Using Oracle Data Safe
Total Page:16
File Type:pdf, Size:1020Kb
Oracle Cloud Using Oracle Data Safe E92975-42 June 2021 Oracle Cloud Using Oracle Data Safe, E92975-42 Copyright © 2019, 2021, Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle. Contents 1 Get Started with Oracle Data Safe Oracle Data Safe Overview 1-1 Features of Oracle Data Safe 1-1 Key Concepts and Terminology 1-2 Try Oracle Data Safe for Free 1-6 Overvew 1-6 Trial Period 1-6 Grace Period 1-7 Set Up Oracle Data Safe 1-7 Sign In to the Oracle Data Safe Console 1-7 Sign In From Your Regional Oracle Data Safe Service Page 1-8 Sign In From the Oracle Cloud Infrastructure Console 1-9 Related Resources 1-10 Oracle Data Safe Dashboard 1-10 2 Security Assessment Security Assessment Overview 2-1 Introduction 2-2 Use Cases 2-2 Security Assessment Workflow 2-2 Comprehensive Assessment Reports 2-3 About Comprehensive Assessment Reports 2-3 Example 2-3 Findings 2-4 Baseline Reports 2-4 Comparison Reports 2-5 About Comparison Reports 2-5 Example 2-5 Interpreting Comparison Reports 2-6 View Comprehensive Assessment Reports 2-7 View a Comprehensive Report from the Security Assessment Wizard 2-7 View a Comprehensive Assessment Report from the Reports Tab 2-7 iii Create Security Assessment Jobs 2-7 Prerequisites 2-8 Create a Security Assessment Job 2-8 Compare Comprehensive Assessment Reports 2-8 Set a Baseline Report and Generate a Comparison Report from the Security Assessment Wizard 2-8 Set a Baseline Report from a Comprehensive Assessment Report Page 2-9 Generate a Comparison Report from a Comprehensive Assessment Report Page 2-9 Schedule Recurring Security Assessment Jobs 2-9 Schedule a Recurring Security Assessment Job for a Single Target Database 2-9 Update a Recurring Security Assessment Job for a Single Target Database 2-10 Schedule a Recurring Security Assessment Job for Multiple Target Databases 2-11 Delete a Recurring Security Assessment Job 2-11 3 User Assessment User Assessment Overview 3-1 User Assessment Reports 3-1 Charts 3-2 Table 3-3 Create User Assessment Jobs 3-4 Prerequisites 3-4 Create a User Assessment Job 3-4 4 Activity Auditing Activity Auditing Overview 4-2 About Activity Auditing 4-2 Activity Auditing Workflow 4-2 Audit Policies 4-3 Audit Policies in Oracle Data Safe 4-4 Basic Auditing Policies 4-4 Admin Activity Auditing Policy 4-6 User Activity Auditing Policy 4-7 Custom and Oracle Predefined Policies 4-7 Audit Compliance Standards 4-8 Audit Trails 4-8 Audit Trails in Oracle Data Safe 4-9 Supported Audit Trails 4-9 Auto Purge 4-10 Alerts and Alert Policies 4-10 Alerts Page 4-10 iv Alert Policies in Oracle Data Safe 4-11 Audit Data Lifecycle Management 4-11 Audit Data Retention 4-11 Audit Data Archival 4-12 Audit Data Retrieval 4-12 Deregistered Target Databases 4-12 Activity Auditing Reports 4-13 Service Activity Report 4-13 Retrieve and Provision Audit Policies 4-14 Add Audit Trails 4-17 Manage Audit Collection 4-18 Start and Stop Audit Collection on Target Databases 4-18 Update Audit Policies 4-19 Enable Auto Purge for Audit Trails 4-19 View an Audit Trail Log 4-19 Remove Audit Trails 4-20 Configure Audit Data Retention 4-20 Collect Audit Data Beyond the Free Limit 4-21 Retrieve Audit Data for a Target Database from the Archive 4-21 Return Audit Data to the Archive 4-22 Manage Alerts 4-22 View Alerts 4-22 Change the Status of Alerts 4-24 Create Alert Reports 4-24 Download Alert Reports 4-25 Update Alert Policies 4-25 5 Data Discovery Data Discovery Overview 5-1 About Data Discovery 5-2 Data Discovery Workflow 5-2 Sensitive Types 5-3 Predefined Sensitive Types 5-4 User-Defined Sensitive Types 5-4 Column Name Pattern 5-5 Column Comment Pattern 5-5 Column Data Pattern 5-6 Search Pattern 5-6 Related Content 5-7 Referential Relationships 5-7 v Dictionary-Based Referential Relationships 5-7 Non-Dictionary Referential Relationships 5-8 Sensitive Data Models 5-8 About Sensitive Data Models 5-8 Verification Feature 5-8 Incremental Update Feature 5-9 Data Discovery Reports 5-9 Create Sensitive Types 5-9 Create Data Discovery Jobs 5-10 Manage Sensitive Types 5-12 View Sensitive Type Details 5-12 Update a User-Defined Sensitive Type 5-13 Delete a User-Defined Sensitive Type 5-13 Manage Sensitive Data Models 5-13 View a Sensitive Data Model 5-14 Verify a Sensitive Data Model 5-14 Update a Sensitive Data Model 5-15 Manually Add or Remove Sensitive Columns From a Sensitive Data Model 5-16 Delete a Sensitive Data Model 5-17 Download a Sensitive Data Model 5-17 Upload a Sensitive Data Model 5-17 6 Data Masking Data Masking Overview 6-2 The Challenge 6-2 The Solution 6-2 Common Data Masking Requirements 6-3 Data Masking in Oracle Data Safe 6-3 Data Masking Workflow 6-4 Masking Formats 6-5 About Masking Formats 6-5 Combinable 6-5 Uniqueness 6-6 Reversible 6-6 Deterministic 6-6 Related Content 6-7 Masking Policies 6-7 Data Masking Reports 6-7 Conditional Masking 6-8 Group Masking 6-8 vi About Group Masking 6-8 Group Masking Example Using Shuffle 6-9 Group Masking Example Using Deterministic Substitution 6-9 Create Data Masking Jobs 6-10 Part 1: Select a Target Database 6-10 Part 2: Define the Masking Policy and Sensitive Data Model 6-11 Option 1: Create a Masking Policy and Sensitive Data Model 6-11 Option 2: Create a Masking Policy with a Sensitive Data Model from the Library 6-12 Option 3: Create a Masking Policy with an Uploaded Sensitive Data Model 6-12 Option 4: Reuse a Masking Policy from the Library 6-13 Option 5: Upload a Masking Policy and Sensitive Data Model 6-13 Option 6: Upload a Masking Policy and Select a Sensitive Data Model from the Library 6-14 Part 3: Review the Sensitive Data Model 6-14 Part 4: Configure the Masking Formats 6-15 Part 5: Schedule the Job 6-16 Create Masking Formats 6-17 About User-Defined Masking Formats 6-17 Create a Masking Format 6-17 Manage Masking Formats 6-18 View a Masking Format 6-18