Types of VA policies
You can use the following two types of policies for database vulnerability assessments:
- Pre-defined policies — Fortinet adaptation of best practice database security policy. In addition to numerous database vulnerability policies, Fortinet also provides policies that help you perform OS-level assessments, such as making sure that your OS version is appropriate for the version of your target database.
- User-defined policies — Customer or third-party adaptation of an industry or company-specific security policy. You create these types of policies using conventional or procedural SQL.
You can use the policy groups that ship with FortiDB or create your own.