Details
Description
We should audit access denied to detect threats, hackers, external attacks.
To aid in diagnosis, it is necessary to keep track of failed attempts in addition to the successful ones.
N1QL requests from unauthorised users to DML statements such as SELECT, INSERT, UPDATE, DELETE and EXECUTE; and DDL statements such as CREATE, ALTER, DROP, GRANT and REVOKE need to be audited.
Attempts to elevate access such as adding a role, removing a role or modifying the roles for a user via REST, CLI, UI, N1QL needs to be audited, both successful and unsuccessful attempts. Also any attempts to read user and group privileges via REST, CLI, UI, N1QL need to be audited, both successful and unsuccessful attempts.