• Latest Updates

    Post Top Ad

    20 January, 2025

    Home Autonomous Database Oracle Cloud Oracle Cloud Infrastructure Data Safe: Audit database activity

    Oracle Cloud Infrastructure Data Safe: Audit database activity

     Introduction

    Collect and store database audit data from all your target databases centrally in Data Safe and identify anomalous behavior with pre-defined audit policies, alerts and reports.

    When you register your target databases with Oracle Data Safe, it automatically creates the necessary audit resources (like audit profiles, audit policies, and audit trails).

    In this lab, you'll use the auditing wizard to set up alert and audit policies on your target database. You'll start collecting audit data in Oracle Data Safe and set how long you want to keep this data. After that, you'll perform some activities on your target database and check the alerts and audit events that Oracle Data Safe generates.

     


    Configure auditing and alerts for your target database

     

    1.   Return to the browser tab for Oracle Data Safe browser. In the breadcrumb at the top of the page, click Data Safe.

    2.     Under Data Safe, click Activity auditing.

    3.     Click Configure auditing and alerts to start the Activity Auditing wizard.

    4.    For Alert policy, do the following to enable alert policies, and then click Next.


    a) If needed, click Change Compartment and select your compartment.


    b) Select your target database. The list of available alert policies is displayed.



     c) Select the Failed logins by admin user and User creation/modification alert policies to enable them. Additionally, choose the appropriate policies


    Click on Next


    For Audit policy, select the following audit policies to enable them, and then click Next.

    a) Select Exclude Data Safe user activity.


    b) Under Basic auditing, select Critical database activity and Database schema changes.

    c) Under Admin activity auditing, select Admin user activity.

    d) Under Custom policies, select APP_USER_NOT_APP_SERVER.



    Click Next

     

    For Audit trails, do the following to start collecting audit data, and then click Next.

    a) Select UNIFIED_AUDIT_TRAIL: NOT_STARTED.

    b) For the start date, select the beginning of your current month.




    For Audit profile, configure the following, and then click Next.

    • Audit data online retention months = 12
    • Audit data offline retention months = 0
    • Paid usage = not selected


    For Review and submit, review the configuration, and click Submit if everything is correct.






    Click Submit



    When Activity Auditing Not Enabled



    When Activity Auditing is Enabled




    Perform activities on your target database to generate audit data

    1.      Login to ATP database with wrong credentials

    2.      Drop user, create users and grants some roles to new users

     

    Review alerts in Oracle Data Safe

    1.      Under Security center on the left, click Alerts.

    2.     Under Filters on the left, select your target database.

    3.     Review the alerts dashboard.

    1.     The Alerts summary chart compares the number of critical, high, and medium alerts.



    2.     The Open alerts chart shows that there are open alerts on the current day.

    3.     The Top 10 alert policies by volume chart shows you the number of alerts for the alert policies you just configured.




    4.     The Alerts summary tab shows the number of critical, high, and medium alerts along with target database counts. It also shows you the total number of alerts and target databases.


    5.     The Targets summary tab shows the number of open, critical, high, and medium alerts.








    Review audit events in Oracle Data Safe

    1.      On the left under Security center, click Activity auditing.

    2.      From the Target databases drop-down list on the left, select your target database.

    3.      On the Events summary tab, click one of the event categories, for example, Login failures by admin to view more detail.


    Tags
    Share This
    Author Image

    About Piyush Prakash

    By at
    Tags: ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    Post Top Ad

    Your Ad Spot

    About Me

    With over 12+ years of dedicated experience, I've had the privilege of wearing multiple hats in the realm of Oracle technologies. Here's a glimpse into my professional journey: Oracle EBS DBA: E-Businees Suite (11i, 12.1.0.2, 12.2) Database (11g, 12c, 19c) My journey began with Oracle E-Business Suite (EBS) Database Administration. Over the years, I've fine-tuned my skills in managing and optimizing EBS databases. From performance tuning to seamless upgrades, cloning, patching, refresh my focus has always been on ensuring the reliability and efficiency of mission-critical EBS systems. Cloud Architect: ( OCI, AWS, GCP) As a Cloud Architect, I've embraced the transformative power of cloud technologies. I specialize in crafting cloud architectures that empower organizations to embark on their digital journeys. Whether it's Oracle Cloud, AWS, or other cloud ecosystems, I've architected solutions that scale, enhance agility, and drive innovation. Oracle PaaS Infrastructure Specialist: Oracle's Platform as a Service (PaaS) has revolutionized the way organizations operate. My expertise lies in designing and implementing robust PaaS infrastructures that leverage cloud-native services. I've guided organizations through the deployment of cutting-edge solutions that optimize workflows and unlock the full potential of the cloud.

    Send Quick Message

    Name

    Email *

    Message *