Database Activity Monitoring (DAM) and Auditing
RCCE students will learn detecting anomalous queries and maintaining compliance through granular audit logs. RCCE students will learn to apply industry-standard tools and techniques to identify weaknesses and verify security controls. The course covers practical scenarios ranging from initial setup to final reporting. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Database Activity Monitoring (DAM) and Auditing
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for key differentiators — covering Real-time capture of database traffic, Cannot be disabled by DBAs, 93% of breaches involve database targets.
- Execute hands-on tasks for independent from native db logging — covering Cannot be disabled by DBAs.
- Execute hands-on tasks for why dam matters — covering 93% of breaches involve database targets.
- Explain DAM Architecture Overview fundamentals
- Execute hands-on tasks for proxy/agent
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for network-based (agentless) — covering Passive network tap / SPAN port.
- Execute hands-on tasks for inline proxy — covering Query passes through DAM proxy.
- Monitor and audit privilege usage; detect escalation attempts, including Leverages built-in DB audit.
| Module 01 | Database Activity Monitoring |
| Module 02 | What Is Database Activity Monitoring? |
| Module 03 | Key Differentiators |
| Module 04 | Independent from native DB logging |
| Module 05 | Why DAM Matters |
| Module 06 | DAM Architecture Overview |
| Module 07 | Proxy/Agent |
| Module 08 | DAM Deployment Models |
| Module 09 | Network-Based (Agentless) |
| Module 10 | Inline Proxy |
| Module 11 | Native Audit + Forwarding |
| Module 12 | Database Audit Log Mechanics |
| Module 13 | How Audit Logs Capture Events |
| Module 14 | Anomalous Query Detection Methods |
All hands-on labs run on Rocheston Rose X OS. Students practice database activity monitoring (dam) and auditing by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Monitor and audit privilege usage; detect escalation attempts
- Lab 3: Execute hands-on tasks for key differentiators
- Lab 4: Execute hands-on tasks for independent from native db logging
- Lab 5: Execute hands-on tasks for why dam matters
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Database Activity Monitoring (DAM) and Auditing, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI