Auditing on high volume of data/records to capture malicious activity
We would like to requesting in the MongoDB Audit logs the following attributes: (available in profiler )
nreturned
system.profile.responseLength
Additionally if this could be a MongoDB Alert that would be extremely helpful as well if we could provide a threshold in size BYTES (system.profile.responseLength) and/or RECORDS returned (nreturned)
This will help with security management in particular active auditing for capturing high volume of data/records returned by an account and could identify malicious activity or being hacked.
2
votes
norman
shared this idea