Oracle® Audit Vault And Database Firewall Auditor's Guide Release 20 E93409-08 September 2021 Oracle Audit Vault And Database Firewall Auditor's Guide, Release 20 E93409-08 Copyright © 2012, 2021, Oracle and/or its affiliates. Primary Authors: Karthik Shetty, Rajesh Tammana, Mahesh Rao , Ravi Kumar, Sachin Deshmanya, Manish Chandra Contributors: Vipin Samar, Marek Dulko, Nithin Gomez, William Howard-Jones, Sarma Namuduri, Paul Laws, Kaviarasi G, Lok Sheung, Soumya Vinod, Shrikrishna Mudrale, Paul Hackett, Tom Taylor This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle, Java, and MySQL are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle. Contents Preface Audience xvii Documentation Accessibility xvii Diversity and Inclusion xvii Related Documents xvii Conventions xvii Translation xviii Quick Reference for Common Tasks About this Quick Reference xix Targets xix User Accounts and Access Rights xx Email Notifications xx Status and Job Monitoring xx Audit Policies (for Oracle Databases) xx Firewall Policies xx Reports xxi Entitlements xxii Alerts xxii 1 Changes In Oracle Audit Vault and Database Firewall Release 20 2 Introducing Oracle Audit Vault and Database Firewall 2.1 Downloading the Latest Version of This Manual 2-1 2.2 Learning About Oracle Audit Vault and Database Firewall 2-1 2.3 The Auditor's Role 2-1 2.4 Understanding Targets 2-2 2.5 Understanding Firewall Policies 2-3 2.6 Understanding Audit Policies and Audit Data Collection 2-3 2.7 Requirements for Collecting Audit Data from Targets 2-3 iii 2.7.1 Requirements for Oracle Database 2-4 2.7.1.1 Ensuring That Auditing Is Enabled in the Target Database 2-4 2.7.1.2 Using Recommended Audit Settings in the Target Database 2-4 2.7.2 Requirements for SQL Server, Sybase ASE, and IBM DB2 Databases 2-5 2.8 Configuring Alerts and Notifications 2-5 2.9 Generating Reports 2-6 2.10 Creating Users and Managing Access 2-6 2.11 Logging in and Understanding the Audit Vault Server Console UI 2-6 2.11.1 Logging in to the Audit Vault Server Console 2-6 2.11.2 Understanding the Tabs in the Audit Vault Server Console UI 2-7 2.11.3 Working with Lists of Objects in the UI 2-7 3 Managing Targets 3.1 About Managing Targets 3-1 3.2 Viewing and Changing Settings for a Target 3-1 3.2.1 Viewing Audit Policy Settings for Oracle Databases 3-1 3.2.2 Retrieving User Entitlement Data for Oracle Database Targets 3-2 3.2.3 Activating Stored Procedure Auditing 3-3 3.2.4 Viewing a List of Audit Trails for a Target 3-4 3.2.5 Selecting a Firewall Policy 3-5 3.2.6 Viewing a List of Database Firewall Monitoring Points 3-5 3.2.6.1 Viewing a List of Monitoring Points for a Database Target 3-5 3.2.6.2 Viewing a List of Monitoring Points for All Your Target Databases 3-6 3.2.7 Setting a Data Retention (Archiving) Policy 3-6 3.3 Creating and Modifying Target Groups 3-7 3.3.1 About Target Groups 3-7 3.3.2 Creating and Modifying Target Groups 3-7 3.4 Managing Compliance for Target Databases 3-8 3.5 Setting Access Rights for Targets and Groups 3-9 4 Managing Access and Other Settings 4.1 Managing User Accounts and Access 4-1 4.1.1 About Oracle AVDF Auditor Accounts and Passwords 4-1 4.1.2 Creating Auditor Accounts 4-1 4.1.3 Viewing the Status of Auditor User Accounts 4-2 4.1.4 Managing User Access to Targets or Groups 4-2 4.1.4.1 About Managing User Access 4-2 4.1.4.2 Controlling Access by User 4-3 4.1.4.3 Controlling Access by Target or Group 4-3 iv 4.1.5 Changing a User Account Type 4-4 4.1.6 Changing the Auditor Password 4-5 4.1.7 Deleting an Auditor Account 4-5 4.2 Creating Templates and Distribution Lists for Email Notifications 4-6 4.2.1 About Email Notifications and Templates 4-6 4.2.2 Creating or Modifying an Email Distribution List 4-6 4.2.3 Creating or Modifying an Email Template 4-7 4.3 Creating Alert Syslog Templates 4-9 4.4 Viewing Monitoring Point and Audit Trail Status 4-9 4.4.1 Viewing Monitoring Point Status 4-9 4.4.2 Viewing Audit Trail Status 4-10 4.5 Monitoring Jobs 4-10 5 Creating Audit Policies for Oracle Databases 5.1 About Audit Policies 5-1 5.2 General Steps for Creating Audit Policies for Oracle Databases 5-1 5.3 Retrieving and Modifying Audit Policies from an Oracle Database 5-1 5.3.1 Understanding the Columns on the Audit Policies Tab 5-1 5.3.2 Retrieving Audit Policies from Multiple Oracle Databases 5-2 5.3.3 Scheduling Retrieval of Audit Settings for a Single Oracle Database 5-3 5.4 Provisioning Unified Audit Policies 5-3 5.4.1 Basic Auditing 5-3 5.4.2 Admin Activity Auditing Policy 5-5 5.4.3 User Activity Auditing Policy 5-7 5.4.4 Audit Compliance Standards 5-7 5.4.4.1 Center for Internet Security Recommendations Unified Audit Policy 5-8 5.4.4.2 Security Technical Implementation Guidelines (STIG) 5-8 5.4.5 Custom and Oracle Predefined Unified Policies 5-10 5.4.6 Provisioning Unified Audit Policies from the Audit Vault Server 5-12 5.5 Provisioning Traditional Audit Policies 5-13 5.5.1 About Creating Audit Policy Settings 5-13 5.5.2 Specifying which Audit Policies are needed 5-13 5.5.3 Creating Audit Policies for SQL Statements 5-14 5.5.3.1 About SQL Statement Auditing 5-14 5.5.3.2 Defining SQL Statement Audit Settings 5-14 5.5.3.3 Understanding the Statement Audit Settings 5-16 5.5.4 Creating Audit Policies for Schema Objects 5-16 5.5.4.1 About Schema Object Auditing 5-16 5.5.4.2 Defining Schema Object Audit Settings 5-17 5.5.4.3 Understanding the Object Audit Settings Page 5-18 v 5.5.5 Creating Audit Policies for Privileges 5-18 5.5.5.1 About Privilege Auditing 5-19 5.5.5.2 Defining Privilege Audit Settings 5-19 5.5.5.3 Understanding the Privilege Audit Settings Page 5-20 5.5.6 Creating Audit Policies for Fine-Grained Auditing (FGA) 5-21 5.5.6.1 About Fine-Grained Auditing 5-21 5.5.6.2 Using Event Handlers in Fine-Grained Auditing 5-22 5.5.6.3 Auditing Specific Columns and Rows 5-22 5.5.6.4 Defining Fine-Grained Audit Settings 5-22 5.5.6.5 Understanding the Fine-Grained Audit Settings
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages342 Page
-
File Size-