To better respond to a suspected security problem it is always very useful to have an audit trail to examine. One way to have such a trail is to install a temporal extension. These extensions track the history of database content over time. The Isok tables could be temporally tracked, to audit what queries were changed when, as well as what query results were produced or deleted when.

A conceivable, although entirely untested on our part, idea is to use a temporal extension to track changes made to the postgres database. Otherwise known as the system catalog, pg_catalog, this database contains the definitions of all objects in all databases. Tracking the catalog provides an audit trail should a malicious object be created, although this would not help if pg_temp was involved.

Some installations may even want to temporally track all their tables, although this may not be feasible for a whole host of reasons.