Dashboard

Auto-refresh:

Real-time database activity overview

System Threat
Events (24h)
Events (7d)
Unresolved Alerts
Monitored DBs

DB Connection Status

Loading…

Activity Timeline (24h)

No activity data yet

Alert Severity Split

No alert data yet

Top DB Users (by event count)

No user data yet

Compliance Coverage

PCI-DSS
SQL injection · access control · data export
HIPAA
Off-hours access · credential changes
SOX
Schema changes · system catalog access
GDPR
Mass exfiltration · data export detection

Recent Events

Loading…
No events yet.
Time DB User Type Query Severity

Recent Alerts

No recent alerts.

Monitored Databases

Configure which databases to monitor

Loading…
No databases configured.
Name Type Environment Host Risk Status Actions

Add Monitored Database

DAM will auto-start a collector when saved.

Edit Database

Connecting and fetching metadata…

🗄 Databases

Name Owner Encoding

👤 Users

Username Host Superuser Roles Attributes

🔑 Roles

Role Name Built-in Members

Events

Database activity log

Auto-refresh:
Loading…
No events found.
Time Database User Type Query Exec ms Severity OK

Event Detail

Alerts

Detected security and anomaly alerts

Loading…
No alerts found.

Alert Detail

Detection Rules

Configure what triggers alerts

Loading…
No rules configured.
Page of  ·  rules

built-in

Edit Business Hours

Rule fires on any DB activity outside office hours or on non-selected days.

Add Custom Rule

Collectors

Active collector processes — last 7 days, auto-deduped per database

Loading…
No collectors seen in the last 7 days.

Users

Manage analyst and admin accounts

Email Name Role Status Actions

Add User

Notifications

Alert notification channels

No notification channels configured.

Add Notification Channel

DAM will POST a JSON payload with alert details to this URL.

Reports

Export compliance and activity reports as CSV

Audit Log

Immutable record of all DAM system actions

Timestamp User Action Resource IP Address User Agent Details

Settings

Retention policies and data masking

Data Retention

Events older than this are automatically purged

Resolved alerts older than this are purged

Data Masking

Masking patterns are configured in dam.toml under [masking]. Patterns are applied to raw SQL before storage.

[masking]
enabled = true
patterns = [
  "(?i)SET\\s+\\w*password\\w*\\s*=\\s*'[^']*'",
  "\\b\\d{4}[- ]?\\d{4}[- ]?\\d{4}[- ]?\\d{4}\\b",
]

Restart the server after changing dam.toml masking patterns.

SIEM Integration

Forward events, alerts, and audit logs to Splunk, QRadar, ELK, or any syslog/HTTP receiver.

CEF/LEEF: Sent via UDP to the configured host:port — ensure your SIEM is listening.   JSON-HTTP: POSTed to the URL (include http:// or https://).

Security Settings

Configure brute-force login protection. Changes take effect immediately without restart.

Failures before lockout (per IP)

Window over which failures are counted

How long an IP is locked out

Resolve Alert

Rule Backtest

Running backtest…
Events scanned:
Matches:
No matches found in recent events.