Insider Threat Management

New Feature to Monitor SQL Queries by DBAs in Production Database

Share with your network!

We are excited to announce our new DBA Activity Audit feature, which allows Proofpoint ITM users to monitor and audit all SQL queries executed by DBAs against production databases.

With this powerful new capability, for the first time ever, you can now easily audit manual changes made to production databases and identify the actual person who made those changes and when.  This is possible because Proofpoint ITM records, for each executed query, the network login ID of the user who ran the query.  In situations where shared network logins are used (e.g., administrator), a secondary login ID can be made mandatory to ensure that individual user identities are still available.

You can also use this tool to assist in the investigation of root cause analysis of database problems. For example, you can generate lists of recent or historical queries which involved particular database objects (e.g., tables, fields) or values – by using fast and easy free-text search.

Watch this video  to see how quickly Proofpoint ITM allows you to drill down and review all SQL queries performed on a given date, database name, DB User, server, login ID, table name, or any text contained within the queries.


SQL queries are now also included in the session activity details displayed in the Server Diary and User Diary pages. When using the Search page in Metadata mode, text matches within SQL queries will also return the relevant sessions in the search results.

SQL query activity is captured by Proofpoint ITM when the DBA is using Microsoft SQL Server Management Studio, Toad for Oracle or SQL*Plus on a Proofpoint ITM-monitored computer.