Guides

Getting Started with ALTR & Snowflake

Configure ALTR's Snowflake Service User

Connect a Data Source

Connect Columns to ALTR

Creating Policy & Manage Data

Features

Classification

Analytics

Column Access Policies

Thresholds

Row Access Policy

Audit Logs

Settings

Vault Tokenization

Advanced

Tokenization API

Management API

ALTR Driver JDBC Installation

ALTR Driver ODBC Installation

Configure Tableau to Gain User Level Observability

Integrating ALTR Notifications with AWS S3

TDS Proxy Installation

CDM Installation

Guides
Features
Advanced
Documentation
/
Features
/
/
Audit Logs

Audits in ALTR

ALTR provides a variety of auditing capabilities to enable ALTR Administrators to understand what sensitive data is being queried, as well as what administrative actions are taken in the ALTR platform. These are the Query Audits and System Audits, respectively.

Query Audits

ALTR maintains a log of all queries that accessed connected columns in Query Audits. These audits contain information concerning:

  1. Which user and role ran the query
  2. The time the query was executed
  3. What columns were accessed by the query
  4. How many values were returned by the query
  5. The query text, sanitized to remove potentially sensitive data (such as the content of WHERE clauses)

Query audits are generated after queries are executed in Snowflake by monitoring Snowflake Warehouse activity and logs. It may take several minutes for a query on connected columns to appear in ALTR’s query log after the query executes.

System Audits

Audit keeps a log many major administrative actions in the ALTR platform, such as:

  1. Connecting and disconnecting databases
  2. Connecting and disconnecting columns
  3. Created, changing, and removing governance rules
  4. Editing administrator information
  5. Threshold/Anomaly Triggers

These actions, and many more, are logged in ALTR’s System Audit Log. The System Audit log contains the following information:

  1. The date an action took place
  2. The ALTR Administrator who took the action
  3. What action was taken

Note: If you are using ALTR’s Management API to perform configuration, any actions taken by the API are logged under the name of the ALTR administrator that created the API key.

SIEM Exports of Audit Data

ALTR enables Enterprise and Enterprise Plus clients to export query and system audit data to an AWS S3 bucket which can then be ingested into logging tools or used to trigger notifications in external systems.

For instance, you can use the System Audits generated whenever a threshold is triggered to send an email to relevant parties about the threshold violation, or you can include information regarding all queries on sensitive data into your organizations Splunk logs.

Troubleshooting and FAQ

  1. I ran a query on a connected column, but I don’t see it in the Query Log
    ALTR monitors Snowflake Warehouse activity and logs to generate query audits, which may not be immediately available when the query executes. If there is no query activity after several minutes, ensure that the database connection is still healthy on the Data Sources Page. If problems persist, contact support@altr.com.
  2. I see System Audit activity for users who I know are not actively using the ALTR UI.
    Check to ensure that those users have not created Management API keys. ALTR treats actions taken by the Management API as being performed by the user who created the API keys. If that’s not the case, have those ALTR administrators immediately change their password and reach out to support@altr.com.

First section of content

Complete Cloud Data Control and Security

Guide

Features

Advanced

Release Notes

Support

support@altr.com
Copyright © 2022 ALTR Solutions, Inc.,
Privacy Policy
|
Terms of Service
|
SLA
ALTR.com uses cookies to ensure you the best experience on our website. View our privacy policy for more information.
Got It