How DB Audit Works
DB Audit uses an agentless architecture that monitors database activity without impacting performance. Understand the components, data flow, and security model.
System Architecture
┌─────────────────────────────────────────────────────────────────────────────┐ │ YOUR ENVIRONMENT │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ PostgreSQL │ │ MySQL │ │ MongoDB │ │ Snowflake │ │ │ │ Database │ │ Database │ │ Database │ │ DW │ │ │ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │ │ │ │ │ │ │ │ │ Native Audit Logs (read-only) │ │ │ │ │ │ │ │ │ │ └──────────────────┼──────────────────┼──────────────────┘ │ │ │ │ │ │ ┌───────▼──────────────────▼───────┐ │ │ │ DB AUDIT COLLECTOR │ │ │ │ • Event parsing & normalization │ │ │ │ • Data masking & enrichment │ │ │ │ • Local caching & buffering │ │ │ └────────────────┬─────────────────┘ │ │ │ │ └─────────────────────────────────────┼───────────────────────────────────────┘ │ TLS 1.3 Encrypted │ ┌─────────────────────────────────────▼───────────────────────────────────────┐ │ DB AUDIT CLOUD │ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ │ │ Event Storage │ │ ML Analysis │ │ Alert Engine │ │ │ │ & Indexing │ │ & Detection │ │ & Routing │ │ │ └─────────────────┘ └─────────────────┘ └────────┬────────┘ │ │ │ │ └─────────────────────────────────────────────────────┼───────────────────────┘ │ ┌─────────────────────────────────┼─────────────────────┐ │ │ │ ┌─────▼─────┐ ┌───────────┐ ┌────────▼────────┐ ┌─────────┐ │ Slack │ │ Email │ │ PagerDuty │ │ SIEM │ └───────────┘ └───────────┘ └─────────────────┘ └─────────┘
The collector reads native audit logs from your databases and streams events to DB Audit Cloud for analysis, storage, and alerting.
Core Components
DB Audit Cloud
Central management plane hosted by DB Audit (or self-hosted). Handles authentication, policy management, event storage, analytics, and alerting.
Collector
Lightweight agent deployed in your environment. Connects to databases, collects audit events, and streams them securely to the cloud or your self-hosted instance.
Database Connectors
Protocol-specific adapters that interface with native audit mechanisms in each database. No database modifications required.
What "Agentless" Really Means
Unlike traditional database activity monitoring (DAM) solutions that require installing agents directly on database servers, DB Audit uses an external collector that reads native audit logs. This approach provides several advantages:
Zero Performance Impact
No agents running on your database servers means no CPU, memory, or I/O overhead. Your databases operate at full performance.
No Database Modifications
DB Audit reads existing audit logs. No extensions to install, no stored procedures to add, no database restarts required.
Simplified Deployment
Deploy a single collector that monitors multiple databases. No per-server installation or maintenance required.
Read-Only Access
The collector only needs read access to audit logs. It never modifies data or schema, minimizing security risk.
Data Flow
Event Capture
Database activity triggers native audit logging (pgaudit, MySQL audit log, etc.). The collector reads these events in real-time.
Processing & Enrichment
Events are parsed, normalized to a common schema, enriched with metadata (user context, geo-IP, classification tags), and sensitive data is masked.
Secure Transmission
Events are batched, compressed, and sent over TLS 1.3 to DB Audit Cloud. Local caching ensures no data loss during network interruptions.
Analysis & Storage
Events are analyzed by ML models for threat detection, indexed for search, and stored in encrypted, immutable storage.
Alerting & Response
Policy violations and detected threats trigger real-time alerts. Events are forwarded to SIEM platforms via configured integrations.
Deployment Models
SaaS (Fully Managed)
DB Audit Cloud handles all infrastructure. You only deploy the lightweight collector.
Advantages
- Zero infrastructure to manage
- Automatic updates and scaling
- Global availability
Considerations
- Data leaves your network
- Requires outbound internet access
Self-Hosted
Deploy the entire DB Audit stack in your own environment for complete data sovereignty.
Advantages
- Full data control
- Air-gapped support
- Custom retention policies
Considerations
- Infrastructure management required
- Manual updates
Hybrid
Collectors in your environment with selective data forwarding to DB Audit Cloud for advanced analytics.
Advantages
- Sensitive data stays local
- Cloud ML capabilities
- Flexible compliance
Considerations
- More complex setup
- Requires careful data classification
Air-Gapped Architecture
For self-hosted and air-gapped deployments, all components run entirely within your network boundary. No data leaves your environment.
┌─────────────────────────────────────────────────────────────────────────────────┐ │ YOUR NETWORK (AIR-GAPPED) │ │ No external connections whatsoever │ │ │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ PostgreSQL │ │ MySQL │ │ MongoDB │ │ Oracle │ │ │ │ Database │ │ Database │ │ Database │ │ Database │ │ │ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │ │ │ │ │ │ │ │ │ Native Audit Logs (read-only) │ │ │ │ │ │ │ │ │ │ └──────────────────┼──────────────────┼──────────────────┘ │ │ │ │ │ │ ┌───────▼──────────────────▼───────┐ │ │ │ DB AUDIT COLLECTOR │ │ │ │ • Event parsing & normalization │ │ │ │ • Data masking & enrichment │ │ │ │ • Local caching & buffering │ │ │ │ • Zero outbound connections │ │ │ └──────┬──────────────┬────────────┘ │ │ │ │ │ │ ┌────────────▼──┐ ┌──────▼──────────┐ │ │ │ MinIO / S3 │ │ Redis Cache │ │ │ │ (Encrypted) │ │ (HA Queue) │ │ │ └───────────────┘ └─────────────────┘ │ │ │ │ │ ┌────────────▼──────────────────────────┐ │ │ │ DB AUDIT WEB UI │ │ │ │ • Dashboards & Reports │ │ │ │ • Policy Management │ │ │ │ • User Administration │ │ │ └──────────┬────────────────────────────┘ │ │ │ │ │ ┌───────────────┼───────────────────────────────────┐ │ │ │ │ │ │ │ │ ┌─────▼─────┐ ┌─────▼─────┐ ┌──────▼──────┐ ┌────────▼────┐ │ │ │ Internal │ │ Internal │ │ Internal │ │ Prometheus │ │ │ │ SIEM │ │ SMTP │ │ LDAP/AD │ │ + Grafana │ │ │ └───────────┘ └───────────┘ └─────────────┘ └─────────────┘ │ │ │ └────────────────────────────────────────────────────────────────────────────────┘ ▲ No traffic crosses this boundary ▲
Security Model
DB Audit is designed with security as a core principle. Your audit data is protected at every stage.
All data in transit encrypted with modern TLS
All stored data encrypted with AES-256
Sensitive query values masked before leaving your network
Built to meet SOC 2 and ISO 27001 requirements
Data processing agreements and EU data residency available
Collectors never modify your databases
Collector Requirements
The DB Audit Collector is lightweight and can run on minimal infrastructure.
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 1 vCPU | 2 vCPU |
| Memory | 512 MB | 1 GB |
| Disk | 1 GB | 10 GB (for local cache) |
| Network | Outbound HTTPS (443) | Dedicated subnet |
| OS | Linux (x64, ARM64), Windows Server 2016+, macOS 11+ | |