DataSunrise Database Activity Monitoring for Cosmos DB for NoSQL

Cosmos DB Activity Monitoring allows to view user activity and changes made in the database. Thanks to it, you can easily identify fraudulent and undesirable user actions. Activity Monitoring collects log files. Without them, you can not do investigations or create a proper security system.

Privileged users also constitute a threat to the integrity and confidentiality of sensitive data. With DataSunrise you see every step of administrators, including security policy updates, modification of user accounts and permissions, and system configuration changes. Audit logs contain detailed descriptions of activities.

Activity Monitoring has a self-learning mode that analyzes incoming traffic and identifies queries typical for the provided environment. There are alerts for administrators that enable them to react quickly and minimize the risk of data breaches. When setting up audit rules database administrators could enable sending real-time notifications via SMTP or SNMP every time a rule is triggered.

Cosmos DB Activity Monitoring detects and records different types of hacking activity such as brute force, SQL injections, and others. Cosmos DB Monitoring is designed to be operated as simply as possible and it doesn’t cripple the server performance. DataSunrise helps to adhere to the regulations and laws in the information security sphere (SOX, HIPAA, PCI-DSS).

It also supports Syslog protocol and can be integrated with SIEM systems. The information imported contains code of queries and responses, session data on Cosmos DB database users, information about applications used to query the database, IP addresses, host names, configuration changes, including rule updates, database errors, authorization attempts, and more.