After-Hours Access Monitoring

Many breaches show themselves first as database queries at unusual hours. Aurva can alert on, or block, access outside approved windows.

Setup

1. Confirm DAM is active for the assets you want to protect — see Monitoring Configuration.
2. Create a policy in Creating a Custom Policy and choose either Detect & Alert (monitoring) or Block Risk Queries (prevention).
3. Under Policy Schedule, choose Recurring Schedule and define your business hours window (e.g., Monday–Friday 09:00–19:00 in your local timezone). Aurva will treat any query outside this window as a match.
4. Optionally narrow the actor scope to non-service accounts so scheduled jobs don't trigger noise.
5. Route alerts via Slack or Jira through Alert Routes.

Tuning

Run Test Policy before deployment — the impact analysis will tell you how many of the last 24 hours' queries would have matched. A 5–10% match rate usually means the rule is well-targeted; higher than that often indicates legitimate after-hours batch jobs that should be excluded.