Index

A  B  C  D  E  F  G  H  I  J  L  M  N  O  P  Q  R  S  T  U  W  X 

A

access
controlling by secured target, 3.1.3.3
controlling by user, 3.1.3.2
ACFS
See Oracle ACFS
action level, defined for firewall policies, 4.3.1
Actions button, 1.11.3
Active Directory
audit event reference, M.1
Activity Overview Report, 6.8.2.2
activity reports, A.2
administrative features, of Oracle AVDF, 1.2.4
agents
See Audit Vault Agent
alert conditions
about, 8.2.3.1
available fields for, 8.2.3.2
alert reports, schema for creating, A.4
ALERT_EVENT_MAP table, A.4
ALERT_NOTE table, A.4
ALERT_STORE table, A.4
alerts
about, 8.1
Alerts Page, 8.2.2
conditions
available fields, 8.2.3.2
defining, 8.2.3.1
example of, 8.2.3.2
creating, 8.2.2
creating alert status values, 8.2.1
Database Firewall preconfigured alert, 8.2.2
disabling, 8.2.6
forwarding to syslog, 8.2.4
monitoring, 8.2.5, 8.2.5
reports, 6.8.3
responding to, 8.3
syslog
message format, AVDF, 8.2.4
syslog, forwarding to, 8.2.4
Analyzed SQL
about, 4.3.4.1
defined for firewall policies, 4.2.4
defining firewall policy rules for, 4.3.4.2
annotating reports, 6.6
architecture, Oracle AVDF components, 1.3.1
archiving policies
setting for secured target, 2.2.7
attestations, setting in reports, 6.5.2
attesting to reports, 6.6
audit events
See events
audit policies
See policies
audit records, fields in AVDF, B
audit settings
creating additional, 5.3
recommended for Oracle source database, 1.7.2.1.2
retrieving from Oracle Database, 5.2, 5.2.2
specifying as needed, 5.2.3
Audit Settings page, 5.2.1
Audit Trail Collection menu, 2.2.1.2, 3.3.2
audit trails, viewing status of, 3.3.2
Audit Vault Agent
about, 1.3.4
audit data collection when agent is stopped, 1.3.4
Audit Vault and Database Firewall (AVDF)
about, 1.2.1
administrative features, 1.2.4
auditing features, 1.2.3
auditor’s role, 1.4
components, 1.3
documentation, downloading latest, 1.1
how components work together, 1.3.1, 1.3.1
IBM DB2 database requirements, 1.7.2.2
Oracle Database requirements, 1.7.2.1.1
SQL Server database requirements, 1.7.2.2
Sybase Adaptive Server Enterprise database requirements, 1.7.2.2
Audit Vault Server
about, 1.3.2
logging in to UI, 1.11.1
monitoring alerts from, 8.2
AUDIT_TRAIL table, A.2
auditing
enabling in source database, 1.7.2
fine-grained auditing, 5.3.5.1
privileges, 5.3.4.1
redo log files, 5.3.6.1
schema objects, 5.3.3
SQL statements, 5.3.2
auditing features, of Oracle AVDF, 1.2.3
auditors
role in Oracle AVDF described, 1.4
types of, 1.4
automated attacks, using login/logout policies, 4.3.8.1
AVSYS schema structure, A.1
AVSYS.ALERT_EVENT_MAP table, A.4
AVSYS.ALERT_NOTE table, A.4
AVSYS.ALERT_STORE table, A.4
AVSYS.AUDIT_TRAIL table, A.2
AVSYS.EVENT_LOG table, A.3
AVSYS.SECURED_TARGET table, A.2
AVSYS.SECURED_TARGET_TYPE table, A.2
AVSYS.UE_DBA_APPLICATION_ROLES table, A.5
AVSYS.UE_DBA_COL_PRIVS table, A.5
AVSYS.UE_DBA_PROFILES table, A.5
AVSYS.UE_DBA_ROLE_PRIVS table, A.5
AVSYS.UE_DBA_ROLES table, A.5
AVSYS.UE_DBA_SYS_PRIVS table, A.5
AVSYS.UE_DBA_TAB_PRIVS table, A.5
AVSYS.UE_DBA_USERS table, A.5
AVSYS.UE_ROLE_SYS_PRIVS table, A.5, A.5
AVSYS.UE_SYS_DBA_OPER_USERS table, A.5

B

before and after values, creating capture rules for, 5.3.6.1
blocking
in Default Rule, 4.3.6.2
SQL statements, guidelines, 4.3.7
substitute statement with, guidelines, 4.3.7
See Also Database Policy Enforcement

C

Capture Rule Settings page, 5.3.6.3
capture rules, for redo log file auditing, 5.3.6.1
charting data in reports, 6.4.2.4.3
collection agents
See Audit Vault Agent
collectors
See audit trails
columns, hiding or showing in reports, 6.4.2.3
compliance reports, 6.9.1
components, Oracle AVDF, diagram, 1.3.1
Condition Available Fields, 8.2.3.2
conditions
defining for alerts, 8.2.3.1
example of alert condition, 8.2.3.2
console
filtering and sorting lists in, 1.11.3
reset view of, 1.11.3
Critical Alerts Report, 6.8.3
CSV format, downloading report as, 6.3

D

DAM
See Database Activity Monitoring
data
fields in AVDF audit records, B
masking sensitive data, 4.3.8.2
data masking, 4.3.8.2
data warehouse schema, A.1
Database Activity Monitoring
DAM mode, defined, 1.3.3
defined, 1.3.3
Database Activity Monitoring (DAM)
about, 1.6.1
strategy for using, 1.6.1
Database Firewall
about, 1.3.3
policies
Analyzed SQL, 4.3.4.1
assigning to secured target, 4.5.3
copying, 4.2.2
creating, 4.2.1
Default Rule, about, 4.3.6.1
Default Rule, defining, 4.3.6.3
defining rules for Analyzed SQL, 4.3.4.2
Deployed column on Firewall Policy page, 4.5.3
editing, 4.2.3
exceptions, order of applying, 4.3.3.3
global settings, 4.3.8.4
invalid SQL policies, 4.3.8.3
Novelty Policy, creating, 4.3.5.2
profiles, about, 4.4.1
profiles, creating, 4.4.2
publishing in Audit Vault Server, 4.5.2
sensitive data masking, 4.3.8.2
policy editor
about, 4.1.1
traffic encryption with Oracle network encryption, 4.3.4.3
Database Firewall Alert
preconfigured, 8.2.2
Database Policy Enforcement (DPE)
about, 1.6.1
IPv6, traffic blocked, 4.3.1
setting blocking, 1.6.1
Database Policy Enforcement, DPE mode defined, 1.3.3
Database Roles by Source Report, 7.4.5
Database Roles Report, 7.4.5
databases
Database Roles Report, 7.4.5
requirements for auditing, 1.7.2
DB Client Sets, in firewall policies, 4.3.2, 4.4.1, 4.4.2
DB User Sets, in firewall policies, 4.3.2, 4.4.1, 4.4.2
DB2
See IBM DB2
Default Rule
firewall policies, procedure for defining, 4.3.6.3
in firewall policies, about, 4.3.6.1
in relation to other policies, 4.3.6.2
Default Rule, defined for firewall policies, 4.2.4
default settings in reports, reverting to, 6.4.2.5
deleting user accounts, 3.1.5
Deployed column, Firewall Policy page, 4.5.3
dimension tables, A.1
disabling alerts, 8.2.6
display settings, in reports, 6.4.2.1
distribution lists, creating, 3.2.2
documentation, AVDF, downloading latest, 1.1
DPE
See Database Policy Enforcement

E

email notifications
about, 3.2.1
creating a distribution list, 3.2.2
creating an email template, 3.2.3
encrypted traffic, and firewall policies, 4.3.4.3
Enforcement Points menu, 2.2.2.2, 3.3.1
enforcement points, viewing status of, 3.3.1
entitlement reports
data for creating, A.5
labels, 7.3.3
See reports, entitlement
snapshots, 7.3.3
viewing by snapshots and labels, 7.3.2
entitlement snapshots
about, 7.2.1
viewing snapshot and label audit data, 7.3.1
entitlements
checking retrieval status, 2.2.5
jobs monitoring, 3.4
managing data, general steps for using, 7.1
retrieving data from Oracle Database, 2.2.5
snapshots and labels, about, 7.3.1
event handlers
fine-grained auditing, 5.3.5.1.2
relevant columns, 5.3.5.1.2
event reports, data for creating, A.3
EVENT_LOG table, A.3
events
Active Directory audit events, M.1
IBM DB2 audit events
Linux audit events, K
Microsoft SQL Server audit events, E.1
MySQL audit events, H
Oracle ACFS audit events, L
Oracle Database audit events, C.1
Solaris audit events, I
Sybase ASE audit events, D
Windows audit events, J
exceptions
creating in firewall policies, 4.3.3.1
defining session filters in firewall policies, 4.3.2
order of applying in firewall policies, 4.3.3.3

F

filtering
in firewall policies, 4.3.2
lists in console, 1.11.3
report data, 6.4.2.1, 6.4.2.2.1
Fine-Grained Audit Settings page, 5.3.5.3
fine-grained auditing, 5.3.5.1, 5.3.5.1
audit policy, defining, 5.3.5.2
event handlers, 5.3.5.1.2
relevant columns, 5.3.5.1.1
firewall policies
See policies
formatting, lists in console, 1.11.3

G

generated reports
downloading, 6.5.4
Notify, 6.5.4
Show Pending Reports
Show Pending Reports, 6.5.4
generating built-in reports, 6.2
global settings for firewall policies, 4.3.8.4
group access
controlling by group, 3.1.3.3
controlling by user, 3.1.3.2

H

hiding columns in reports, 6.4.2.3
highlighting data in reports, 6.4.2.4.2
Home page
alert monitoring in, 8.2.5
contents of, 1.11.2
HTML, downloading report as, 6.3

I

IBM DB2
audit event reference
requirements for audit data collection, 1.7.2.2
Interactive Reports, 6.4.1, 6.4.3
IP Address Sets, in firewall policies, 4.3.2, 4.4.1, 4.4.2
IPv6, traffic blocked, 4.3.1

J

jobs, monitoring, 3.4

L

labels
about, 7.2.1
assigning to snapshots, 7.2.3
using to compare entitlement data, 7.3.3
viewing data, 7.3.1
viewing entitlement reports by, 7.3.2
when used in entitlement reports, 7.3.1
Linux Operating System
audit event reference, K
lists, finding objects in console UI, 1.11.3
logging
blocking SQL statements, 1.6.1
level, defined for firewall policies, 4.3.1
logging in, to Audit Vault Server UI, 1.11.1
login policies for database users, 4.3.8.1
logout policies for database users, 4.3.8.1

M

master records, pulling column from report, 6.4.2.4.4
Match All Tables, in Novelty Policy, 4.3.5.3
Match Any Table, in Novelty Policy, 4.3.5.3
metadata for activity reports, A.2
Microsoft SQL Server
audit event reference, E.1
requirements for audit data collection, 1.7.2.2
monitoring alerts, 8.2.5
MySQL
audit event reference, H

N

network encryption, and firewall policies, 4.3.4.3
notifications, setting in reports, 6.5.2
Notify
on generated reports, 6.5.4
Novelty Policy
creating in firewall policies, 4.3.5.2
examples, 4.3.5.4
Match All Tables, 4.3.5.3
Match Any Table, 4.3.5.3
matching statement classes only, order of applying, 4.3.5.3
matching statement examples, 4.3.5.4
order of applying in firewall policies, 4.3.5.3
statement matches multiple, 4.3.5.3
null values, sorting in reports, 6.4.2.4.1

O

Object Privileges by Source Report, 7.4.7
Object Privileges Report, 7.4.7
Object Settings page, 5.3.3.3
objects
See schema object auditing
objects being audited
Object Privileges by Source Report, 7.4.7
Object Privileges Report, 7.4.7
operational modes, defined, 1.6.1
Oracle ACFS
audit event reference, L
Oracle Database
audit event reference, C.1
audit settings
creating additional, 5.3
recommended in the database, 1.7.2.1.2
retrieving in AVDF, 5.2, 5.2.2
checking audit settings in source database, 1.7.2.1.1
requirements for audit data collection, 1.7.2.1.1
unified audit policies, 12c, 5.1
version 9i, and audit policy, 5.2.2
Oracle Database Vault, provisioning audit policy to database that uses, 5.4.2
OS User Sets, in firewall policies, 4.3.2, 4.4.1, 4.4.2
Overview Page, of firewall policy, 4.2.4

P

passwords
changing, 3.1.6
PDF, format for scheduling report, 6.5.2
planning Database Firewall protection level, 1.6.1
platforms supported, 1.2.2
policies
audit
about, 5.1
creating, general steps for, 5.1.1
described, 1.7.1
exporting AVDF audit settings to SQL script, 5.4.1, 5.4.2
fine grained auditing, defining, 5.3.5.2
fine-grained auditing, 5.3.5.1
introduction, 1.7.1
privilege auditing, 5.3.4.1, 5.3.4.2
privileges auditing, 5.3.4
provisioning to Oracle Database, 5.4.1, 5.4.2
redo log files, 5.3.6
redo log files, capture rules for, 5.3.6.1
schema object auditing, 5.3.3.1
schema object auditing, defining, 5.3.3.2
SQL statement auditing, 5.3.2.1
firewall
about policy editor, 4.1.1
action level, defined, 4.3.1
Analyzed SQL, about, 4.3.4.1
Analyzed SQL, defined, 4.2.4
assigning to secured targets, 4.5.3
checking publishing status, 4.5.2
copying, 4.2.2
creating, 4.2.1
Default Rule, about, 4.3.6.1
Default Rule, defined, 4.2.4
defining rules for Analyzed SQL, 4.3.4.2
defining sets, 4.3.2
Deployed column, Firewall Policy page, 4.5.3
described, 1.6
designing policy, 4.3.1
development process, 4.1.2
editing, 4.2.3
exceptions, creating, 4.3.3.1
exceptions, order of applying, 4.3.3.3
filtering data by using profiles, 4.4.1
filtering on session data, 4.3.2
global settings, 4.3.8.4
introduction, 1.6
invalid SQL, 4.3.8.3
logging level, defined, 4.3.1
logins for database users, 4.3.8.1
logouts for database users, 4.3.8.1
masking sensitive data, 4.3.8.2
Match all Tables in Novelty Policy, 4.3.5.3
Match Any Table in Novelty Policy, 4.3.5.3
Novelty Policy, creating, 4.3.5.2
Novelty Policy, examples, 4.3.5.4
Novelty Policy, order applied, 4.3.5.3
Policy Overview page, 4.2.4
preconfigured, 4.1.1
profiles, about, 4.4.1
profiles, creating, 4.4.2
publishing, 4.5.2
threat severity, defined, 4.3.1
IPv6, traffic blocked, 4.3.1
policy controls, in firewall policies, 4.3.2
Policy tab, described, 1.11.2
Privilege Audit Settings page, 5.3.4.3
privilege auditing
statement auditing, compared with, 5.3.4.1
System Privileges by Source Report, 7.4.6
System Privileges Report, 7.4.6
Privileged Users by Source Report, 7.4.8
Privileged Users Report, 7.4.8
privileges
auditing, 5.3.4
Privileged Users by Source Report, 7.4.8
Privileged Users Report, 7.4.8
procedures
See SQL statement auditing
profiles
creating in firewall policies, 4.4.2
defining session filters for, 4.3.2
in firewall policies, about, 4.4.1
provisioning, audit policies to Oracle Database, 5.4.1, 5.4.2

Q

Quick Links menu
Audit Trail Collection, 2.2.1.2, 3.3.2
Enforcement Points, 2.2.2.2, 3.3.1

R

redo log files
auditing, 5.3.6
defining capture rule for audit policy, 5.3.6.2
relevant columns
about, 5.3.5.1.1
event handlers, 5.3.5.1.2
fine-grained auditing, used in, 5.3.5.1.1
report definition file, for creating custom reports, 6.7
reports
about, 6.1
Access Reports, 6.8.2.1
accessing, 6.2
Activity Overview Report, 6.8.2.2
activity, metadata for, A.2
adding your own, 6.7
alert
schema for creating, A.4
alert reports, 6.8.3
All Alerts Report, 6.8.3
annotating, 6.6
attestations, 6.5.2
attesting to, 6.6
browsing, 6.2
built-in, generating, 6.2
columns
adding control break, 6.4.2.4.4
hiding or showing, 6.4.2.3
compliance, 6.9.1, 6.9.3
about, 6.9.1
compliance, associating secured targets with, 6.9.2
creating charts, 6.4.2.4.3
Critical Alerts Report, 6.8.3
CSV, downloading as, 6.3
customizing, 6.4
customizing data display, 6.4.2
Data Access Report, 6.8.2.3
data collected for, 6.1
Database Firewall, 6.10
downloading as CSV or HTML, 6.3
entitlement
about, 7.4.1
data for creating, A.5
Database Roles by Source Report, 7.4.5
Database Roles Report, 7.4.5
general steps for using, 7.1
labels, 7.3.1
Object Privileges by Source Report, 7.4.7
Object Privileges Report, 7.4.7
Privileged Users by Source Report, 7.4.8
Privileged Users Report, 7.4.8
snapshots, 7.3.1
System Privileges by Source Report, 7.4.6
System Privileges Report, 7.4.6
User Accounts by Source Report, 7.4.2
User Accounts Report, 7.4.2
User Privileges by Source Report, 7.4.3
User Privileges Report, 7.4.3
User Profiles by Source Report, 7.4.4
User Profiles Report, 7.4.4
event, data for, A.3
F5, 6.10.3
filtering
all rows based on current column, 6.4.2.2.3
rows in one or all columns, 6.4.2.2.2
using an expression, 6.4.2.2.4
filtering and display settings, 6.4.2.1
formatting, 6.5.1
generation, status of job, 6.5.2
hiding columns, 6.4.2.3
highlighting rows, 6.4.2.4.2
HTML, downloading as, 6.3
Interactive Reports, 6.4.1, 6.4.3
jobs monitoring, 3.4
notifications, 6.5.2
Oracle Database, 6.10
PDF generation, 6.5.1
resetting display values to defaults, 6.4.2.5
retention policy, 6.5.2
scheduling, 6.5.1, 6.5.2
sending to other users, 6.5.1
setting retention time, 6.5.1
sorting data
all columns, 6.4.2.4.1
specifying auditors to attest to, 6.5.1
status of generation job, 6.5.2
stored procedure auditing, 6.8.4
timestamps, online browsing, 6.2
timestamps, PDF/XLS, 6.2, 6.5.1
user-defined, accessing, 6.4.4
viewing PDF/XLS generated reports, 6.5.3
Warning Alerts Report, 6.8.3
who can access, 6.1
XLS, downloading as, 6.5.4
Reports tab, described, 1.11.2
reset Audit Vault Server console view, 1.11.3
retention policies
and reports, 6.5.2
setting for secured target, 2.2.7
Retrieve User Entitlement Data, checking status of, 2.2.5
RTF, report template, 6.7

S

Sarbanes-Oxley Act
privilege auditing to meet compliance, 5.3.4.1
See also compliance reports
saved reports, 6.4.1, 6.4.3
schedules, creating for reports, 6.5.2
schema object auditing, 5.3.3.1
defining audit policy, 5.3.3.2
Object Privileges by Source Report, 7.4.7
Object Privileges Report, 7.4.7
schema reference for AVDF, A.1
secured targets
access, controlling by user, 3.1.3.2
assigning firewall policy, 4.5.3
changing the firewall policy, 4.5.3
introduction, 1.5
retention policies, 2.2.7
supported types, 1.2.2
Secured Targets tab, described, 1.11.2
SECURED_TARGET table, A.2
SECURED_TARGET_TYPE table, A.2
security, and Default Rule block action, 4.3.6.2
Settings tab, described, 1.11.2
showing columns in reports, 6.4.2.3
snapshots
about, 7.2.1
assigning labels to, 7.2.3
creating, 7.2.2
deleting, 7.2.2
using to compare entitlement data, 7.3.3
viewing data, 7.3.1
viewing entitlement reports by, 7.3.2
when used in entitlement reports, 7.3.1
Solaris Operating System
audit event reference, I
sorting
data in report columns, 6.4.2.4.1
lists in console UI, 1.11.3
SQL script, exporting audit policy settings to, 5.4.1
SQL Server
See Microsoft SQL Server
SQL statement auditing
about, 5.3.2.1
compared with privilege auditing, 5.3.4.1
SQL statements
auditing, 5.3.2.1
blocking, 4.3.7
default rule for anomalies, 4.3.6.3
invalid, firewall policies for, 4.3.8.3
match more than one Novelty Policy, 4.3.5.3
Statement Audit Settings page, 5.3.2.3
statements
See SQL statement auditing
stored procedure auditing (SPA), reports described, 6.8.4
substitute statements, when blocking SQL in firewall policies, 4.3.7
super auditor role, 1.4
supported platforms, 1.2.2
supported secured target types, 1.2.2
Sybase Adaptive Server Enterprise
requirements for audit data collection, 1.7.2.2
Sybase ASE
audit event reference, D
syslog
alert message format, AVDF, 8.2.4
forwarding alerts to, 8.2.4
System Privileges by Source Report, 7.4.6
System Privileges Report, 7.4.6

T

template, for custom reports, 6.7
third-party products used with Oracle AVDF, 1.2.5
threat severity, defined for firewall policies, 4.3.1
timestamps
in online reports, 6.2
in PDF/XLS reports, 6.2, 6.5.1
troubleshooting
database auditing not enabled, 1.7.2
latest audit data not appearing in reports, 6.8.2.2

U

UE_DBA_APPLICATION_ROLES table, A.5
UE_DBA_COL_PRIVS table, A.5
UE_DBA_PROFILES table, A.5
UE_DBA_ROLE_PRIVS table, A.5
UE_DBA_ROLES table, A.5
UE_DBA_SYS_PRIVS table, A.5
UE_DBA_TAB_PRIVS table, A.5
UE_DBA_USERS table, A.5
UE_ROLE_SYS_PRIVS table, A.5
UE_ROLE_TAB_PRIVS table, A.5
UE_SYS_DBA_OPER_USERS table, A.5
unified audit policies, Oracle Database 12c, 5.1
user accounts
changing type, 3.1.4
deleting, 3.1.5
User Accounts by Source Report, 7.4.2
User Accounts Report, 7.4.2
User Privileges by Source Report, 7.4.3
User Privileges Report, 7.4.3
User Profiles by Source Report, 7.4.4
User Profiles Report, 7.4.4
user-defined reports, accessing, 6.4.4
users
Database Roles Report, 7.4.5
logging in to the Audit Vault Server console, 1.11.1
Privileged Users by Source Report, 7.4.8
Privileged Users Report, 7.4.8
User Accounts Report, 7.4.2
User Privileges by Source Report, 7.4.3
User Privileges Report, 7.4.3
User Profiles by Source Report, 7.4.4
User Profiles Report, 7.4.4

W

Warning Alerts Report, 6.8.3
Web Application Firewall (WAF)
defined, 1.2.5
Windows Event Viewer
audit events logged in, E.4
exception events logged in, E.6
Windows Operating System
audit event reference, J

X

XLS, format for scheduling report, 6.5.2