This document provides information about creating and managing database audit policies for Oracle databases using the AuditVault Server console. It discusses retrieving existing audit settings from an Oracle database, specifying which settings are needed, and creating new audit policy settings for SQL statements, schema objects, privileges, and capture rules. The general steps outlined are to retrieve current audit settings, define additional needed settings, and then provision the audit policy back to the database.
Painting the Future of Big Data with Apache Spark and MongoDBMongoDB
MongoDB is the fastest growing non-relational database, while Apache Spark is the fastest growing data processing engine, and the most active big data project in the history of Apache. Databricks, founded by the creators of Spark, will present how they see Spark evolving to address new use cases, and how to combine the power of MongoDB with Spark.
ELECCIONES AL CONSEJO NACIONAL DE LA MAGISTRATURA. La ONPE ha hecho público el Padrón de los Profesionales Nutricionistas que deberán participar en las Elecciones de Consejeros del Consejo Nacional de la Magistratura por los miembros de los Colegios de Abogados y los Colegios Profesionales del País 2010. Se tiene alli, el nombre completo, el DNI, Mesa de Sufragio, Miembro de Mesa, Departamento, Provincia Distrito, Local y Dirección DONDE CADA PROFESIONAL DEBE IR A VOTAR.
Painting the Future of Big Data with Apache Spark and MongoDBMongoDB
MongoDB is the fastest growing non-relational database, while Apache Spark is the fastest growing data processing engine, and the most active big data project in the history of Apache. Databricks, founded by the creators of Spark, will present how they see Spark evolving to address new use cases, and how to combine the power of MongoDB with Spark.
ELECCIONES AL CONSEJO NACIONAL DE LA MAGISTRATURA. La ONPE ha hecho público el Padrón de los Profesionales Nutricionistas que deberán participar en las Elecciones de Consejeros del Consejo Nacional de la Magistratura por los miembros de los Colegios de Abogados y los Colegios Profesionales del País 2010. Se tiene alli, el nombre completo, el DNI, Mesa de Sufragio, Miembro de Mesa, Departamento, Provincia Distrito, Local y Dirección DONDE CADA PROFESIONAL DEBE IR A VOTAR.
What's your "Idea Worth Spreading?" Steve McKee, President of McKee Wallwork Cleveland and author of When Growth Stalls, calls it "SPARK". Some brands go from no-name to big-time almost overnight. Some seem to catch fire out of nowhere. Yet while some hot brands are the result of random chance, others are, in fact, strategically sparked. McKee reveals how much in common physical sparks have with metaphorical sparks--in world history and in marketing history. He then outlines the conditions necessary for ideas to catch fire, and offer principles anyone can use to make their own ideas catch fire.
What's your "Idea Worth Spreading?" Steve McKee, President of McKee Wallwork Cleveland and author of When Growth Stalls, calls it "SPARK". Some brands go from no-name to big-time almost overnight. Some seem to catch fire out of nowhere. Yet while some hot brands are the result of random chance, others are, in fact, strategically sparked. McKee reveals how much in common physical sparks have with metaphorical sparks--in world history and in marketing history. He then outlines the conditions necessary for ideas to catch fire, and offer principles anyone can use to make their own ideas catch fire.
In this presentation we review System Center Advisor and how we can monitor SQL Server 2008 and SQL Server 2008 R2.
Regards,
Eduardo Castro
http://tiny.cc/comwindows
http://ecastrom.blogspot.com
This document is part of Oracle BI Publisher Certification Program from Adiva Consulting Inc. contact
info@adivaconsulting.com for you corporate training needs and reduce your training cost by 75%
BI Publisher 11g : Data Model Design documentadivasoft
This document is part of BI Publisher 11g Training program from Adiva Consulting Inc.
Contact info@adivaconsulting.com any Corporate Training need and save 75% of your training budget.
Cognos Framework Manager is a metadata modeling tool.Cognos Framework Manager provides the metadata model development environment for Cognos 8.A model is a business presentation of the information from one or more data sources. The model provides a business presentation of the metadata.The model is packaged and published for report authors and query users
Live online IT Training with MaxOnlineTraining.com is an easy, effective way to maximize your skills without the travel.
Call us at For any queries, please contact:
+1 940 440 8084 / +91 953 383 7156 TODAY to join our Online IT Training course & find out how Max Online Training.com can help you embark on an exciting and lucrative IT career.
Visit www.maxonlinetraining.com
As a software application's brain, its database is crucial to ensure that it runs smoothly. Database testing is the process of making sure the database is functioning properly. In this article, we highlight some of the things you should know before diving in. Take a look!
NIDM (National Institute Of Digital Marketing) Bangalore Is One Of The Leading & best Digital Marketing Institute In Bangalore, India And We Have Brand Value For The Quality Of Education Which We Provide.
www.nidmindia.com
Want to move your career forward? Looking to build your leadership skills while helping others learn, grow, and improve their skills? Seeking someone who can guide you in achieving these goals?
You can accomplish this through a mentoring partnership. Learn more about the PMISSC Mentoring Program, where you’ll discover the incredible benefits of becoming a mentor or mentee. This program is designed to foster professional growth, enhance skills, and build a strong network within the project management community. Whether you're looking to share your expertise or seeking guidance to advance your career, the PMI Mentoring Program offers valuable opportunities for personal and professional development.
Watch this to learn:
* Overview of the PMISSC Mentoring Program: Mission, vision, and objectives.
* Benefits for Volunteer Mentors: Professional development, networking, personal satisfaction, and recognition.
* Advantages for Mentees: Career advancement, skill development, networking, and confidence building.
* Program Structure and Expectations: Mentor-mentee matching process, program phases, and time commitment.
* Success Stories and Testimonials: Inspiring examples from past participants.
* How to Get Involved: Steps to participate and resources available for support throughout the program.
Learn how you can make a difference in the project management community and take the next step in your professional journey.
About Hector Del Castillo
Hector is VP of Professional Development at the PMI Silver Spring Chapter, and CEO of Bold PM. He's a mid-market growth product executive and changemaker. He works with mid-market product-driven software executives to solve their biggest growth problems. He scales product growth, optimizes ops and builds loyal customers. He has reduced customer churn 33%, and boosted sales 47% for clients. He makes a significant impact by building and launching world-changing AI-powered products. If you're looking for an engaging and inspiring speaker to spark creativity and innovation within your organization, set up an appointment to discuss your specific needs and identify a suitable topic to inspire your audience at your next corporate conference, symposium, executive summit, or planning retreat.
About PMI Silver Spring Chapter
We are a branch of the Project Management Institute. We offer a platform for project management professionals in Silver Spring, MD, and the DC/Baltimore metro area. Monthly meetings facilitate networking, knowledge sharing, and professional development. For event details, visit pmissc.org.
Exploring Career Paths in Cybersecurity for Technical CommunicatorsBen Woelk, CISSP, CPTC
Brief overview of career options in cybersecurity for technical communicators. Includes discussion of my career path, certification options, NICE and NIST resources.
1. Database Audit Policies
Author: Sai Ranga
Creation Date: August 20, 2015
Last Updated: August 20, 2015
Document Ref:
Version: 1
Approvals:
Copy Number _____
2. Database Audit Policies
Document Control
Change Record
1
9
Date Author Versio
n
Change Reference
20-Aug-
15
Sairanga 1 Database Audit Policies
Reviewers
Name Position
SAI SeniorOracle andsqlserverconsultant
+918978750005
+971-527172182
Distribution
Copy
No.
Name Location
1 Library Master Project Library
2 Project Manager
3
4
Note to Holders:
If you receive an electronic copy of this document and print it out, please write your
name on the equivalent of the cover page, for document control purposes.
If you receive ahard copy of thisdocument,please write your name on the front cover,
for document control purposes.
3. Database Audit Policies
Contents
Database Audit Policies
Document Control..................................................................................... 2
1. About Audit Policies..........................................................................................4
2. General Steps for Creating Audit Policies for Oracle Databases.................................4
3. Retrieving and Modifying Audit Settings from an Oracle Database ............................4
4. Specifying Which Audit Settings Are Needed .........................................................6
5. About Creating Audit Policy Settings ...................................................................7
6. Provisioning Audit Policies to an Oracle Database ................................................ 17
Open and Closed Issues for This Deliverable .................................................19
Open Issues ................................................................................................. 19
Closed Issues................................................................................................ 19
4. Database Audit Policies
1. About Audit Policies
Usingthe AuditVault Serverconsole,youcanretrieve auditpoliciesfromOracle database secured
targets.You can thenmodifythe policiesorcreate new ones,andthenprovisionthemtothe Oracle
databases.Youcan retrieve andmodifythe followingtypesof Oracle Database auditpolicies.
SQL statements
Schemaobjects
Privileges
Fine-grainedauditing
Capture rules(forredologfile activities)
2. General Steps for Creating Audit Policies for Oracle Databases
In general, tocreate auditpoliciesforOracle databases,youperformthe following
Retrieve the currentauditpolicysettingsfromthe securedtargetOracle database,andspecifywhichof
the current settingsare needed.
1. If necessary,definemore auditpolicysettingstoaddto the neededsettings.
2. Provisionthe auditpolicytothe securedtargetdatabase.The policysettingsyouspecifiedas
needed,andthe newonesyoucreated,thenbecome the policiesinuse inthe database
3. Retrieving and Modifying Audit Settings from an Oracle Database
To retrieve auditsettingsfromanOracle Database securedtarget:
1. Log in tothe AuditVaultServerconsole asanauditor.
2. Clickthe Policytab.
By default,the Audit Settingspage appears.A summaryof auditsettingsatthispointintime is
displayedforthatsecuredtarget.Foreach securedtarget,thispage liststhe statusof the audit
policies.See"Understandingthe Columnsonthe AuditSettingsPage"below
3. From the Target Name column,selectthe checkboxesforthe securedtargetdatabasesyou
want.
You can onlysee the Oracle database securedtargetstowhichyouhave access.
Note:Audittrailsand auditpolicymanagementare notsupportedforOracle Database 9i.
4. Clickthe Retrieve AuditSettingsbutton.
5. Database Audit Policies
To check the statusof the retrieval,clickthe Settingstab,thenunderthe Systemmenu,
clickJobs. Whenthe auditsettingsretrievaliscomplete,the AuditSettingspage isrefreshed
withnewdata.
3.1 Understanding the Columns on the Audit Settings Page
Each time youretrieve the auditsettingsfromasecuredtargetOracle database,yousee the state of the
database auditsettingsatthat pointintime.The AuditSettingspage inthe AuditVaultServer (in
the Policy tab) showsan overview of the auditsettingsinuse atsecuredtargetOracle Databases,and
showsanydifferencesbetweenthose andthe settingsyouhave setasneededinyourOracle AVDFaudit
policiesforthose databases.Youcanthenspecifywhichof the currentsettingsare needed.
Table below describesthe columnsshowninthe AuditSettingsPage.
Table FieldsUnder ApplyAuditSettings inthe AuditSettingsPage
Column Description
Target
Name
Name of the securedtarget
In Use Numberof auditsettingsinuse inthe securedtarget
Needed Numberof auditsettingsyou(the auditor) specifiedasneeded
Problem The difference betweenthe auditsettingsinuse atthe database and the numberspecifiedas
neededinyournyour Oracle AVDF auditpolicyforthisdatabase.
If this numberisgreaterthanzero,new auditsettingsmayhave beencreatedatthe database since
youlast provisionedthe auditpolicyfromOracle AVDF.Youmayalsohave selectedmore audit
settingsasneededornot neededsince youlastprovisionedthe auditpolicy.
To resolve the problem, youcanspecifywhethernew auditsettingsare neededand/orprovisionthe
policyagain.Thisbringsthe numberinthe Problemcolumnbackto zero.
Last
Retrieved
The time that the auditinformationforthe selecteddatabasewaslastretrieved
As
Provisioned
The time that the auditsettingswere lastprovisionedtothe database fromOracle AVDF
6. Database Audit Policies
4. Specifying Which Audit Settings Are Needed
Afteryouretrieve the auditsettingsfrom the securedtargetOracle database,youcanview andmodify
themas needed.Rememberthatyouare modifyingauditsettingsinuse atthe time youretrievedthem.
If you thinktheymayhave changed,youshouldretrieve themagain.See above "RetrievingAudit
SettingsfromanOracle Database" above.
1. In the AuditSettingspage,clickthe name of the securedtargetdatabase youwant.
The AuditSettingsOverview page forthissecuredtargetappears,showingthe auditsettingsin
use and markedas neededfor these audittypes:
Statement
Object
Privilege
FGA
Capture Rule
2. To update settingsforanyaudittype,clickitslink,forexample, Statement.
The AuditSettingspage forthat audittype appears,listingthe currentauditsettings.The second
columndisplaysaproblemiconif there isa difference betweenthe settingatthe securedtarget
database,andthe settinginOracle AVDF.
7. Database Audit Policies
3. Selectthe checkboxesforeachauditsettingyoudetermineisneeded,thenclick SetasNeeded.
4. To remove auditsettings,selectthe checkboxesforthe onesyouwanttoremove,thenclick Set
as Not Needed.
5. To create newauditsettingsforthisaudittype (forexample,Statement),click Create
5. About Creating Audit Policy Settings
Once you have retrievedauditpolicysettings fromthe securedtargetOracle database,andselected
whichof the settingsinuse are needed,youcanalsocreate new policysettingsforthe Oracle database.
CreatingAuditPoliciesforSQLStatements
CreatingAuditPoliciesforSchemaObjects
CreatingAuditPoliciesforPrivileges
CreatingAuditPoliciesforFine-GrainedAuditing(FGA)
CreatingCapture RulesforRedoLog File Auditing
5.1 About SQL Statement Auditing
Statementauditing auditsSQL statements bytype of statement,notbythe specificschemaobjectson
whichthe statementoperates.Statementauditingcanbe broad or focused(forexample,byauditing
the activitiesof all database usersoronlya selectlistof users).Typicallybroadstatementauditingaudits
the use of several typesof relatedactionsforeachoption.These statementsare inthe following
categories:
Data definitionstatements(DDL). For example, AUDITTABLE auditsall CREATE
TABLE and DROP TABLE statements. AUDITTABLEtracks several DDLstatementsregardlessof
the table on whichtheyare issued.Youcan alsosetstatementauditingtoauditselectedusers
or everyuserinthe database.
Data manipulationstatements(DML). For example, AUDITSELECT TABLE auditsall SELECT ...
FROM TABLE or SELECT ... FROM VIEW statements,regardlessof the table orview.
Defining SQL StatementAuditSettings
To define SQLstatementauditsettings:
1. Log in tothe AuditVaultServerconsole asanauditor.
2. If necessary,retrieve andupdate the currentauditsettings.
See above "RetrievingandModifyingAuditSettingsfromanOracle Database" formore
information.
3. Clickthe Policytab, and inthe AuditSettingspage,clickanOracle Database securedtarget.
The target's AuditSettingsOverview page isdisplayed.
4. ClickStatement.
8. Database Audit Policies
The StatementAuditSettingspage appears.
5. Clickthe Create button.
6. In the Create page,define the auditpolicyasfollows:
AuditedBy - Choose the usersto audit:
o Both: Auditsall users,includingproxyusers.
o Proxy: Auditsthe proxyuserforthe database.Whenyouselectthisoption,
the Proxy User fieldappears,inwhichyoumustspecifyatleastone user.To display
a listof proxyusersandtheirsecuredtargetsforselection,clickthe up-arrow icon
on the rightof the field.
o User:Auditsthe userto whichthissettingapplies.If youselectthisoption,youmust
selectauser fromthe Usersdrop-downlist.
StatementExecutionCondition - Choose one of the following:
o Both: Auditsbothsuccessful andfailedstatements
o Success: Auditsthe statementif itissuccessful
o Failure:Auditsthe statementif itfails
DML AuditGranularity - Choose auditgranularityforDML statements:
o Access: Createsanauditrecord eachtime the operationoccurs
9. Database Audit Policies
o Session:Createsanauditrecord the firsttime an operationoccursinthe current
session
DDL statements are alwaysaudited byaccess.
StatementsAudit Type - Selectthe SQL statementstoauditbydouble clickingastatement
type to move itto the box on the right.Youcan use the double arrowstomove all
statementstothe rightor back to the left.
7. ClickSave.
The newauditsettingsare addedto the StatementAuditSettingspage.
5.2 About Schema Object Auditing
Schema objectauditing isthe auditingof specificstatementsonaparticularschemaobject,such
as AUDIT SELECT ON HR.EMPLOYEES. Schemaobjectauditingisveryfocused,auditingonlyaspecific
statementona specificschemaobjectforall usersof the database.
For example,objectauditingcanauditall SELECT andDML statementspermittedbyobject privileges,
such as SELECT or DELETE statementsona giventable.The GRANTand REVOKE statementsthatcontrol
those privilegesare alsoaudited.
Objectauditingletsyouauditthe use of powerful database commandsthatenable userstoview or
delete very sensitive andprivate data.Youcan auditstatementsthatreference tables,views,sequences,
standalone storedproceduresorfunctions,andpackages.
Oracle Database setsschemaobjectauditoptionsforall usersof the database.Youcannot setthese
optionsfora specificlistof users.
Defining Schema ObjectAuditSettings
To define schemaobjectauditsettings:
1. Log in tothe AuditVaultconsole asanauditor.
2. If necessary,retrieve andupdate the currentauditsettings.
See above "RetrievingandModifyingAuditSettingsfromanOracle Database" formore
information.
3. Clickthe Policytab, and inthe AuditSettingspage,clickasecuredtargetOracle database.
The target's AuditSettingsOverview isdisplayed.
4. ClickObjectto displaythe ObjectAuditSettingspage.
5. Clickthe Create button.
10. Database Audit Policies
6. In the ObjectAuditSettingspage,definethe settingsasfollows:
ObjectType - Selectthe type of objectto auditfromthe drop-downlist,such
as TABLE, LOB, RULE, or VIEW.
Object- Selecta specificobjectof the objecttype youselected.
ObjectExecution Condition - Choose one of the following:
o Both: Auditsbothsuccessful andfailedstatements
o Success: Auditsthe statementif itissuccessful
o Failure:Auditsthe statementif itfails
DML AuditGranularity - Choose auditgranularityforDML statements:
o Access: Createsanauditrecord eachtime the operationoccurs
o Session:Createsanauditrecord the firsttime an operationoccursinthe current
session
DDL statementsare alwaysauditedbyaccess.
StatementsAudit Type - Selectthe SQL statementstoauditbydouble clickingastatement
type to move itto the box on the right.Youcan use the double arrowstomove all
statementstothe rightor back to the left.
7. ClickSave.
The newobjectauditsettingsare addedtothe ObjectAuditSettingspage.
11. Database Audit Policies
5.3 About Privilege Auditing
Privilege auditingisthe auditingof SQL statementsthatuse a systemprivilege.Youcanauditthe use of
any systemprivilege.Like statementauditing,privilege auditingcanauditthe activitiesof all database
usersor onlya specifiedlistof users.
For example,if youenable AUDITSELECT ANY TABLE, Oracle Database audits
all SELECT tablenamestatementsissuedbyuserswhohave theSELECTANYTABLE privilege.Thistype of
auditingisveryimportantforthe Sarbanes-Oxley(SOX) Actcompliancerequirements.Sarbanes-Oxley
and othercompliance regulationsrequire the privilegeduserbe auditedforinappropriatedatachanges
or fraudulentchangestorecords.
Privilegeauditingauditsthe use of powerful systemprivilegesenablingcorrespondingactions,such
as AUDIT CREATE TABLE. If you setbothsimilarstatementandprivilegeauditoptions,thenonlyasingle
auditrecord isgenerated.Forexample,if the statementclause TABLEand the systemprivilegeCREATE
TABLE are bothaudited,thenonlyasingle auditrecordisgeneratedeachtime atable iscreated.The
statementauditingclause, TABLE,auditsCREATE TABLE, ALTER TABLE, and DROP TABLE statements.
However,the privilegeauditingoption, CREATETABLE, auditsonly CREATE TABLE statements,because
onlythe CREATE TABLE statementrequiresthe CREATE TABLE privilege.
Privilegeauditingdoesnotoccurif the action isalreadypermittedbythe existingownerandschema
objectprivileges.Privilege auditingistriggeredonlyif theseprivilegesare insufficient,thatis,onlyif
whatmakesthe action possible isasystemprivilege.
Privilegeauditingismore focusedthanstatementauditingforthe followingreasons:
It auditsonlya specifictype of SQLstatement,nota relatedlistof statements.
It auditsonlythe use of the targetprivilege.
Defining Privilege Audit Settings
To define create privilege auditsettings:
1. Log in tothe AuditVaultServerconsole asanauditor.
2. If necessary,retrieve andupdate the currentauditsettings.
See above "RetrievingandModifyingAuditSettingsfromanOracle Database" formore
information.
3. Clickthe Policytab, and inthe AuditSettingspage,clickasecuredtargetOracle database.
The target's Audit SettingsOverview isdisplayed.
4. ClickPrivilege todisplaythe Privilege AuditSettingspage.
5. Clickthe Create button,and inthe Create Privilege Auditpage,definethe privilege auditpolicy
as follows:
AuditedBy - Choose the usersto audit:
12. Database Audit Policies
o Both: Auditsall users,includingproxyusers.
o Proxy: Auditsthe proxyuserforthe database.Whenyouselectthisoption,
the Proxy User fieldappears,inwhichyoumustspecifyatleastone user.To display
a listof proxyusersandtheirsecuredtargetsforselection,clickup-arrow iconon
the right of the field.
o User:Auditsthe userto whichthissettingapplies.Whenyouselectthisoption,
the Usersfieldappears,andyoumustspecifyauserfrom the drop-downlist.
StatementExecutionCondition - Choose one of the following:
o Both: Auditsbothsuccessful andfailedstatements
o Success: Auditsthe statementif itissuccessful
o Failure:Auditsthe statementif itfails
DML AuditGranularity - Choose auditgranularityforDML statements:
o Access: Createsanauditrecord eachtime the operationoccurs
o Session:Createsanauditrecord the firsttime an operationoccursinthe current
session
DDL statementsare alwaysauditedbyaccess.
StatementsAudit Type - Selectthe privilegestoauditbydouble clickingastatementtype
to move itto the box onthe right.
You can use the double arrowsto move all statementstothe rightor back to the left.
6. ClickSave.
The newprivilege auditsettingsare addedtothose listedinthe PrivilegeAuditSettingspage.
5.4 About Fine-Grained Auditing
Fine-grainedauditing(FGA) enablesyouto create a policythatdefinesspecificconditionsthatmust
existforthe auditto occur. For example,fine-grainedauditingletsyouauditthe followingtypesof
activities:
Accessingatable between9p.m.and 6 a.m. or on Saturdayand Sunday
Usingan IPaddressfromoutside the corporate network
Selectingorupdatingatable column
Modifyingavalue ina table column
A fine-grainedauditpolicyprovidesgranularauditingof select,insert,update,anddelete operations.
Furthermore,youreduce the amountof auditinformationgeneratedbyrestrictingauditingtoonlythe
conditionsthatyouwantto audit.Thiscreatesa more meaningfulaudittrail thatsupportscompliance
requirements.Forexample,acentral tax authoritycanuse fine-grainedauditingtotrackaccess to tax
returnsto guard againstemployee snooping,withenoughdetail todetermine whatdatawasaccessed.
It isnot enoughtoknowthat a specificuserusedthe SELECTprivilege onaparticulartable.Fine-grained
auditingprovidesadeeperaudit,suchaswhenthe userqueriedthe table orthe computerIPaddressof
the userwho performedthe action.
13. Database Audit Policies
AuditingSpecificColumnsandRows
Whenyoudefine the fine-grainedauditpolicy, youcantargetone or more specificcolumns,called
a relevantcolumn,to be auditedif aconditionismet.Thisfeature enablesyoutofocuson particularly
important,sensitive,orprivacy-relateddatatoaudit,suchas the data in columnsthatholdcreditcard
numbers,patientdiagnoses,Social Securitynumbers,andsoon.A relevant-columnaudithelpsreduce
the instancesof false orunnecessaryauditrecords,because the auditistriggeredonlywhenaparticular
columnisreferencedinthe query.
You furthercan fine-tunethe audittospecificcolumnsandrowsbyaddinga conditiontothe audit
policy.Forexample,suppose youenterthe followingfieldsinthe Create Fine GrainedAuditpage:
Condition:department_id= 50
Columns:salary, commission_pct
Thissettingauditsanyone whotriestoselectdatafromthe salary and commission_pctcolumnsof
employeesinDepartment50.
If you do notspecifyarelevantcolumn,thenOracle Database appliesthe audittoall the columnsinthe
table;thatis, auditingoccurswheneveranyspecifiedstatementtype affectsanycolumn,whetheror
not anyrows are returned.
UsingEvent Handlers inFine-GrainedAuditing
In a fine-grainedauditpolicy,youcan specifyaneventhandlertoprocessan auditevent.The event
handlerprovidesflexibilityindetermininghow tohandle atriggeringauditevent.Forexample,itcould
write the auditeventtoa special audittable forfurtheranalysis,oritcouldsenda pageror an email
alertto a securityadministrator.Thisfeature enablesyoutofine-tune auditresponsestoappropriate
levelsof escalation.
For additional flexibilityinimplementation,youcanemployauser-definedfunctiontodetermine the
policycondition,andidentifyarelevantcolumnforauditing(auditcolumn).Forexample,the function
couldallowunauditedaccesstoanysalaryas longas the userisaccessingdata withinthe company,but
specifyauditedaccesstoexecutive-level salarieswhentheyare accessedfromoutside the company.
Defining Fine-Grained AuditSettings
To define fine-grainedauditsettings:
1. Log in tothe AuditVaultServerconsole asanauditor.
2. If necessary,retrieve andupdate the currentauditsettings.
See above "RetrievingandModifyingAuditSettingsfromanOracle Database" formore
information.
3. Clickthe Policytab, and inthe AuditSettingspage,clickasecuredtargetOracle database.
14. Database Audit Policies
The database'sAuditSettingsOverview isdisplayed.
4. ClickFGAto displaythe Fine GrainedAuditSettingspage.
5. Clickthe Create button.
6. Define the auditpolicyasfollows:
PolicyName - Entera name forthisfine-grainedauditpolicy.
Audit Trail - Selectfromone of the followingaudittrail types:
o Database: Writesthe policyrecordstothe database audit
trail SYS.FGA_LOG$systemtable.
o Database withSQL Text: Performsthe same functionasthe Database option,but
alsopopulatesthe SQLbindand SQL textCLOB-type columnsof
the SYS.FGA_LOG$table.
o XML: Writesthe policyrecordstoan operatingsystemXMLfile.Tofindthe location
of thisfile, adatabase administratorcanrunthe followingcommandinSQL*Plus:
15. Database Audit Policies
SQL> SHOW PARAMETER AUDIT_FILE_DEST
o XML with SQL Text: Performsthe same functionasthe XML option,butalso
includesall columnsof the audittrail,includingSQLTEXTandSQLBIND values.
o
WARNING:
Be aware that sensitivedata,suchas creditcard numbers,appearinthe audittrail if you
collectSQL text.
SecuredTarget Schema- Selecta schemato audit.
SecuredTarget Object- Selectanobjectto audit.
Statements- Selectone ormore SQL statementstoauditbydouble clickingeach
statementtomove itto the box on the right. Youcan
select:DELETE, INSERT, MERGE, SELECT, or UPDATE.
Columns- (Optional) Enterthe namesof the database columns(relevantcolumns)to
audit.Separate eachcolumnname witha comma.If youentermore than one column,
selectAll or Any as the conditionthattriggersthispolicy.
Conditions- (Optional) EnteraBooleanconditiontofilterrow data.For
example, department_id=50 .
If this fieldisblankornull, auditingoccursregardlessof condition.
Handler Schema - (Requiredif youspecifyaneventhandlerfunction) Enterthe name of
the schemaaccount inwhichthe eventhandlerwascreated.Forexample: SEC_MGR
Handler Package - (Requiredif youspecifyaneventhandlerfunction) Enterthe name of
the package in whichthe eventhandlerwascreated.Forexample: OE_FGA_POLICIES
Handler Function- (Optional) Enterthe name of the eventhandler.For
example:CHECK_OE_VIOLATIONS
7. ClickSave.
The fine-grainedauditpolicyiscreated.
5.5 About Capture Rules Redo Log File Auditing
You can create a capture rule to track before andaftervalue changesinthe database redologfiles.The
capture rule specifiesDMLandDDL changesthat shouldbe checkedwhenOracle Database scansthe
database redolog.You can applythe capture rule to an individual table,aschema,orgloballytothe
entire database.Unlike statement,object,privilege,andfine-grainedauditpolicies,youdonotretrieve
and activate capture rule settingsfromasecuredtarget,because youcannotcreate themthere.You
onlycan create the capture rule inthe AuditVaultServerconsole.
Note:
In the securedtargetdatabase,ensure thatthe table thatyou planto use forthe redologfile auditis
not listedin theDBA_STREAMS_UNSUPPORTEDdata dictionaryview.
16. Database Audit Policies
Defining a CaptureRule forRedo Log File Auditing
To define acapture rule:
1. Log in tothe console asan auditor.
2. If necessary,retrieve andupdate the currentstatementauditpolicies.
See above "RetrievingandModifyingAuditSettingsfromanOracle Database" for more
information.
3. Clickthe Policytab, and inthe AuditSettingspage,clickasecuredtargetOracle database.
The target's AuditSettingsOverview isdisplayed.
4. ClickCapture Rule to displaythe Capture Rule Settingspage.
5. Clickthe Create button.
Define the capture rule asfollows:
Rule Type - Selectone of the following:
o Table: Captureseitherrow changesresultingfromDML changesor DDL changestoa
particulartable.
o Schema: Captureseitherrow changesresultingfromDML changesor DDL changes
to the database objectsina particularschema.
o Global:Captureseitherall row changesresultingfromDMLchangesor all DDL
changesinthe database.
StatementType - SelectDDL, DML, or Both.
SecuredTarget Schema- If youselectedTable orSchemaasthe Rule Type,selectthe
name of the schemato whichthe capture rule appliesfromthe drop-downlist.
SecuredTarget Table - If youselectedTable asthe Rule Type,selectthe name of the table
to whichthe capture rule appliesfromthe drop-downlist.
6. ClickSave.
The capture rule iscreatedand addedtothe listinthe Capture Rule Settingspage.
17. Database Audit Policies
6. Provisioning Audit Policies to an Oracle Database
6.1 Exporting Audit Settings to a SQL Script
You can exportauditpolicysettingsforasecuredtargetto a SQL script fromOracle AVDF.Thenyoucan
give the scriptto a database administratorforthe securedtargetOracle Database to use to update the
auditsettingsonthat database.
To exportthe auditsettingstoa SQL script fora securedtargetdatabase:
1. Log in tothe AuditVaultconsole asanauditor,andclick the Policytab.
The AuditSettingspage isdisplayed,showingthe Oracle database securedtargetstowhichyou
have access.
2. Clickthe name of a securedtargetdatabase.
The AuditSettingsOverview forthatdatabase appears.
3. Selectfromthe audittypesyouwantto export: Statement,Object,Privilege,FGA,orCapture
Rule.
4. ClickExport/Provision.
The Export/ProvisionAuditSettingspage appears,displayingthe exportable auditcommands.
5. ClickExport, andthenclick OK to confirm.
6. Save the SQL file toa locationonyoursystem.
7. Give the savedscriptto the database administratorforthat securedtarget.The database
administratorcanthenapplythe policiestothe securedtarget.Toverifythatthe settingshave
beenupdated
6.2 Provisioning the Audit Settings from the Audit Vault Server
You can provisionthe auditpolicysettingsdirectlyfromthe AuditVaultServertothe securedtarget
Oracle database.Thisupdatesthe auditsettingsinthe securedtargetwithoutthe interventionof a
database administrator.However,adatabase administratorcanmodifyordelete these auditsettings,as
well asadd newones.Forthisreason,youshouldperiodicallyretrieve the settingstoensure thatyou
have the latestauditsettings.See above "RetrievingAuditSettingsfromanOracle Database".
To provisionthe auditsettingstothe securedtarget:
1. Log in tothe AuditVaultServerconsole asanauditor,and clickthe Policy tab.
The AuditSettingspage isdisplayed,showingthe Oracle database securedtargetstowhichyou
have access.
2. Clickthe name of a securedtargetdatabase.
18. Database Audit Policies
The AuditSettingsOverview forthatdatabase appears.
3. Selectfromthe audit typesyouwantto provision: Statement,Object, Privilege,FGA,orCapture
Rule.
4. ClickExport/Provision.
The Export/ProvisionAuditSettingspage appears,displayingthe exportable auditcommands,
and allowingyoutoverifythembefore provisioning.
5. In the Username field,enterthe username of a userwhohas beengranted
the EXECUTE privilege forthe AUDITSQL statement,theNOAUDITSQLstatement,and
the DBMS_FGA PL/SQL package.
If the securedtargetdatabase isprotectedwithOracle Database Vault,ensure thatthe userhas
beengrantedthe AUDIT SYSTEM and AUDIT ANY privileges.If there isanauditcommandrule in
place,ensure the commandisenabledandthe userwhose name youenterisable toexecute
the command.
6. In the Password field,enterthe password of thisuser.
7. ClickProvision,andthenclick OK toconfirm.
19. Database Audit Policies
Open and Closed Issues for This Deliverable
Open Issues
ID Issue Resolution Responsibility Target Date Impact
Date
Closed Issues
ID Issue Resolution Responsibility Target Date Impact
Date