Skip Headers
Oracle® Database Vault Administrator's Guide
12c Release 1 (12.1)

E17608-17
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

23 Monitoring Oracle Database Vault

This chapter contains:

Monitoring Security Violation Attempts

You can check for security violations, such as realm or command rule violations. This feature displays data such as the user name of the person committing the violation, the action they committed, and a time stamp of the activity.

Before you can view these events, if you have not migrated your database to unified auditing, then you must ensure that the AUDIT_TRAIL initialization parameter is set to DB or DB, EXTENDED. If you have migrated your database to use unified auditing, you do not need to configure any additional settings. You are ready to check for security violations.

To check for security violations:

  1. From Cloud Control, log into Oracle Database Vault Administrator as a user who has been granted the DV_OWNER, DV_ADMIN, DV_MONITOR, or DV_SECANALYST role.

    "Logging into Oracle Database Vault" explains how to log in.

  2. In the Home page, under Reports, select Attempted Violations.

  3. In the Attempted Violations Report page, set the period of time and other filter settings to define the data that you want to capture, and then click Go.

    The report appears, similar to the following page:

    Description of security_violation_attempts.gif follows
    Description of the illustration security_violation_attempts.gif

  4. To exit, click OK.

Monitoring Security Policy Changes

This section contains:

About Monitoring Security Policy Changes

You can check the number of policy changes for the categories in the following list. These categories reflect changes to the database security policy (that is, its configuration) in any given environment. If something changes that is security related, you can use the chart and tables to drill down to find unexpected changes that should be investigated.

Before you can view these events, if you have not migrated your database to unified auditing, then you must ensure that the AUDIT_TRAIL initialization parameter is set to DB or DB, EXTENDED. If you have migrated your database to use unified auditing, you do not need to configure any additional settings. You are ready to check for changes to Database Vault policies.

  • Database Vault policy: Shows changes made through the Oracle Database Vault administrative packages or user interface, indicating Oracle Database Vault configuration or policy changes.

  • Label Security policy: Shows changes made through the Oracle Database Vault administrative packages or user interface, indicating Oracle Label Security policy or privilege changes.

  • Audit Policy: Shows changes to the database audit policy coming from AUDIT or NOAUDIT statements.

  • Privilege Grants: Shows changes to system or object privilege GRANT statements.

  • Privilege Revokes: Shows changes to system or object privilege REVOKE statements.

  • Database Account: Shows changes to CREATE USER, ALTER USER, or DROP USER statements.

  • Database Role: Shows changes to CREATE ROLE, ALTER ROLE, or DROP ROLE statements.

Procedure for Monitoring Security Policy Changes by Category

To monitor security policy changes by category:

  1. From Cloud Control, log into Oracle Database Vault Administrator as a user who has been granted the DV_OWNER, DV_ADMIN, DV_MONITOR, or DV_SECANALYST role.

    "Logging into Oracle Database Vault" explains how to log on.

  2. In the Home page, under Reports, select Database Vault Policy Changes.

  3. In the Attempted Violations Report page, set the period of time and other filter settings to define the data that you want to capture, and then click Go.

    The report appears, similar to the following page:

    Description of sec_policy_changes_detail.gif follows
    Description of the illustration sec_policy_changes_detail.gif

  4. To exit, click OK.