Instant Security Alerts
Get notified immediately when threats are detected. DB Audit's intelligent alerting system ensures your security team never misses a critical event.
Intelligent Alert Management
DB Audit's alerting engine processes millions of events per second, using rule-based triggers and machine learning to identify genuine threats while minimizing false positives. Alerts are enriched with context and routed to the right team through your preferred channels.
Alert Types
Security Alerts
Detect and respond to security threats like unauthorized access, SQL injection attempts, and privilege escalation.
- Failed login attempts
- SQL injection detection
- Privilege escalation
- Unauthorized schema changes
Compliance Alerts
Monitor policy violations and audit requirements to maintain regulatory compliance.
- PII access without authorization
- Data export violations
- Audit log tampering
- Policy bypass attempts
Anomaly Alerts
AI-powered detection of unusual database activity patterns that deviate from normal behavior.
- Unusual query patterns
- Abnormal data access volume
- Off-hours activity
- New application connections
Performance Alerts
Monitor database performance and get alerted when queries or connections impact system health.
- Slow query detection
- Connection pool exhaustion
- Lock contention
- Resource threshold breaches
Notification Channels
Route alerts to the tools your team already uses. Configure multiple channels per alert and set up fallback routing for critical notifications.
Send alerts to individual or group email addresses
Post alerts to Slack channels with rich formatting
Trigger incidents for on-call responders
Integrate with Teams for enterprise collaboration
Send JSON payloads to any HTTP endpoint
Forward to Splunk, Datadog, or other SIEM platforms
Severity Levels
Classify alerts by severity to prioritize response and route to appropriate channels.
Immediate action required. Active security breach or system failure.
Urgent attention needed. Potential security risk or policy violation.
Should be investigated. Unusual activity or compliance concern.
Informational. Noteworthy activity for audit purposes.
Alert Configuration
Define alert rules with triggers, thresholds, and routing. Use YAML configuration or the dashboard UI.
trigger Define the event type, threshold count, and time window. channels Route alerts to multiple notification channels. context Include relevant data fields in alert notifications. suppression Prevent alert fatigue with cooldown and rate limiting. # Alert Configuration Example
alerts:
- name: failed-login-threshold
description: Alert on multiple failed login attempts
enabled: true
trigger:
event: login_failed
threshold: 5
window: 5m
group_by: [username, source_ip]
severity: high
channels:
- type: slack
channel: "#security-alerts"
mention: "@security-team"
- type: email
recipients: [security@company.com]
- type: pagerduty
service_key: ${PAGERDUTY_KEY}
context:
include:
- username
- source_ip
- database
- failed_reason
suppression:
cooldown: 15m
max_per_hour: 10AI-Powered Anomaly Detection
Machine learning models analyze database activity patterns to detect anomalies that rule-based alerts might miss. The system learns normal behavior and flags deviations automatically.
The anomaly detection system continuously adapts to your environment. Initial baseline is established within 7 days, with ongoing refinement to reduce false positives.
# Anomaly Detection Configuration
anomaly_detection:
enabled: true
baseline:
learning_period: 7d
update_frequency: 24h
detectors:
- name: query-volume
description: Detect unusual query volume
sensitivity: medium
alert_severity: medium
- name: data-access-pattern
description: Detect unusual data access patterns
sensitivity: high
alert_severity: high
- name: off-hours-activity
description: Detect activity outside business hours
business_hours:
start: "08:00"
end: "18:00"
timezone: "America/New_York"
days: [monday, tuesday, wednesday, thursday, friday]
alert_severity: medium
- name: new-application
description: Alert on connections from new applications
alert_severity: low
exclusions:
users: [backup_user, monitoring]
applications: [health_check, cron_job]Escalation Policies
Ensure critical alerts are never missed. Configure multi-level escalation with automatic promotion to senior responders if alerts are not acknowledged.
# Escalation Policy
escalation:
- name: security-incident
description: Escalation for security incidents
levels:
- level: 1
delay: 0
channels:
- type: slack
channel: "#security-alerts"
- type: email
recipients: [security@company.com]
- level: 2
delay: 15m
condition: not_acknowledged
channels:
- type: pagerduty
service_key: ${PAGERDUTY_KEY}
- type: slack
channel: "#security-urgent"
mention: "@security-lead"
- level: 3
delay: 30m
condition: not_resolved
channels:
- type: pagerduty
service_key: ${PAGERDUTY_EXEC_KEY}
- type: email
recipients: [ciso@company.com]
auto_resolve:
enabled: true
after: 24h
notify: trueAlert Management
Manage alerts through the dashboard, CLI, or API. View history, acknowledge incidents, and analyze alert patterns.
# List recent alerts
dbaudit alerts list --last 24h
# Filter by severity
dbaudit alerts list --severity critical,high
# Acknowledge an alert
dbaudit alerts ack --id alert_12345 --comment "Investigating"
# Resolve an alert
dbaudit alerts resolve --id alert_12345 --comment "False positive - excluded user"
# View alert statistics
dbaudit alerts stats --last 7d --group-by severity
# Test alert configuration
dbaudit alerts test --config alerts.yaml --dry-runNext Steps
Never Miss a Security Threat
Set up real-time alerting in minutes. Get notified instantly when suspicious activity is detected in your databases.