Once a Risk Profile is created, a risk-based policy can be created.
 To Create a Risk-Based IPS/IDS Policy:

Page 27 of 111
GreenSQL User Guide
In the Rule Type dropdown menu, select Risk Based – IPS/IDS

Proxies. The Create New Policy window expands and presents additional
settings.
Figure 3-11: Create Risk-Based IPS/IDS Policy Page
the policy only on queries originating from specific source IPs, database users
and applications. To create these objects, see: Policy Objects.
queries sent in specific time schedules. To create a schedule, see a Schedule.
In the Mode dropdown menu, select Active Protection – IPS to block queries
according to a Risk Profile, or select Monitoring – IDS to monitor queries
Page 28 of 111
GreenSQL User Guide
according to a Risk Profile. SQL Injection Detection will detect SQL injection
attempts and block or monitor according to the IPS or IDS selection.
Check the option SQL Injection Detection, to detect SQL injection attempts.
Detection is based on GreenSQL predefined risk calculations.
The Action field will contain the action which will be applied in the policy. By
selecting the Active Protection – IPS option, the action will always be Block. By
selecting the Monitoring – IDS option, the action will always be Allow.
If the Active Protection – IPS mode is selected, the following fields will appear:
 Block Action – Select the desired type of response when blocking a
query.
 Logging – Enable the writing of blocked queries to the Traffic Log.
Check the Caching Enabled checkbox to cache queries that have not been
blocked.
In the Comment text box, a comment can be added to this rule.
Check the Disable Rule checkbox to disable the rule.
Policy Field Description

Common Fields
Source IP IP address of client sending the query
DB User Name of database user sending the query
Application Name Name of application used to send the request
Schedule Time schedule during which the policy is applied
Comment Any comments user deems relevant
Disable Rule Disable current firewall policy
Caching Enabled Enable caching of all allowed requests
Learning Mode
Learning Group Group of patterns to be populated with all learned queries
Learning Duration The duration during which the learning will be active
Turn To Firewall Rule Create a firewall rule based on all learned queries when the learning
process completes
IPS/IDS Apply an IPS or IDS based on risk profiles or a heuristic engine
Database Firewall
Query Groups Groups of queries to which a policy will be applied
Action Action applied to queries
Risk-Based – IPS/IDS
Mode Apply an IPS or IDS based on risk profiles or a heuristic engine
Risk Profile Preconfigured profile of queries and system commands to be monitored
or blocked
SQL Injection Detection Enable implementation of SQL injection detection
Action Action applied to queries
Block Action Action to apply to blocked request. User options: Empty Result Set, Close
Page 29 of 111
GreenSQL User Guide
Policy Field Description

SQL Connection, Generate SQL Error
Logging Enable the writing of events to the log
Table 3-12: Policy Fields
3.4 Customizing the Policy Display

 To Customize the Display of the Policy Page:
Click the Customize button. A list of column names is displayed above the
Policy list.
Figure 3-13: Policy Page - Customize View
To add or remove a column, check or remove the checkmark from the checkbox
in the list of column names and click the Done button.
You cannot change the order of the columns using the Customize
function.
3.5 Reordering Policies

GreenSQL enables you to set the order in which to apply policies. The higher the policy
appears in the table, the higher its priority.
 To Reorder Policies:
1. In Global view, click the Reorder button. The Policy list area of the
Policy page is surrounded by a bold, dashed line and as you hover
over the policies, your cursor changes from an arrow to bi-directional
crossed arrows.
2. Using the new cursor, click, drag and drop a policy to the desired
location in the policy list.
Page 30 of 111
GreenSQL User Guide
3. Click Save Reorder.
The Reorder (and consequently, Save Reorder) button is only

displayed in Global view and not in Per Database view.
3.6 Creating Policy Objects

Objects are components to which a policy is applied. Policies can be applied for specific
IP addresses, database users, applications or time schedules. Policies can also be
applied globally to any object.
Policies can also be applied based on a risk profile. To create a risk
profile, see: Risk Profiles.
The list of objects appears in the Policy tab Functions Bar under Objects.
3.6.1 IP Addresses
To apply a policy to a specific client IP address, an IP Address Object should be
created and selected in a policy.
 To Create an IP Address Object:
1. Click the Objects option on the Policy Functions Bar. The Objects
option expands.
2. Click the IP Addresses option. The IPS page is displayed.
Page 31 of 111
GreenSQL User Guide
Figure 3-14: IPS Page
3. Click the Create New button. The Create IP Address Object page is
displayed.
Figure 3-15: Create IP Address Object Page
4. Manually enter the Name representing the object, the IP Address and a
Netmask. Use the dropdown menus to define the parameters of the
Page 32 of 111
GreenSQL User Guide
remaining fields. Selecting a value for each field will cause the object to
appear only in specific configuration groups. For example, selecting a
Database Type will cause the configured IP Address object to appear
only for this type of database.
An IP address can also be selected from the IP Addresses Extracted
from Logs frame below the Create IP Address Object frame by
clicking next to the IP address.
5. Click the Create button. The IPS page is displayed with the new IP
address on the list.
3.6.2 Creating IP Address Ranges

To apply a policy on a specific range of IP addresses source, an IP Address
Range object should be created and connected to a policy.
 To Create an IP Address Range:
option expands.
2. Click the IP Ranges option. The IP Addresses page is displayed.
3. Click the Create New button. The Create IP Range Object page is
displayed.
4. Manually enter the IP Address Start/End and Name in the relevant
fields. Use the dropdown menus to define the parameters of the
remaining fields.
5. Click the Create button. The IP Ranges page is displayed with the new
IP Range on the list.
3.6.3 Creating IP Groups

To apply a policy on multiple IP address source ranges or multiple IP addresses
which may or may not be sequential, an IP Group object could be created by
joining IP Address and IP Range objects connected to a policy.
 To Create an IP Group:
option expands.
Page 33 of 111
GreenSQL User Guide
2. Click the IP Groups option. The Groups page is displayed.
Figure 3-16: Create IP Group Object Page
3. Click the Create New button. The Create New Group page is
displayed.
4. Manually enter a Name in the relevant field. Use the dropdown menus
to define the parameters of the remaining fields. To transfer an
Available Member to a Current Member, double-click the Available
Member. The member will appear in the Current Members.
5. Click the Create button. The IP Groups page is displayed with the new
IP Group on the list.
3.6.4 Creating Database Users

To apply a policy to specific database users, Database User Objects should be
created and selected in a policy.
Page 34 of 111
GreenSQL User Guide
Figure 3-17: Applying a Policy to a Database User
 To Create Database Users:
option expands.
2. Click the DB Users option followed by Users. The Database Users
page is displayed.
3. Click the Create New button. The Create DB User Object page is
displayed.
4. Manually enter the Name in the relevant field. Use the dropdown menus
to define the parameters of the other fields. You can also enter a user
name by clicking next to the user name in the Database Users
Extracted from Logs frame below the Create DB User Object frame.
5. Click the Create button. The Database Users page is displayed with the
new DB User on the list.
Page 35 of 111
GreenSQL User Guide
3.6.5 Creating Database User Groups
To apply a policy to multiple database users, Database User Groups Objects

should be created and selected in a policy.
You can create Database User Groups by adding Database Users into the
group:
 To Create a Database User Group:
option expands.
2. Click the DB Users option followed by Groups. The Groups page is
displayed.
3. Click the Create New button. The Create New Group page is displayed
to define the parameters of the remaining fields. To transfer an
Available Member to a Current Member, double-click the Available
Member. The member will appear in the list of Current Members.
5. Click the Create button. The User Group Object is displayed in the
bottom of the Database User Group list.
3.6.6 Creating Application Names

You can create names for the applications used to connect to GreenSQL.
Page 36 of 111
GreenSQL User Guide
Figure 3-18: Create Application Name Object Page
 To Create an Application Name:
option expands.
2. Click the APP Name option followed by APP Name. The Application
Names page is displayed.
3. Click the Create New button. The Create APP Name Object page is
displayed.
to define the parameters of the remaining fields. You can also enter an
Application Name by clicking next to the Application Name in the
Application Names extracted from logs frame below the Create APP
Name Object frame.
5. Click the Create button. The Application Names page is displayed with
the new Application Name on the list.
3.6.7 Creating Application Name Groups

You can create Application Name Groups from existing Application Names.
Page 37 of 111
GreenSQL User Guide
 To Create an Application Name Group:
option expands.
2. Click the APP Name option followed by APP Name Groups. The
Create New Group page is displayed.
3. Click the Create New button on the top right side of the page. The
Figure 3-19: Create Application Name Group Page
4. In the Name field, type a description for the Application Group.

5. In the Available Members field, double-click on any application to be
added to the group. Double-clicking an application name will add the
application to the Current Members field.
6. (Optional) Select a Database Type, Proxy Listener or a Database to
enable the appearance of the group when creating a policy for each of
the objects. If these objects are not selected, the Application Name
Group will always appear when creating a policy.
7. Click Create to save these settings.
3.6.8 Creating a Schedule

Scheduling is the process whereby you set when a firewall rule is enabled. The
scheduling may be a one-time event or a recurring event.
Page 38 of 111
GreenSQL User Guide
 To Create a One-Time Schedule:
option expands.
2. Click the Scheduling option followed by One-Time Scheduling. The
One-Time Scheduling page is displayed.
3. Click the Create New button. The Create One-Time Scheduling
Object page is displayed.
Figure 3-20: Create One-Time Scheduling Object Page
4. In the Name field, type a description for the schedule.

5. In the Date Start and Time Start fields, select the date and time for the
beginning of schedule.
6. In the Date Stop and Time Stop fields, select the date and time for the
end of schedule.
enable the appearance of the schedule when creating a policy for each
of these objects. If these objects are not selected, the schedule will
always appear when creating a policy.
8. Click the Create button. The One-Time Scheduling page is displayed
with the new schedule on the list.
Page 39 of 111
GreenSQL User Guide
 To Create a Recurring Schedule:
option expands.
2. Click the Scheduling option followed by Recurring Scheduling. The
Recurring Scheduling page is displayed.
3. Click the Create New button. The Create Recurring Scheduling
Object page is displayed.
Figure 3-21: Create Recurring Scheduling Object Page
4. In the Name field, type a description for the recurring schedule.

5. In the Week Days checkboxes, checkmark the days on which to apply
the schedule.
6. In the Time Start field, select the schedule’s starting time.
7. In the Time Stop field, select the schedule’s ending time.
enable the appearance of the schedule when creating a policy for each
of these objects. If these objects are not selected, the schedule will
always appear when creating a policy.
9. Click Create to save these settings.
Page 40 of 111
GreenSQL User Guide
3.6.9 Creating a Schedule Group
To combine multiple schedules into one, you can create a schedule group.
 To Create a Schedule Group:
option expands.
2. Click the Scheduling option followed by Scheduling Groups View. The
to define the parameters of the remaining fields.
4. Click the Create button. The Groups page is displayed with the new
Schedule Group on the list.
3.6.10 Creating a Table

When creating a Table Based Database Firewall rule, a Table object should be created
or you have the option to define Any Table in the rule.
 To Create a Table:
1. Click the Objects option on the Policy Functions Bar. The

Objects option expands.
2. Click the Tables option. The Tables page is displayed.
3. Click the Create New button. The Create Table Object
page is displayed.
4. Manually enter the Name in the relevant field. Use the
dropdown menus to define the parameters of the
remaining fields. You can also enter an Table by clicking
next to the Table in the Tables extracted from logs
frame below the Create Table Object frame.
Page 41 of 111
GreenSQL User Guide
Figure 3-22: Create New Table Object
5. Click the Browse button. Database explorer window is

opened.
6. Select a Proxy. The databases list of the selected proxy is
displayed
Figure 3-23: Proxy/Database Browser
Page 42 of 111
GreenSQL User Guide
7. Select a table.
8. Click the Update button.
9. Click the Create button. The Table page is displayed with
the new Table on the list.
3.6.11 Creating a Tables Group
To combine multiple tables into one, you can create a Tables Group.
1. Enter the Name in the relevant field.
2. (Optional) Add available members to the Current Members box,
otherwise, the new tables group can be populated when a Database
Firewall Policy is applied. To transfer an Available Member to a Current
Member, double-click the Available Member.
3. Available members are either Tables or Tables Groups previously
created.
4. Use the dropdown menus to define the parameters of the remaining
fields.
5. Click the Create button. The Table Groups page is displayed with the
new Tables Group on the list.
Figure 3-24: Create New Tables Group Object
Page 43 of 111
GreenSQL User Guide
3.7 Risk Profiles

When creating an IPS/IDS policy, a risk profile should be created as a rule basis
for identifying threats. Each risk profile can define a different type of threat. For
example, a risk profile could identify all MySQL database modification attempts.
Risk profiles consist of groups of queries (Pattern Groups). Each group
describes a different risk. For example, the group “MySQL change DB object”
consists of the queries ALTER table, RENAME table, and ALTER view. These
are queries that change MySQL database objects.
Risk profiles include two types of settings:
Action Behavior – The action to perform for each group of queries
Logging Behavior – The log settings for each group of queries
3.7.1 Creating Risk Profiles
 To Create a Risk Profile:
6. Click the Risk Profiles option on the Policy Functions Bar.

7. Click Create New. The Create New Risk Profile page is displayed.
Page 44 of 111
GreenSQL User Guide
Figure 3-25: Create New Risk Profile Page
8. Manually enter the Profile Name and Description in the relevant fields.
9. Select one of the Database types.
10. Select one of the following Action behaviors for each group:
Page 45 of 111
GreenSQL User Guide
Allow – Allow all queries of this group.

Block – Deny all queries of this group.
Ignore – Ignore all queries of this group. This option saves resources by
not processing the queries.
Custom – Allows you to specify different actions for each query in the
group. To view each query in the group and specify its action, click
mysql/queries under the group name.
Figure 3-26: Customizing Action and Logging Behavior in Risk Profile
Default – Uses the default action configured in the IPS or IDS policy.
11. Select one of the following Logging Behaviors for each group:
Enable – Enable logging for all queries of this group.
Disable – Disable logging for all queries of this group.
Custom – Allows you to combine different logging behaviors for each
query in the group. To view each query in the group and specify its logging
behavior, click mysql/queries under the Group Name.
Default – Uses the default log behavior configured in the IPS or IDS
policy.
12. Click the Create button to save these settings. The newly created Risk
Profile will appear in the list of Risk Profiles.
Page 46 of 111
GreenSQL User Guide
3.7.2 Creating Pattern Groups
Pattern Groups are the groups of queries which define Risk Profiles. When
creating a Risk Profile, all Pattern Groups appear in the profile and an action
can be configured for each Pattern Group.
GreenSQL includes a predefined set of Pattern Groups. New Pattern Groups
can be created and will automatically be added to each Risk Profile.
 To create a Pattern Group:
1. Click the Risk Profiles option on the Policy Functions Bar. The Risk
Profiles option expands.
2. Click the Pattern Groups option. The Pattern Groups page is
displayed.
Figure 3-27: Pattern Groups Page
3. Click the Create New button. The Create New Risk Patterns Group
page is displayed.
Page 47 of 111
GreenSQL User Guide
Figure 3-28: Create New Risk Patterns Group Page
4. Enter a Group Name and a Description in the relevant fields.

5. Select a database type from the Database Type dropdown menu. This
selection will determine which patterns will appear in the Available
Patterns field after completing the next step.
6. Select a pattern type from the Pattern Type dropdown menu. A list of
patterns will appear in the Available Patterns box according to the
selected pattern type.
7. In the Available Patterns box, select the patterns to add to the Risk
Patterns Group and click Add.
8. Checkmark the Disabled checkbox to disable the usage of this group.
Pattern Group will appear at the end of the list of Pattern Groups.
3.7.3 Creating Risk Patterns

In addition to the predefined patterns in Risk Profiles, you can add custom
patterns which will be included in all Risk Profiles. An action can be configured
to apply to queries which include the risk pattern.
Page 48 of 111
GreenSQL User Guide
After creating a Risk Pattern, it should be added to a Pattern Group. Once

creating a Risk Profile, the Pattern Group will automatically appear in the
profile.
 To create a Risk Pattern:
1. Click the Risk Profiles option on the Policy Functions Bar. The Risk
Profiles option expands.
2. Click the Risk Patterns option. The Risk Patterns page is displayed.
3. Click the Create New button. The Create New Risk Pattern page is
displayed.
Figure 3-29: Create New Risk Patterns Group Page
4. In the Pattern Name field, enter a name for the pattern.

5. In the Database Type and Pattern Type fields, select a database type
and a pattern type. The pattern will appear only in these specific types
when creating a Pattern Group.
6. In the Signature field, type the risk pattern.
7. In the Description field, type a description for the risk pattern.
Page 49 of 111
GreenSQL User Guide
8. In the Default Action field, select whether to Block, Allow or not apply
any action (None) when the pattern is identified.
9. Checkmark the Default Logging checkbox to log events for the risk
pattern by default.
10. Checkmark the Disabled checkbox to disable the usage of the risk
pattern.
Pattern will appear at the end of the list of Risk Patterns.
3.8 Creating Query Groups

Query Groups are sets of patterns representing queries to be used as rules in Policies.
A Query Group can be created using either of the two methods below:
 Automatically by the GreenSQL Learning Module. This is done by
creating a Policy in Learning Mode and creating an empty Query Group
to be populated with the learned query patterns.
 Manually, by creating or selecting Query Patterns and adding them to
the created Query Group.
 To Create a Query Group:
1. Click the Query Groups option on the Policy Functions Bar. The Query
Groups page is displayed.
Figure 3-30: Query Groups Page
2. Click the Create New button. The Create New Group page is
displayed.
Page 50 of 111
GreenSQL User Guide
Figure 3-31: Create New Group Page
3. Enter the Name in the relevant field.

4. (Optional) Add available members to the Current Members box,
otherwise, the new query group can be populated when a Learning
Mode Policy is applied. To transfer an Available Member to a Current
Member, double-click the Available Member.
5. Available members are either Query Patterns or Query Groups
previously created.
6. Use the dropdown menus to define the parameters of the remaining
fields.
7. Click the Create button. The Query Groups page is displayed with the
new Query Group on the list.
3.9 Editing Query Groups

It is possible to add or remove query patterns from a Query Group and to
modify a Query Group’s properties.
 To edit a Query Group:
1. Click the Query Groups option in the Policy Functions Bar. The Query
Groups page is displayed, showing all Query Groups.
Page 51 of 111
GreenSQL User Guide
Figure 3-32: Query Groups Page
2. Click the Edit icon next to the Query Group to be edited. The Edit
Group page appears.
Figure 3-33: Edit Query Group Page
The following properties can be modified:

Name – The Name of the Query Group
Current Members
Page 52 of 111
GreenSQL User Guide
To add a Current Member (a Query Pattern or another Query Group) to the

Query Group, double-click the member in the Available Members field.
To remove a Current Member from the Query Group, double-click the member in
the Current Members field.
To view a Query Group Member’s details, select the member from the list. The
details will appear in a blue highlighted line on the right side of the page.
Appearance Color – Choose a color from the Pick Color dropdown for the
appearance of the group in the Query Groups list.
Database Type – Although queries appear in a specific Database Type format,
it is possible to modify the Database Type field. Selecting a different Database
Type will change the options available in the following fields. Selecting a
Database Type will make the Query Group available only in Policies that use this
Database Type.
Proxy Listener – Modify the Proxy Listener field to make the Query Group
available for use only in Policies using this Proxy Listener.
Database - Modify the Database field to make the Query Group available for use
only in Policies using this database.
3.10 Creating Query Patterns

 To Create Query Patterns:
1. In the Policy page, click the Query Groups option on the Policy
Functions Bar. The Query Groups option expands.
2. Click the Query Patterns option. The Query Patterns page is
displayed.
Page 53 of 111
GreenSQL User Guide
Figure 3-34: Query Patterns Page
3. Click the Create New button. The Create New Query Pattern page is
displayed.
Figure 3-35: Create New Query Pattern Page
4. Manually enter the Query Pattern in the relevant field.
Page 54 of 111
GreenSQL User Guide
5. The query pattern format should include data parameters as question

marks, for example: select * from billing where m_id=?
6. If required, checkmark the Do Not Cache This Query checkbox to
disable caching for this query.
7. (Optional) Pick a color for the appearance of the Query Pattern in the list
of queries.
8. Click the Create button. The Query Patterns page is displayed with the
new Query Pattern on the list.
3.11 Selecting an Error Template

When an invalid query is sent to the database, the Database Management System sends
an error to the client. Often, sensitive data is revealed within the error message,
therefore it is often recommended that the response be modified. To set a different
response to be sent to the client instead of the original response, Error Templates are
used.
There are three types of Error Template responses:
 Empty Error Response – Empty response with no error message.
 Original Error Response – Exact error message sent from the
database to GreenSQL.
 Sanitized Error Response – Sensitive data is masked from the error
message. The remainder of the error stays unchanged.
To apply an Error Template to Databases, see Databases.

To apply an Error Template globally, see Settings.
Page 55 of 111
GreenSQL User Guide
4
Databases and Proxies
This chapter contains the following sections:

 Page Overview
 and Managing Proxies
 Databases
 Databases
 Databases
 SSL Certificates
4.1
GreenSQL is used as a reverse proxy to any supported database. To define a new
connection to be used as the front end of each database server or instance, a proxy
should be created. Once proxies are created, all clients should be configured to connect
to the appropriate proxy, which relays the queries to their destinations. Policies can then
be configured to apply on each proxy or on each database assigned to a proxy.
Creating a database means that an object is created in GreenSQL to which the
administrator can apply specific policies on queries directed to that database. If a
database is not created, policies can be applied globally to all queries of a defined proxy
or to all queries regardless of their destination.
GreenSQL is compliant with the following database servers:
 Microsoft® SQL Server® (2000/2005/2008/2008 R2)
 MySQL Server (4.x/5.x)
 PostgreSQL Server (7.x/8.x)
The following topics are described in the next sections:
How to create and manage proxies – Proxies are the foundation by which GreenSQL
is able to intercept and monitor all queries directed to databases. Each proxy opens a
new frontend port with an assigned connection to the backend databases.
Page 56 of 111
GreenSQL User Guide
How to declare and manage databases – Databases can be logically created

(Declared) in GreenSQL. Creating databases is optional, yet once they are created,
specific policies can be applied by database rather than globally.
How to install and use SSL certificates – There are cases where an SSL certificate is
used for encryption of traffic between the client and the database. An SSL certificate can
be uploaded to the GreenSQL server thus installing it and enabling its use by GreenSQL.
4.2 Databases Page Overview

The Databases page is displayed by clicking the Databases tab on any of the
GreenSQL application’s pages.
Figure 4-1: Databases Page
The Databases page contains the following options in the left-hand functions bar:
 Databases – Lists all configured databases and allows you to
enable/disable, create, edit and delete databases on the list
 Create Database – Opens the Create Database wizard
 Proxies – Lists all configured proxies and allows you to enable/disable,
create, edit and delete proxies on the list
 Create Proxy – Opens the Create Proxy wizard
 Certificates – Lists all installed certificates
 Add Certificates – Opens the Add Certificates wizard
Page 57 of 111
GreenSQL User Guide
4.3 Creating and Managing Proxies

A proxy will be used to relay all queries to the database server or instance. A query
directed to a frontend IP address and port of the GreenSQL server will be relayed to the
original IP address and port of the database or instance. Such queries will be monitored
or intercepted by GreenSQL before reaching the database or instance as soon as a
policy is created (See: a Policy).
GreenSQL is preconfigured with a default policy which allows all queries, if this policy is
removed or disabled, all queries will be denied, due to the nature of GreenSQL to block
all traffic by default. Configuring a Proxy and a Database will not forward the traffic to
your backend Database without any policy.
 To Create a Proxy:
1. In the Databases page, click the Create Proxy option on the Databases
functions bar. The Create Proxy page is displayed.
Figure 4-2: Example of Creating a New Proxy
Fill out the details in the Create Proxy page:
Page 58 of 111
GreenSQL User Guide
 Proxy Name – A name representing this proxy. This name will be

used when creating a Database and logically attaching the Proxy to
the Database.
 Database Type – Determines the SQL format which will be used
when scanning and analyzing the queries.
 Frontend IP – The IP address of any of the network interfaces (NICs)
of the GreenSQL server, which is exposed to the clients. (Using the
address 0.0.0.0 will open the proxy port to traffic on any Network
Interface Card)
 Frontend Port – The listening port on the GreenSQL server.
 Backend Server Name – The name of the server where the
Database(s) or Instance(s) reside.
 Backend IP – The IP address of the server where the Database(s) or
Instance(s) reside.
 Backend Port – The port used to connect to the Database(s) or
Instance(s).
 Certificate – The SSL Certificate used by the database. SSL
Certificates appear only after uploading them to the server (See:
SSL Certificates)
3. Fill out the Credentials(Optional) and press on the Test Connection button for
testing the connection with the database server.
4. Click the Create button. The newly created proxy appears in the Proxies list.
Within a few seconds, the status should become Active.
 To edit a proxy:
Click the icon in the top toolbar.

Select Proxies from the left menu.
Click the Edit icon next to the proxy to be edited.
Page 59 of 111
GreenSQL User Guide
 To delete a proxy:
Click the icon in the top toolbar.

Select Proxies from the left menu.
Click the Delete icon next to the proxy to be deleted.

If the specific Proxy is used, a list of firewall rules associated with that proxy will
appear. Click Delete to permanently delete the proxy.
4.4 Creating Databases

Databases can be logically created (Declared) in GreenSQL. Creating Databases is
optional, yet once they are created, specific policies and configuration can be applied to
each created database, rather than applying policies globally.
 To Create a Database:
1. In the Databases page, click the Create New button or the Create Database
option on the Databases functions bar. The Create Database page is
displayed.
Figure 4-3: Create Database Page
2. In the Create Database page, select the Proxy Listener. The Proxy details will
appear on the screen.
Page 60 of 111
GreenSQL User Guide
F igure 4-4: C reate Databas e and P rox y Details P ages

3. In the Database Name field, enter the name of the database and click the
Create button. The Databases page is displayed with the new database at the
bottom of the list.
4. You can also enter a Database by clicking next to the Database name in
the Database Names Extracted from Logs frame below the Create
Database frame.
F igure 4-5: E x trac ted Databas e Names F rom L ogs
4.5 Editing Databases

Some settings can be modified for each Database after declaring it. These settings can
be modified by using the Edit option.
Page 61 of 111
GreenSQL User Guide
F igure 4-6: E dit Databas e Details P age
 To edit Database settings:
Click the icon in the top toolbar
Click the Edit icon next to the Database name
Page 62 of 111
GreenSQL User Guide
 The following settings can be modified:
Database Name – A name representing the Database.

GreenSQL Proxy – The configured proxy to be used to connect to the
Database.
Caching options: (For more information about these options, see: )
Caching Status – Enabled/Disabled. Choose whether to cache
responses from the database on the GreenSQL server for this
specific database. Enabling caching can shorten response time and
minimize resources used. Default value: Enabled.
Minimum Cached Time (secs) – The minimum time, in seconds,

Database responses are cached on GreenSQL server.
Max Cached Time (secs) - The maximum time, in seconds,

Database responses can be cached on GreenSQL server.
Caching Queries – Choose whether to cache queries.
Caching Procedures – Choose whether to cache procedures.
Caching must be enabled in the global System settings for these

settings to apply.
Page 63 of 111
GreenSQL User Guide
Auditing options:
Audit User Login – This option should be selected in order to audit
login attempts to databases.
Audit User Logoff – This option should be selected in order to audit

logoff from databases.
Sensitive Tables – A list of tables which will be analysed for a extra

Risk Calculation .
The listed tables should be separated by pipe signs.
Error Template – Type of response to be sent to user/application when a

policy rule is triggered.
4.6 Deleting Databases

 To delete a Database:
1. Click the icon in the top toolbar. The list of databases appears.
2. Click the Delete icon next to the database name. The Database’s
Associated Rules table appears. If the table is empty, the database can be
deleted. Click Delete. If the selected database has been associated with any
rules, the rules appear in the table. The database cannot be deleted until these
associated rules are removed.
4.7 Uploading SSL Certificates

 To upload an SSL certificate to the GreenSQL server:
In the Databases page, click the Add Certificates option in the left-hand
functions bar. The Add Certificates window appears.
Page 64 of 111
GreenSQL User Guide
Click Browse next to the Certificate field, to locate the SSL certificate file.
Type a password in the Password field, if required.
Click Upload to upload the certificate.
To use the uploaded certificate, the certificate must be applied to a proxy. For
more information, see: and Managing Proxies.
Page 65 of 111
GreenSQL User Guide
5
Caching
5.1
The Caching module can greatly improve response time and performance by saving
database content (responses to queries) on the server where GreenSQL is installed.
When content is retrieved from the cache, a query to the Database is not performed,
saving system resources.
The cached information is saved into a defined memory space. Web Applications
connected to a database can get massive performance acceleration using the caching
feature.
5.2 Cache Settings

Caching is enabled by default. It can be enabled or disabled, globally or individually, in
the order they appear below.
Disabling Caching for an object higher in the list will override the Cache settings of
objects lower on the list.
Enabling Caching for an object higher in the list will apply Caching on objects lower on
the list, unless Caching has been disabled for these objects.
 Globally
 Per Database
 Per Policy
 Per Query
To disable Caching for all databases, disable caching in the System Settings tab.
Global configurations
The Global Cache Settings are located in the System page.
Page 66 of 111
GreenSQL User Guide
F igure 5-1: S ys tem C ac he C onfiguration P age
 To enable or disable caching globally for all databases, see: /Enable

Caching Globally.
 To modify maximum cache size on the GreenSQL server, see:
Maximum Cache Size.
 To modify caching per connection size, see:
Modify Per Connection Size
 To enable or disable caching queries.
 To enable or disable caching procedures.
Per Database configurations

To configure caching for a specific database, see: Databases.
Per Policy configurations
To configure caching for a specific Policy:
1. In the Policy page, click the Edit icon next to the policy for which caching will
be enabled or disabled.
2. Check the Caching Enabled checkbox to enable caching for the policy or
remove the check from the Caching Enabled checkbox to disable caching for
the policy.
3. Click Update to save changes.
Page 67 of 111
GreenSQL User Guide
Per Query configurations

To configure caching for a specific query:
1. In the Policy page, click the Query Groups option on the Policy Functions Bar.
The Query Groups option expands.
2. Click the Query Patterns option. The Query Patterns page is displayed.
3. Click the Edit icon next to the query pattern for which caching will be enabled or
disabled. The Edit Query Pattern page is displayed.
F igure 5-2: E dit Query P attern P age
4. Check the Do Not Cache This Query checkbox to disable caching for the
query. Leaving the checkbox empty will enable caching for this query, yet the
caching must be enabled per policy and globally as well. For more information
on caching, see: .
5. Click Update to save any changes.
5.3 Process
Caching is configured by the following parameters in each database’s Properties page:
 Minimum cache time (secs) (Default: 5 seconds)
 Maximum cache time (secs) (Default: 3600 seconds)
GreenSQL caching process works in the following order:
Page 68 of 111
GreenSQL User Guide
1. Each response to a unique query is retrieved from the database and cached on
the GreenSQL server for [Minimum cache time] and Cache Time (The amount
of time the query is to be cached) is set to [Minimum cache time].
2. As long as Cache Time is not reached, responses to queries are retrieved from
the cache.
3. Once Cache Time is reached:
3.1 The cached response is flushed.
3.2 Identification (MD5 signature) of the flushed response is stored for
comparison the next time the specific query is used.
3.3 The next time the specific query is used, the response is retrieved from the
database and an MD5 comparison is performed. If the response to the
query differs from the previous response, Cache time is reset to [Minimum
cache time]; otherwise Cache Time grows gradually until it reaches
[Maximum cache time].
4. When [Maximum cache time] is reached. Cache time will be retained until an
MD5 comparison test finds a modification change in the Database content.
Page 69 of 111
GreenSQL User Guide
6
Alerts
6.1
GreenSQL provides you the option to be alerted in response to specific, pre-configured
alert types. The Alerts function is designed to allow specified contacts to receive
periodic emails of selected event types, such as GreenSQL System changes, Audit
events, Firewall events, and Intrusion events.
6.2 Alerts Page Overview
The Alerts page is displayed by clicking the Alerts tab on any of the
Figure 6-1: Alerts Page
The following options appear in the left-hand functions bar:

 Alerts – Lists all configured alerts and enables you to create, edit and
delete alerts from the list
Page 70 of 111
GreenSQL User Guide
 Create Alert – Opens the Create Alert wizard

 Contacts – Lists all contacts and enables you to create, edit and delete
contacts from the list
 Create Contact – Opens the Create e-mail contact wizard
 SMTP Servers – Lists all configured SMTP servers and enables you to
create, edit and delete servers from the list
 Create SMTP Server – Opens the Create SMTP Server wizard
 To customize the Alerts table:
 Click the Customize button above the Alerts table. The following box
appears.
Figure 6-1: Alerts list customization
 Checkmark the fields to appear in the table or remove the checkmark

from fields to be removed from the table.
 Click Done to save these settings.
6.3 Creating Alerts

1. In the Alerts page, click Create Alert in the left functions menu or click Create
New. The Create Alert window appears. Before creating an alert, it is
recommended to create an SMTP Server and one or more contacts to receive
the alert.
2. Complete the following fields in the form:
 Alert Name – A name for the alert
 Alert Type – Type of events to appear in the alert
System – GreenSQL system logs, such as logins to management console,
rule creation or deletion, and others
Auditing – All queries which pass through the GreenSQL proxy and have
not been blocked
Firewall – All queries which were blocked by the custom firewall policies
Page 71 of 111
GreenSQL User Guide
Intrusion– All queries which were detected either by the IPS or the IDS
mechanism
Figure 6-3: Create Alert Page
 Duration – The frequency at which alerts will be sent to the selected

contacts.
An intrusion attempt can generate thousands of alerts per minute. Without
proper duration consideration, your mailbox can be jammed with
thousands of e-mail alerts and furthermore, you can be identified as a
spammer, GreenSQL will send you an alerts summary based on the
duration selection.
 Email Contact – Contacts to receive the alerts
3. Click the Create button. The new alert appears in the Alerts list.
Figure 6-4: New Alert Added to the Alerts List
Page 72 of 111
GreenSQL User Guide
6.4 Creating Contacts

In the Alerts page:
1. Click Contacts in the left functions menu.
2. Click Create Contact in the left functions menu or click Create New.
3. In the Create E-Mail Contact page, fill out the contact’s details.
Figure 6-5: Create E-Mail Contact Page
Click Create. The contact will appear in the Contacts list.
F igure 6-6: New C ontac t Added to C ontac ts L is t
Page 73 of 111
GreenSQL User Guide
6.5 Creating SMTP Servers

In the Alerts page:
1. Click SMTP Servers in the left functions menu.
2. Click Create SMTP Server in the left functions menu or click Create New.
3. In the Create SMTP Server page, fill out the SMTP server details and sender’s
information to appear in the sent emails. An example is shown below:
Figure 6-7: Create SMTP Server Page
4. Click Create to save settings.
Page 74 of 111
GreenSQL User Guide
7
Logs

 Page Overview
 Logs
 Intrusion Logs
 Logs
 Syslog Settings
 Log Settings
7.1
GreenSQL generates Traffic, intrusion and management logs.
The Traffic logs include a list of all queries that were blocked by custom firewall rules.
The Intrusion Logs logs include a list of all queries that were blocked by by an intrusion
attempt.
The management logs include a list of all GreenSQL configuration changes, update
activities, or management console activities.
All events are written into separate database files and can also be configured to be sent
to a configured syslog server.
7.2 Logs Page Overview
The Logs page is displayed by clicking the Logs tab on any of the GreenSQL
application’s pages.
Page 75 of 111
GreenSQL User Guide
Figure 7-1: Logs Page
The Logs page contains the following options in the left-hand functions bar:
 Traffic Logs – Lists events of allowed, blocked and monitored queries,
due to database firewall.
 Intrusion Logs – Lists events of blocked and monitored queries due to
intrusion detection or prevention rules.
 System Logs – Lists events of GreenSQL configuration changes,
updates or management console activities
 Archives – List of Archived logs which can be views
 Archives Rotation
 Number of Log Files – Maximum number of log files to appear in
the log directory
 Max File Size – The maximum size in MB of each log file
Events are written into log files in rotation. Once the [Max File Size] is
reached, a new file is created. If [Number of Log Files] is reached, the
oldest log file is overwritten.
 Scheduled Rotation - In addition to the rotations above, it is
possible to configure a scheduled time to stop writing into an existing
log file and start writing into a new one. The following options are
available: Disabled, Daily, Weekly and Monthly.
 Syslog Settings – Opens the Configuration page for configuring a

connection to a Syslog server
 Settings – Opens the Log Settings Configuration page
Page 76 of 111
GreenSQL User Guide
7.3 Traffic Logs

The traffic logs can be viewed by clicking Traffic Logs in the Logs functions bar.
The following logs appear in the page:
1. Events of blocked queries as a result of a Database Firewall policy.
2. Events of allowed requests due to failure to decrypt data using the
installed SSL certificate.
Figure 7-2: Traffic Logs
 To view additional information for an event:
1. Click on an event. An example of an event can be seen below:
Page 77 of 111
GreenSQL User Guide
F igure 7-3: T raffic L og E vent Details
2. Each event includes the following fields:

 Log ID – ID of the event in the list of Traffic Log events.
 Date – Date and time the event was created.
 Rule ID – ID of the rule in the policies list. Clicking the rule ID opens
the rule details.
Page 78 of 111
GreenSQL User Guide
 Action – Action applied to the query. Examples: Allow, Block, None.

 Blocking Action – Response to query when it is blocked. Examples:
Empty result set, Close SQL connection, Generate SQL error.
 Pattern – Pattern identified in the query which caused the policy to
apply on it.
 Original Query – The original query sent by the client
 To filter Traffic Logs:
1. Click the Filter button on top of the Traffic Logs table. The following box
appears:
Figure 7-4: Filtering Traffic Logs
The following filters may be applied:

 Date From – Shows events created at [Date From] and later
 Date To – Shows events created at [Date To] and earlier
 DB – Shows events for the selected database and filters the others
 Query Group – Shows events for the selected Query Group and filters
the others
 Risk Profile – Shows events for the selected Risk Profile and filters the
others
 Risk – Shows events for the selected level of risk and filters the others
 Action – Shows events for the selected action and filters the others
 Block Act – Shows events for the selected block action and filters the
others
2. Click Done to apply the filter.
Page 79 of 111
GreenSQL User Guide
To view all events, click the Filter button, reset all changes manually and click Done.
7.4 Intrusion Logs

The intrusion logs can be viewed by clicking Intrusion Logs in the Logs functions bar.
The logs appear in the page are Events of blocked queries as a result of identified SQL
injection attempts.
Figure 7-5: Intrusion Logs Page
7.5 System Logs

The System logs include details on GreenSQL management console activities, such as
login and logout from the management console, configuration changes, such as proxy,
database, objects and rule creation, modification or deletion, GreenSQL updates and
more.
Page 80 of 111
GreenSQL User Guide
F igure 7-6: S ys tem L ogs P age
 To view additional information for an event:
1. Click on an event. An example of an event can be seen below:
F igure 7-7: S ys tem L og E vent Details
2. Each event includes the following fields:

 Page – The accessed page
Page 81 of 111
GreenSQL User Guide
 Admin Name – Name of user performing the task

 IP Address – IP address of user
 User Agent – User’s browser type
 Message – Description of performed task
 Description – Additional information on the performed task
 Severity – Severity of the event
 Date – Date and time of the event
 To filter Management Logs:
1. Click the Filter button on top of the Management Logs table. The following box
appears:
Figure 7-8: Filtering Management Logs
The following filters may be applied:

 Date From – Shows events created at [Date From] and later
 Date To – Shows events created at [Date To] and earlier
 Page Name – Shows events of selected action and filters the others
 Admin Name – Shows events for the selected admin account
 Severity – Shows events for the selected severity
2. Click Done to apply the filter.
To view all events, click the Filter button, reset all changes manually and click Done.
 To customize the Management Logs table:
1. Click the Customize button above the Management Logs table. The following
box appears.
Page 82 of 111
GreenSQL User Guide
Figure 7-9: Customizing Management Logs Fields View
2. Checkmark the fields to appear in the table or remove the checkmark from
fields to be removed from the table.
3. Click Done to save these settings.
7.6 Configuring Syslog Settings

GreenSQL enables you to have log messages sent to a remote computer running a
Syslog server. Syslog is a standard used to capture log information from network
devices.
 To configure Syslog settings:
1. In the Logs page, click Syslog Settings in the left functions menu. The Syslog
Configuration page appears.
Figure 7-10: Syslog Configuration Page
2. Complete the following fields:

 Status – Enabled/Disabled to enable or disable writing to Syslog server
 Address – IP address of remote Syslog server
Page 83 of 111
GreenSQL User Guide
 Port – By default, Syslog servers listen on port 514 and the

communication is performed over UDP connection. This port may be
modified if needed.
 Minimum Severity – The minimum level of severity to be sent to the
Syslog server
 Facility – The type of alert to be sent to the Syslog server
 Enable or disable Traffic,Intrusion and System logs.
3. Click Update to apply settings.
7.7 Configuring Log Settings

To configure Log Settings, click the Settings option on the left-hand Functions Bar on
the Logs page.
The Logging Configuration page includes the following settings:
 Status – Enable or disable GreenSQL event logging
 File Path – Modify the GreenSQL log file path depending on the
Operating System where GreenSQL is installed
 File Name – Modify the GreenSQL log file name
F igure 7-11: L ogs S ettings P age
Page 84 of 111
GreenSQL User Guide
8
Reports
8.1
The reports feature enables you to view statistics of database activity. These statistics
include the following:
1. Top highest average execution time queries
2. Top executed queries
3. Top running execution span queries
4. Top intruders IP addresses
5. Top blocked queries
6. Top blocked users
7. Top blocked applications
8. Top bad attempts source IP addresses
The Reports page is displayed by clicking the Reports tab on any of the
8.2 Generate and View Reports

To view current statistics of database activity, a report can be generated.
 To generate a report:
1. In the Reports page, select Generate Report in the left-hand functions bar.
Page 85 of 111
GreenSQL User Guide
F igure 8-1: G enerate R eports P age
2. Click the Edit icon to modify the number of items to appear in the report.
3. Click the Create button next to the report type of your choice. A report is
immediately generated.
 To view a generated report:
1. In the Reports page, select Browse Reports in the left-hand functions bar.
F igure 8-2: B rows e R eports P age
2. Select the highest report on the list to view the most updated report or select any
other report to view reports generated previously.
3. The report is opened in a separate window and includes a summary as well as
detailed information on each item.
Page 86 of 111
GreenSQL User Guide
F igure 8-3: R eport example
Page 87 of 111
GreenSQL User Guide
9
Auditing

 Page Overview
 the Audit Log
 Audit Log Archives
 Advanced Auditing
 Audit Settings
9.1
The Audit feature is used to log transactions performed on the Database. This feature
assists in compliance with regulations and forensics, giving IT personnel and the
security officer information on queries which have reached the Database and have not
been blocked, such as extraction, modification and deletion of Database content or
Database configuration and system settings.
Using its Advanced Auditing option, GreenSQL will automatically provide a full audit of
all sensitive tables, which includes a “before and after” view for any change to
sensitive tables.
To view a detailed list of audited commands, see .
9.2 Auditing Page Overview
The Auditing page is displayed by clicking the Auditing tab on any of the
Page 88 of 111
GreenSQL User Guide
F igure 9-1: A uditing R eports P age
The Auditing page contains the following options in the left-hand functions bar:
 Reports – Lists all Audit events
 Policy – Lists all Rules of Audit events
 Archives – Lists all archived audit logs
 Archives Rotation – Opens audit settings for log rotation
 Settings – Opens the Auditing Configurations page. Enables you to
configure the audit logs directory path and status.
9.3 Viewing the Audit Log

All audited queries appear in the Audit log.
 To view audited queries:
1. In the Audit page, click on Reports in the left-hand functions bar. The Audit
Log will appear.
2. Select an event to view additional information on the event.
Page 89 of 111
GreenSQL User Guide
Figure 9-2: Audited event
Figure 9-3: Advanced Audited event
Page 90 of 111
GreenSQL User Guide
9.4 Auditing Policy
The Auditing Policy page is displayed by clicking the Auditing tab on any of
the GreenSQL application’s pages. Click on the Policy in the left-hand functions bar. A
list of all rules will appear.
 Types of Policies
 Administrative – Enables to create rules and audit various

administrative commands.
 Table Based – Enables to create a rule and audit proxy, database,
table and column according to the source options.
 To Create a New Policy
In the Database dropdown menu, select a database in order to apply the

policy to a specific database or select All Databases. If All Databases was
selected, either select a proxy for which to apply the policy or keep the
default value: All Proxies. The Create New Policy window expands and
presents additional settings.
the policy only on queries originating from specific source IPs, database
users and applications. To create these objects, see Policy Objects.
queries sent in specific time schedules. To create a schedule, see a
Schedule.
Advanced Auditing – Enables audit that includes the previous data and the
current data, the modified values are colored in red.
 Create an Administrative Policy

Administrative policy audit can track any changes occurs at:
Page 91 of 111
GreenSQL User Guide
- Schema Changes
- Functions And Procedures
- Privileges
- Data Types
- Jobs And Scheduling
- Servers Communication
- Data Security
- Backup And Restore
- Replication
- Profiling
- Service Broker
- Click Create to create the policy.
Page 92 of 111
GreenSQL User Guide
Figure 9-4: Creating Administrative Auditing Policy Page
 Create a Table Based Policy

Select a Table/Column from the drop down list or click on the New button
and browse into the database server and select a table or column.
Select the types of queries requested for audit:
 View
 Modify
 Delete
Page 93 of 111
GreenSQL User Guide
Click Create to create the policy.
Figure 9-5: Creating Table Based Auditing Policy Page
9.5 Viewing Audit Log Archives

 To view an archived audit log:
1. In the Audit page, click on Archives in the left-hand functions bar. A list of all
archived audit logs will appear.
2. Click on an archived log to view audit events.
9.6 Configuring Audit Settings

Audit settings can be modified in two locations. These are described in the following
sections.
Page 94 of 111
GreenSQL User Guide
9.6.1 Auditing Rotation
 To modify the log rotation settings for audit events:
In the Auditing page, click Audit Rotation in the left-hand functions bar. The
following settings can be modified:
Number of Log Files – Maximum number of log files to appear in the log
directory. When this number is reached, the oldest log file is overwritten.
Max File Size – Events are written into log files in rotation. Once the
[maximum file size] is reached, a new file is created, unless [Number of
Log Files] is reached and the oldest log is overwritten.
Scheduled Rotation Settings - In addition to the rotations above, it is
possible to configure a scheduled time to stop writing into a log file and
start writing into a new one. The following options are available: Disabled,
Daily, Weekly and Monthly.
F igure 9-6: Auditing R otation and S c heduled R otation S ettings P ages
9.6.2 Auditing Settings
 To modify Auditing settings:
In the Auditing page, click Auditing Settings in the left-hand functions bar. The
following settings can be modified:
Page 95 of 111
GreenSQL User Guide
Status – Enable or disable Auditing

Directory – Configure the path of the Audit event log.
File Name – Configure the the file name of the Audit event log.
F igure 9-7: Auditing S ettings P age
Page 96 of 111
GreenSQL User Guide
10
System Settings
10.1
The System page includes global settings and maintenance options.
The following settings can be configured:

 System
1. Global Response policy – Default response sent by
GreenSQL.
2. SMTP options – Select a primary and secondary SMTP server
to be used for sending alerts.
3. Statistics Refresh Interval –
4. Objects Association -
 Caching
1. Global Caching options – To Enable/Disable caching globally, and cache
queries and/or procedures.
2. Caching Max Memory Size –
3. Caching Per Connection Size –
The following procedures can be performed:

1. Backup of GreenSQL configuration
2. Restore of GreenSQL configuration
3. Install and view license
4. Logs Cleanup.
Page 97 of 111
GreenSQL User Guide
5. Reset GreenSQL to factory settings and delete logs.
The System page is displayed by clicking the System tab on any of the
Figure 10-1: System Configuration Page – Global View
10.2 Global Cache Settings

The Caching module saves Database responses on the GreenSQL server’s defined
memory space. For more information on the Caching module, see .
Page 98 of 111
GreenSQL User Guide
10.2.1 Disable/Enable Caching Globally
To disable the Caching module:
1. Click on any of the GreenSQL application’s windows. click Caching in

the left-hand functions bar The System Caching Configuration window
appears.
2. Select Disabled from the Caching Status dropdown menu.
To enable the Caching module:
1. Click on any of the GreenSQL application’s windows. click Caching in the

left-hand functions bar The System Caching Configuration window appears.
2. Select Enabled from the Caching Status dropdown menu.
10.2.2 Modify Maximum Cache Size

The Maximum Cache Size is the maximum disk space allowed for saving all
cache for all responses to queries on the server.
 To modify Maximum Cache size:
1. Click on any of the GreenSQL application’s windows. click Caching in

the left-hand functions bar The System Caching Configuration window
appears.
2. In the field Caching Max Memory Size, set a new value in MB.
Page 99 of 111
GreenSQL User Guide
3. Click Update to apply these settings.
10.2.3 Modify Caching Per Connection Size

The Caching Per Connection Size is the maximum disk space allowed for saving
all cache for all responses to queries on the server per connection.
 To modify Caching Per Connection size:
1. Click on any of the GreenSQL application’s windows. click Caching

in the left-hand functions bar The System Caching Configuration window
appears.
2. In the field Caching Per Connection Size, set a new value in MB.
10.2.4 Modify Caching Queries

appears.
2. In the field Caching Queries, enable or diable the checkbox.
10.2.5 Modify Caching Procedures

appears.
5. In the field Caching Procedures, enable or diable the checkbox.
Page 100 of 111

GreenSQL User Guide
10.3 Setting the Default Error Response

The default error to be sent to a client, when an invalid query causes a SQL error, is
configured in the System page of GreenSQL. To modify the type of error per database,
see: Databases.
The following errors can be configured to be sent to clients in response to queries which
cause SQL errors:
 Original Response – GreenSQL sends the client the original response
generated by the Database Management System without any modification.
 General Error Response – GreenSQL sends a generic error to the client
regardless of the original error the Database sends.
 Sanitized Error Response – GreenSQL sends the client the original error
generated by the Database while masking sensitive data.
10.4 Selecting SMTP Servers

SMTP servers are configured in the Alerts page. See SMTP Servers. To define which
SMTP server to use when sending alerts, follow the instructions below:
1. Click on any of the GreenSQL application’s windows. The System

Configuration window appears.
2. In the Primary SMTP Server dropdown menu, select the SMTP server to be
used for sending alerts.
3. (Optional) In the Secondary SMTP Server dropdown menu, select the SMTP
server to be used when the Primary SMTP server is unreachable.
10.5 Users and Management Permissions

The Administrators section in the System page enables you to create GreenSQL
administration users and grant them specific permissions based on group profiles.
Each profile specifies a set of permissions.
Page 101 of 111

GreenSQL User Guide
10.5.1 Creating Profiles

GreenSQL includes an Administrators and Default profiles by default. Both are
configured with full permissions to the GreenSQL Management Console. Each
profile’s permissions can be edited.
To create an additional set of permissions for users, create a new profile.
 To create a profile:
1. In the System page, click Administrators in the left-hand functions bar.

The Administrators menu expands.
2. Click Profiles. The User Profiles page appears.
Figure 10-2: System Page – User Profiles Page
3. Click Create New. The Create New User Profile page appears.
Page 102 of 111

GreenSQL User Guide
Figure 10-3: Create New User Profile Page
4. Type a profile name and click Create. The new profile will appear in the
Profiles list.
5. To grant permissions to a user to access a page, check the checkbox located in
the profile’s column and the page’s row.
Page 103 of 111

GreenSQL User Guide
10.5.2 Creating Administration Users
 To create a user:
1. In the System page, click Administrators in the left-hand functions bar.

The Administrators list appears.
Figure 10-4: Administrators List
2. Click the Create New button on the right top side of the window. The
Create Administrator window appears.
Page 104 of 111

GreenSQL User Guide
Figure 10-5: Create Administrator Page
3. From the top dropdown menu, select a Profile to apply to the user (For
more information on profiles, see: Profiles.
4. Complete the following fields:
 User
 Email
 First Name
 Last Name
 Password
 Verify Password
5. (Optional) Select the Management IP checkbox and type an IP address

from which the user can access the GreenSQL Management Console.
6. Check the Disabled checkbox to disable the account.
7. Click the Create button to save these settings.
10.6 Backup GreenSQL Settings

 To backup GreenSQL settings:
1. Click the System icon from any of the GreenSQL application’s pages.
2. Click on Backup&Restore in the left-hand functions bar. The Backup
page is displayed.
3. Click the Backup button.
4. A message appears, stating that backup has been successfully created.
5. Click on the XML.gz file path link to download the backup.
10.7 Restore GreenSQL Settings

 To restore GreenSQL settings from a backup:
Page 105 of 111

GreenSQL User Guide
2. Click on Backup&Restore in the left-hand functions bar. The

Backup&Restore option expands.
3. Click the Restore option. The Restore page is displayed.
4. Click the Browse… button to locate the backup file.
5. Click the Restore button to proceed with the restore process.
10.8 License installation

To enable the operation of GreenSQL, a license must be installed. If a license has
expired or has not been installed, the GreenSQL proxies will be inactive and the
connection to databases will not be available through GreenSQL.
 To apply GreenSQL license:
2. Click on License in the left-hand functions bar. The license installation page is
displayed.
Figure 10-6: License Installation Page
3. Type (Or paste) into the text box, the serial number sent to you by e-mail.
4. Click the Update button to install the license. Within a couple of minutes, the
following screen will appear:
Page 106 of 111

GreenSQL User Guide
Figure 10-7: License Installation Page – Registered
10.9 Viewing license information

To view specific license information and the availability status of the GreenSQL Update
service:
Click the System icon from any of the GreenSQL application’s pages.
Click on License Information in the left-hand functions bar. The Current License
page is displayed.
Figure 10-8: License Information Page
10.10 Logs Cleanup
GreenSQL generates Traffic, Intrusion and Management logs.

GreenSQL stores the logs in separated log containers according to it’s type, if required,
you may clear all GreenSQL logs according to the log type or all log type.
Page 107 of 111

GreenSQL User Guide
Figure 10-9: Logs Cleanup Page
10.11 Factory Reset

To reset all custom configuration and delete all logs, while retaining the license, follow
the instructions below.
Click the System icon from any of the GreenSQL application’s pages.
Click on Factory Reset in the left-hand functions bar. The Factory Reset page is
displayed.
Page 108 of 111

GreenSQL User Guide
Figure 10-10: Factory Reset Page
Click the Factory Reset button. You will be prompted to accept the deletion of your
custom settings.
Figure 10-11: Factory Reset Warning Message Box
Click OK.
Page 109 of 111

GreenSQL User Guide
11
Appendix
The following tables describe the objects and commands which are audited by the
Audit Module. The tables are sorted by database type.
MySQL Database
Object\Command CREATE DROP ALTER GRANT REVOKE

USER √ √ √ √ √
PLUGIN, SERVER, EVENT,
INDEX, TRIGGER, FUNCTION,
√ √ √
PROCEDURE, DATABSE,
VIEW, TABLE
In additional to the above, sensitive tables also audit: INSERT, UPDATE, DELETE,
TRUNCATE and SELECT (SELECT is audited for sensitive tables only if configured in
the database settings in the GreenSQL management console).
PostgreSQL Database
Object\Command CREATE DROP ALTER

TABLE, DATABASE, INDEX, VIEW, USER,
SCHEMA, LANGUAGE, TYPE,
CONVERSION, FUNCTION, TRIGGER,
CAST, RULE, GROUP, ROLE, OPERATOR,
TABLE SPACES, OPERATOR CLASS, √ √ √
SEQUENCE, FULL TEXT
CONFIGURATION, FULL TEXT
TEMPLATE, FULL TEXT DICTIONARY,
FULL TEXT PARSER
Page 110 of 111

GreenSQL User Guide
MS SQL
Object\Command CREATE DROP ALTER

LOG SHIPPING MONITOR, TYPE,
EXTENDED PROCEDURE, SPECIAL
INDEX, RENAME OBJECT*, SYSTEM
CONFIGURATION, STATISTICS, LOG
SHIPPING SECONDARRY, LOG SHIPPING
PRIMARY, FUNCTION, SIGNATURE,
DATABASE MASTER KEY, SERVICES
MASTER KEY, LINKED SERVER,
OPERATOR, ALERT, CATEGORY,
SCHEDULE, JOB, MESSAGE, ASSEMBLY,
√ √ √
PROCEDURE, TABLE, USER, DATABASE,
INDEX, BACKUP DEVICE, VIEW,
PARTITION FUNCTION, PARTITION
SCHEMA, SCHEMA, SERVER AUDIT,
SERVER AUDIT SPECIFICATION,
CERTIFICATE, CREDENTIAL,
SYMMETRIC KEY, ASYMMETRIC KEY,
APPLICATION ROLE, DATABASE ROLE,
REMOTE LOGIN, LOGIN, FULLTEXT
CATALOG, FULLTEXT INDEX, TRIGGER
* Any Object
Page 111 of 111

GreenSQL Pro User Guide

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

GreenSQL Pro User Guide

Diunggah oleh

Hak Cipta:

Format Tersedia

V.2.

3.6.10 Creating a Table............................................................................... 41

7.7 Configuring Log Settings ....................................................................... 84

Figure 2.8.1-1: GreenSQL Firewall

1.2 Document Conventions

Text set off in this manner presents clarifying information, specific

Text set off in this manner indicates a suggested method of

Memory and Hard Disk Space

2.2 Supported Database Servers

2.5 GreenSQL Common Functions

Enables you to add another row in the required field

Toggle to expand/collapse display

Toggle for policy view type

Enables you to create a new item as required

Enables you to customize the display of table fields

Indicates action is completed

Enables you to reorder rules in policy view

Enables you to edit an object’s settings

Enables you to delete an object

Table 2-1: GreenSQL Pro - Common Functions

2.6 GreenSQL Top Toolbar

GreenSQL Dashboard. To see a quick overview of

To create and list GreenSQL learning mode, database

To declare and list databases, create and list proxies and

To manage the system, auditing, firewall and intrusion

To view and set management, firewall and intrusion

To generate, edit properties and view custom reports

To manage and view audit events, audit and advanced

To set up global system settings for GreenSQL

Table 2-2: GreenSQL – Top Toolbar

Figure 2-3: Dashboard

GreenSQL consists of the following components:

The following services or processes run in the background, on Windows and

2.8.2 GreenSQL Directory

By default, GreenSQL is installed in the following directories:

Windows servers: C:\Program Files\GreenSQL\

Figure 3-1: Policy Page – Global View

Figure 3-2: Policy Page – Per Database View

3.2 Types of Policies

You are strongly advised to define policies in Learning Mode, at least

3.3 Creating a Policy

 Determine the type of policy you wish to create. See: of Policies.

The following sections explain how to:

3.3.1 Creating a Learning Mode Policy

 To Create a Learning Mode Policy:

Click to open the Policy page.

Figure 3-3: Create New Policy Page

In the Rule Type dropdown menu, select Learning Mode.

Figure 3-4: Create New Policy Page - Learning Mode

3.3.2 Creating a Database Firewall Policy

 To Create a Database Firewall Policy:

Click to open the Policy page.

Figure 3-5: Create New Policy Page

In the Rule Type dropdown menu, select Database Firewall.

 Table Based – Applies a policy concerning to a specific table in a

Figure 3-6: Create Database Firewall Policy Page

If Table Based selected the following field have to be filled:

Figure 3-7: Create a Table Object

Click Browse button – Database browser/crawler will pop up and provide

Figure 3-8: Proxy/Database Browser

Figure 3-9: Create a Table based policy

3.3.3 Creating a Risk-Based IPS/IDS Policy