Blue Core Research's "NO BULL" buyers guide to Database Auditing products - Part 11: Rule Engine

articles: 

The Rule engine is one of the critical pieces in an auditing solution. It sits between the data collection and the reporting output. It is the heart of the functionality that will take the job of reviewing the reports from impossible to manageable to easy. The reason it is so important is the vast amount of SQLs that go through a database engine. A good rule engine will reduce the amount of SQLs in the report and increase their relevance.

Scalability of the rule engine is an important thing to remember. One aspect of scalability is the processing power in terms of SQLs per second. The other aspect, just as important, is that ability to easily handle many databases. Setting up rules for each database individually doesn't scale so applying the same rule to multiple databases is critical.  This will enable you to maintain the rules with the least amount of effort and errors.

With billions of SQLs going through the database engine, the rule engine is your only tool to find the needle in the hay stack. So make sure you get enough flexibility, functionality, and performance in the rule engine because the haystack is very big. The better the rule engine, the more concise and to the point the reports are.