A Oracle Audit Vault and Database Firewall Database Schemas

This appendix contains:

About Oracle Audit Vault and Database Firewall Schemas

Oracle Audit Vault and Database Firewall (Oracle AVDF) has internal data warehouse schemas that manage the audit data collected from the secured targets. The data warehouse schemas collect the data from the Oracle AVDF collection agents, organize it, and then provide it in report format for the reports described in Chapter 6, "Generating Reports."

To create custom reports using tools like Oracle Business Intelligence Publisher and the Oracle Business Intelligence Suite:

  • You must understand the structure of the data warehouse schema AVSYS, which this appendix describes.

  • You must understand the structure of the audit events provided by the supported secured targets—Oracle Database, Microsoft SQL Server, Sybase Adaptive Server Enterprise (ASE), and IBM DB2.

    For this information, see Appendix B through Appendix G.

You can create these kinds of custom reports:

  • Activity reports

  • Event reports

  • Alert reports

  • Entitlement reports

  • Third-party (F5) reports

The data that you need to create the other kinds of reports is in the AVSYS schema.

Metadata for Activity Reports

This section describes the metadata that you need to create activity reports:

Table A-1 describes the AVSYS.SECURED_TARGET table, which has one row for each secured target. Columns are in alphabetical order.

Table A-1 AVSYS.SECURED_TARGET Table

Column Data Type Description

ACTIVE

CHAR(1 CHAR)

'Y' if secured target is active, 'N' otherwise.

CONNECT_STRING

VARCHAR2(4000 BYTE)

String that identifies secured target when you try to connect it to the system.

CREATION_TIME

TIMESTAMP WITH LOCAL TIME ZONE

Creation time of the connection between secured target and the system.

DESCRIPTION

VARCHAR2(1024 BYTE)

Description of secured target.

FIREWALL_POLICY_ID

INTEGER

ID number of firewall policy associated with secured target, if any; otherwise NULL. Default: NULL

SECURED_TARGET

NUMBER

Number of secured target.

SECURED_TARGET_NAME

VARCHAR2(255 BYTE)

Name of secured target.

SECURED_TARGET_TYPE_ID

NUMBER

ID number of type of secured target. This value must be in AVSYS.SECURED_TARGET_TYPE.SECURED_TARGET_TYPE_ID (see Table A-2).

SERVER_AUTH_USER

VARCHAR2(255 BYTE)

Oracle AVDF user that is authorized to transfer events from an Audit Vault Agent to an Audit Vault Server.


Table A-2 describes the AVSYS.SECURED_TARGET_TYPE table, which has one row for each secured target type. Columns are in alphabetical order.

Table A-2 AVSYS.SECURED_TARGET_TYPE Table

Column Data Type Description

FIREWALL_DIALECT

NUMBER(38)

ID number of Oracle Database Firewall type.

SECURED_TARGET_TYPE_ID

NUMBER(38)

ID number of secured target type.

SECURED_TARGET_TYPE_NAME

VARCHAR2(255 BYTE)

Name of secured target type.


Table A-3 describes the AVSYS.AUDIT_TRAIL table, which has one row for each audit trail. Columns are in alphabetical order.

Table A-3 AVSYS.AUDIT_TRAIL Table

Column Data Type Description

AUDIT_TRAIL_ID

NUMBER

ID number of this audit trail.

AUDIT_TRAIL_TYPE

VARCHAR2(255 BYTE)

Type of this audit trail (for example, TABLE or DIRECTORY).

COLLECTION_AUTOSTART

CHAR(1 CHAR)

(Currently unavailable functionality)

HOST_NAME

VARCHAR2(255 BYTE)

Name of agent host for this audit trail.

LOCATION

VARCHAR2(4000 BYTE)

 

SOURCE_ID

NUMBER

ID number of source of this audit trail.

SECURED_TARGET_TYPE_NAME

VARCHAR2(255 BYTE)

Name of type of secured target for this audit trail. This value must be in AVSYS.SECURED_TARGET_TYPE.SECURED_TARGET_TYPE_NAME (see Table A-2).


Data for Event Reports

This section describes the data that you need to create event reports.

Table A-4 describes the AVSYS.EVENT_LOG table, which has one row for each audit event. Columns are in alphabetical order.

Table A-4 AVSYS.EVENT_LOG Table

Column Data Type Description

ACTION_TAKEN

VARCHAR2(255 BYTE)

Action taken for the event—pass, warn, or block.

ALERT_RAISED

NUMBER

0 if no alert was raised for the event, 1 otherwise. Default: 0

AUDIT_TRAIL_ID

NUMBER

ID of the audit trail from which the event was collected.

AV_TIME

TIMESTAMP WITH LOCAL TIME ZONE

Time when the event was recorded in Oracle AVDF repository.

CLIENT_HOST_NAME

VARCHAR2(255 BYTE)

Name of client host where the user started the action.

CLIENT_IP

VARCHAR2(255 BYTE)

Internet protocol (IP) address of CLIENT_HOST_NAME.

CLIENT_PROGRAM

VARCHAR2(255 CHAR)

Client program where the event occurred.

CLUSTER_ID

NUMBER

Global ID number of cluster where the event occurred.

CLUSTER_TYPE

NUMBER

Type number of cluster where the event occurred (identifies type of statements in cluster).

COMMAND_CLASS

VARCHAR2(255 BYTE)

Action performed in the event (for example, SELECT or DELETE). If this field contains NULL, then the audit record is invalid.

COMMAND_PARAM

CLOB

Command parameters that caused the event.

COMMAND_TEXT

CLOB

Text of command that caused the event (which can be, for example, a SQL or PL/SQL statement).

ERROR_CODE

VARCHAR2(30 BYTE)

Error code of an action.

ERROR_MESSAGE

VARCHAR2(1000 BYTE)

Error message of an action.

EVENT_NAME

VARCHAR2(255 BYTE)

Name of the event, exactly as in the audit trail.

EVENT_STATUS

VARCHAR2(30 BYTE)

Status of the event—SUCCESS, FAILURE, or UNKNOWN.

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

Time when the event occurred. If the event has more than one time stamp (for example, an event start time stamp and an event end time stamp), then the collector plug-in must assign a time stamp to this field. If this field contains NULL, then Oracle AVDF shuts down the collector.

EXTENSION

CLOB

Stores fields that cannot be accommodated in core or large fields (such as name-value pairs, separated by delimiters).

GRAMMAR_VERSION

NUMBER

Version of grammar that the Database Firewall used when it detected the event. This version is internal to the Database Firewall and not related to the database version.

LOG_CAUSE

VARCHAR2(30 BYTE)

Cause of the event, as recorded in the log—undefined, exception, cluster, novelty, unseen, invalidsql, waf, login, or logout.

LOGFILE_ID

NUMBER

Opaque internal log file ID.

MARKER

VARCHAR2(255 BYTE)

Uniquely identifies a record in an audit trail. During the recovery process, Oracle AVDF uses this field to filter duplicate records. The collector plug-in provides the marker field, which is typically a concatenated subset of the fields of an audit record. For example, in Oracle database, the session ID and entry ID (a unique identifier within a session) define a marker.

MONITORING_POINT_ID

NUMBER

This is an internal column. If its value is not NULL, then the event came from a Database Firewall. If its value is NULL, then the event came from the audit trail whose ID is in AUDIT_TRAIL_ID.

NETWORK_CONNECTION

VARCHAR2(255 BYTE)

Name of user who logged into the operating system that generated the audit record. If the user logged into the operating system as JOHN but performed the action as SCOTT, then this field contains JOHN and the USER_NAME field contains SCOTT.

OSUSER_NAME

VARCHAR2 (255 BYTE)

Operating system user name that executed the SQL command

POLICY_NAME

VARCHAR2(1024 CHAR)

Name of policy file that the Database Firewall used when it detected the event.

RECORD_ID

NUMBER

ID number of audit record for the event.

SECURED_TARGET_NAME

VARCHAR2(255 BYTE)

Name of secured target where event occurred.

SECURED_TARGET_TYPE

VARCHAR2(255 BYTE)

Type of secured target where event occurred.

SERVICE_NAME

VARCHAR2(255 CHAR)

Name of database service to which the client session connects.

TARGET_OBJECT

VARCHAR2(255 BYTE)

Name of object on which the action was performed. For example, if the user selected from a table, then this field contains the name of the table.

TARGET_OWNER

VARCHAR2(255 BYTE)

Name of owner of target on which the action was performed. For example, if the user selected from a table owned by user JOHN, then this field contains the user name JOHN.

TARGET_TYPE

VARCHAR2(255 BYTE)

Type of target object on which the action was performed. For example, if the user selected from a table, then this field contains TABLE.

THREAT_SEVERITY

VARCHAR2(30 CHAR)

Severity of the threat that the Database Firewall detected—undefined, insignificant, minor, moderate, major, or catastrophic.

USER_NAME

VARCHAR2(255 BYTE)

Name of user who performed the action in the application or system that generated the audit record. If this field contains NULL, then the audit record is invalid.


Data for Alert Reports

This section describes the data that you need to create alert reports:

Table A-5 describes the AVSYS.ALERT_STORE table, which has one row for each alert instance. Columns are in alphabetical order.

Table A-5 AVSYS.ALERT_STORE Table

Column Data Type Description

ALERT_DEFINITION_ID

NUMBER

ID number of definition of this alert.

ALERT_ID

NUMBER

ID number of alert instance.

ALERT_NAME

VARCHAR2(255)

Name of this alert in alert definition.

ALERT_OWNER

VARCHAR2(30)

Alert owner (same as alert definition owner).

ALERT_SEVERITY

NUMBER

Alert severity—1=Warning, 2=Critical.

ALERT_STATUS

VARCHAR2(255)

Alert status—OPEN or CLOSED.

AV_ALERT_TIMESTAMP

TIMESTAMP WITH LOCAL TIME ZONE

Time when alert instance was raised.

CLEARED_TIMESTAMP

TIMESTAMP WITH LOCAL TIME ZONE

 

EMAIL_CC_LIST

VARCHAR2(4000 BYTE)

List of addresses for "cc" field of email about this alert instance.

EMAIL_MESSAGE

VARCHAR2(4000 BYTE)

Message in email about this alert instance.

EMAIL_STATUS

VARCHAR2(30 BYTE)

Indicates if email was sent for this alert instance.

EMAIL_TIMESTAMP

TIMESTAMP WITH LOCAL TIME ZONE

Time when email about this alert instance was sent.

EMAIL_TO_LIST

VARCHAR2(4000 BYTE)

List of addresses for "to" field of email about this alert instance.

ILM_TARGET

VARCHAR2(12)

Information lifecycle management (ILM) string for partition.

OLDEST_EVENT_TIMESTAMP

TIMESTAMP WITH LOCAL TIME ZONE

Time of first event that triggered this alert instance.


Table A-6 describes the AVSYS.ALERT_EVENT_MAP table, which maps each alert instance to its related events. When an alert instance is related to multiple events, each event has a different RECORD_ID. Columns are in alphabetical order.

Table A-6 AVSYS.ALERT_EVENT_MAP Table

Column Data Type Description

ALERT_ID

NUMBER

ID of alert instance.

ALERT_OWNER

VARCHAR2(30)

Alert owner, same as alert definition owner.

EVENT_TIMESTAMP

TIMESTAMP WITH LOCAL TIME ZONE

Time of event that triggered this alert instance.

ILM_TARGET

VARCHAR2(12)

ILM string for partition.

OLDEST_EVENT_TIMESTAMP

TIMESTAMP WITH LOCAL TIME ZONE

Time of first event that triggered this alert instance. If this alert instance is related to only one event, then this value is the same as the value of EVENT_TIMESTAMP.

RECORD_ID

NUMBER

Record ID of event related to this alert instance.


Table A-7 describes the AVSYS.ALERT_NOTE table, which stores notes for alert instances. Each alert instance can have multiple notes. Columns are in alphabetical order.

Table A-7 AVSYS.ALERT_NOTE Table

Column Data Type Description

ALERT_ID

NUMBER

ID of this note.

ALERT_NOTE_ID

NUMBER

ID of alert instance associated with this note.

HEADER

VARCHAR2(4000 BYTE)

Header of this note.

ILM_TARGET

VARCHAR2(12)

ILM string for partition.

NOTE_CONTENT

VARCHAR2(4000 BYTE)

Content of this note.

NOTE_CREATOR

VARCHAR2(30)

User who created this note.

NOTE_OWNER

VARCHAR2(30)

Owner of this note, same as alert definition.

NOTE_TIMESTAMP

TIMESTAMP WITH LOCAL TIME ZONE

Time when this note was created.

OLDEST_EVENT_TIMESTAMP

TIMESTAMP WITH LOCAL TIME ZONE

Time of first event that triggered this alert instance.


Data for Entitlement Reports

This section describes the data that you need to create entitlement reports:

Note:

In each of the preceding table names, "UE" means "User Entitlement."

Table A-8 describes the AVSYS.UE_DBA_APPLICATION_ROLES table, which stores information about roles granted to Oracle Database packages. Columns are in alphabetical order.

Table A-8 AVSYS.UE_DBA_APPLICATION_ROLES

Column Data Type Description

PACKAGE

VARCHAR2 (30)

Name of Oracle Database package to which role was granted

ROLE

VARCHAR2 (30)

Role granted to package

SCHEMA

VARCHAR2 (30)

Schema to which package belongs

SNAPSHOT_ID

NUMBER

Snapshot ID


Table A-9 describes the AVSYS.UE_DBA_COL_PRIVS table, which stores information about privileges granted to users on individual columns of Oracle Database tables. Columns are in alphabetical order.

Table A-9 AVSYS.UE_DBA_COL_PRIVS

Column Data Type Description

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

CONTAINER

VARCHAR2 (30)

For Oracle Database 12c, the container (CDB) identifier.

COLUMN_NAME

VARCHAR2 (30)

Name of column on which privilege was granted

GRANTABLE

VARCHAR2 (3)

Whether the privilege was granted with the GRANTABLE option—YES or NO

GRANTEE

VARCHAR2 (30)

User to whom the column privilege was granted

GRANTOR

VARCHAR2 (30)

User who granted the column privilege to GRANTEE

OWNER

VARCHAR2 (30)

Column privilege owner

PRIVILEGE

VARCHAR2 (40)

Column privilege

SNAPSHOT_ID

NUMBER

Snapshot ID

TABLE_NAME

VARCHAR2 (30)

Name of Oracle Database table to which column belongs


Table A-10 describes the AVSYS.UE_DBA_PROFILES table, which stores information about Oracle Database profiles. Columns are in alphabetical order.

Table A-10 AVSYS.UE_DBA_PROFILES

Column Data Type Description

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

CONTAINER

VARCHAR2 (30)

For Oracle Database 12c, the container (CDB) identifier.

LIMIT

VARCHAR2 (40)

Profile limit

ORACLE_MAINTAINED

CHAR (1)

Whether the user was created, and is maintained, by Oracle Database-supplied scripts.

PROFILE

VARCHAR2 (30)

Profile name

RESOURCE_NAME

VARCHAR2 (32)

Resource name

RESOURCE_TYPE

VARCHAR2 (8)

Resource type

SNAPSHOT_ID

NUMBER

Snapshot ID


Table A-11 describes the AVSYS.UE_DBA_ROLES table, which stores information about Oracle Database roles. The table has one row for each role. Columns are in alphabetical order.

Table A-11 AVSYS.UE_DBA_ROLES

Column Data Type Description

AUTHENTICATION_TYPE

VARCHAR2 (8)

Authentication mechanism for this user:

  • EXTERNAL - CREATE USER user1 IDENTIFIED EXTERNALLY

  • GLOBAL - CREATE USER user2 IDENTIFIED GLOBALLY

  • PASSWORD - CREATE USER user3 IDENTIFIED BY user3

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

CONTAINER

VARCHAR2 (30)

For Oracle Database 12c, the container (CDB) identifier.

PASSWORD_REQUIRED

VARCHAR2 (8)

Whether the role requires a password—YES or NO

ROLE

VARCHAR2 (30)

Name of the role

SNAPSHOT_ID

NUMBER

Snapshot ID


Table A-12 describes the AVSYS.UE_DBA_ROLE_PRIVS table, which stores information about the roles granted to users and roles. Columns are in alphabetical order.

Table A-12 AVSYS.UE_DBA_ROLE_PRIVS

Column Data Type Description

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

CONTAINER

VARCHAR2 (30)

For Oracle Database 12c, the container (CDB) identifier.

ADMIN_OPTION

VARCHAR2 (3)

Whether the privilege was granted with the ADMIN option—YES or NO

DEFAULT_ROLE

VARCHAR2 (3)

Whether the role is the default role for the user—YES or NO

GRANTED_ROLE

VARCHAR2 (30)

Name of the role granted to the user or role

GRANTEE

VARCHAR2 (30)

Name of the user or role to which the GRANTED_ROLE was granted

SNAPSHOT_ID

NUMBER

Snapshot ID


Table A-13 describes the AVSYS.UE_DBA_SYS_PRIVS table, which stores information about the system privileges granted to users and roles. Columns are in alphabetical order.

Table A-13 AVSYS.UE_DBA_SYS_PRIVS

Column Data Type Description

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

CONTAINER

VARCHAR2 (30)

For Oracle Database 12c, the container (CDB) identifier.

ADMIN_OPTION

VARCHAR2 (3)

Whether the privilege was granted with the ADMIN option—YES or NO

GRANTEE

VARCHAR2 (30)

Name of the user or role to whom the system privilege was granted

PRIVILEGE

VARCHAR2 (40)

System privilege

SNAPSHOT_ID

NUMBER

Snapshot ID


Table A-14 describes the AVSYS.UE_DBA_TAB_PRIVS table, which stores information about the privileges granted to users on objects. Columns are in alphabetical order.

Table A-14 AVSYS.UE_DBA_TAB_PRIVS

Column Data Type Description

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

CONTAINER

VARCHAR2 (30)

For Oracle Database 12c, the container (CDB) identifier.

GRANTABLE

VARCHAR2 (3)

Whether the privilege was granted with the GRANTABLE option—YES or NO

GRANTEE

VARCHAR2 (30)

User to whom the privilege was granted

GRANTOR

VARCHAR2 (30)

User who granted the privilege to GRANTEE

HIERARCHY

VARCHAR2 (3)

Whether the privilege was granted with the HIERARCHY option—YES or NO

OWNER

VARCHAR2 (30)

Owner of the object

PRIVILEGE

VARCHAR2 (40)

Privilege on the object

SNAPSHOT_ID

NUMBER

Snapshot ID

TABLE_NAME

VARCHAR2 (30)

Name of the object on which privilege was granted

TYPE

VARCHAR2 (24)

Object type (table, view, sequence, etc.)


Table A-15 describes the AVSYS.UE_DBA_USERS table, which has a row for every Oracle Database user. Columns are in alphabetical order.

Table A-15 AVSYS.UE_DBA_USERS

Column Data Type Description

ACCOUNT_STATUS

VARCHAR2 (32)

User account status, which is one of these:

  • OPEN

  • EXPIRED

  • EXPIRED(GRACE)

  • LOCKED(TIMED)

  • LOCKED

  • EXPIRED & LOCKED(TIMED)

  • EXPIRED(GRACE) & LOCKED(TIMED)

  • EXPIRED & LOCKED

  • EXPIRED(GRACE) & LOCKED

AUTHENTICATION_TYPE

VARCHAR2 (8)

Authentication mechanism for this user:

  • EXTERNAL - CREATE USER user1 IDENTIFIED EXTERNALLY

  • GLOBAL - CREATE USER user2 IDENTIFIED GLOBALLY

  • PASSWORD - CREATE USER user3 IDENTIFIED BY user3

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

CONTAINER

VARCHAR2 (30)

For Oracle Database 12c, the container (CDB) identifier.

CREATED

TIMESTAMP (0) WITH LOCAL TIME ZONE

Date when user account was created

DEFAULT_TABLESPACE

VARCHAR2 (30)

Default tablespace for user

EDITIONS_ENABLED

VARCHAR2 (1)

Indicates whether editions have been enabled for the corresponding user (Y or N)

EXPIRY_DATE

TIMESTAMP (0) WITH LOCAL TIME ZONE

Date when user account expires or expired

EXTERNAL_NAME

VARCHAR2 (4000)

External name of user

INITIAL_RSRC_CONSUMER_GROUP

VARCHAR2 (30)

Initial resource consumer group

LAST_LOGON

TIMESTAMP (9) WITH LOCAL TIME ZONE

For Oracle Database 12c, time when user last logged on

LOCK_DATE

TIMESTAMP (0) WITH LOCAL TIME ZONE

Date when user account was locked

ORACLE_MAINTAINED

CHAR (1)

For Oracle Database 12c, whether user was created, and is maintained, by Oracle-supplied scripts. A value of Y means that user must not be changed in any way except by running an Oracle-supplied script.

PROFILE

VARCHAR2 (30)

User profile

PROXY_ONLY_CONNECT

CHAR (1)

For Oracle Database 12c, whether this user can connect only through a proxy

SNAPSHOT_ID

NUMBER

Snapshot ID

TEMPORARY_TABLESPACE

VARCHAR2 (30)

Temporary tablespace for user

USERNAME

VARCHAR2 (30)

Oracle Database user name


Table A-16 describes the AVSYS.UE_ROLE_SYS_PRIVS table, which stores information about system privileges granted to roles. Columns are in alphabetical order.

Table A-16 AVSYS.UE_ROLE_SYS_PRIVS

Column Data Type Description

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

ADMIN_OPTION

VARCHAR2 (3)

Whether the privilege was granted with the ADMIN option—YES or NO

PRIVILEGE

VARCHAR2 (40)

System privilege granted to the role

ROLE

VARCHAR2 (30)

Name of role

SNAPSHOT_ID

NUMBER

Snapshot ID


Table A-17 describes the AVSYS.UE_ROLE_TAB_PRIVS table, which stores information about the table privileges granted to roles. Columns are in alphabetical order.

Table A-17 AVSYS.UE_ROLE_TAB_PRIVS

Column Data Type Description

COLUMN_NAME

VARCHAR2 (30)

Name of column on which privilege was granted

COMMON

VARCHAR2 (3)

For Oracle Database 12c, whether the user is common to a CDB and PDB:

  • Y - user is common to both

  • N - user is local to PDB

  • Null - database is not a CDB or PDB

GRANTABLE

VARCHAR2 (3)

Whether the privilege was granted with the GRANTABLE option—YES or NO

OWNER

VARCHAR2 (30)

Table privilege owner

PRIVILEGE

VARCHAR2 (40)

Table privilege

ROLE

VARCHAR2 (30)

Role to which table privilege was granted

TABLE_NAME

VARCHAR2 (30)

Name of Oracle Database table on which privilege was granted

UE_SNAPSHOT_SNAPSHOT_ID

NUMBER

Snapshot ID


Table A-18 describes the AVSYS.UE_SYS_DBA_OPER_USERS table, which stores information about all users in the password file. Columns are in alphabetical order.

Table A-18 AVSYS.UE_SYS_DBA_OPER_USERS

Column Data Type Description

CONTAINER

VARCHAR2 (30)

For Oracle Database 12c, the container (CDB) identifier.

SNAPSHOT_ID

NUMBER

Snapshot ID

SYSASM

VARCHAR2 (5)

Whether the user can connect to the database with the SYSASM privilege—TRUE or FALSE.

SYSBACKUP

VARCHAR2 (5)

Whether the user can connect to the database with the SYSBACKUP privilege—TRUE or FALSE.

SYSDBA

VARCHAR2 (5)

Whether the user can connect to the database with the SYSDBA privilege—TRUE or FALSE.

SYSDG

VARCHAR2 (5)

Whether the user can connect to the database with the SYSDG privilege—TRUE or FALSE.

SYSKM

VARCHAR2 (5)

Whether the user can connect to the database with the SYSKM privilege—TRUE or FALSE.

SYSOPER

VARCHAR2 (8)

Whether the user can connect to the database with the SYSOPER privilege—TRUE or FALSE.

USERNAME

VARCHAR2 (30)

User name in the password file


Data for SPA Reports

This section describes data that you need to create custom Stored Procedure Auditing (SPA) reports:

Table A-19 describes the AVSYS.SPA_OBJECTS table, which stores summary data about stored procedure objects.

Table A-19 AVSYS.SPA_OBJECTS

Column Data Type Description

ID

INTEGER

Unique identifier for the object

SECURED_TARGET_ID

INTEGER

The secured target source of database objects

OBJECT_SUBTYPE

VARCHAR2(40 BYTE)

The subtype of the object

OBJECT_CLASS

VARCHAR2(40 BYTE)

The class of the object

NAME

VARCHAR2 (1024 CHAR)

The name of the object

CHANGED_BY

VARCHAR2 (2048 CHAR)

Coma separated database users that modified the object

LAST_CHANGED_AT

TIMESTAMP WITH LOCAL TIME ZONE

The date and time when the object was changed

LAST_SIGNATURE

VARCHAR2 (40 BYTE)

The hash of the object (signature change means object change)

LAST_EDIT_TYPE

VARCHAR2 (40 BYTE)

The most recent type of the change

EDIT_CNT_NEW

INTEGER

Keeps the number of "new" edit records is for this object

EDIT_CNT_MODIFY

INTEGER

Keeps the number of "modify" edit records is for this object

EDIT_CNT_DELETE

INTEGER

Keeps the number of "delete" edit records is for this object

CHANGES_SUMMARY

VARCHAR2(255 CHAR)

The summary of the changes

UPDATED_AT

TIMESTAMP WITH LOCAL TIME ZONE

The date and time when the record was updated by the Database Firewall software


Table A-20 describes the AVSYS.SPA_EDITS table, which stores data about, and the content of, stored procedure edits.

Table A-20 AVSYS.SPA_EDITS

Column Data Type Description

ID

INTEGER

Unique identifier for the object

OBJECT_ID

INTEGER

Foreign key that references the ID column of the AVSYS.SPA_OBJECTS table

SIGNATURE

VARCHAR2 (40 BYTE)

The hash of the object (signature change means object change)

CONTENT

CLOB

The new content of the object

EDIT_TYPE

VARCHAR2 (40 BYTE)

The type of the change

CHANGED_BY

VARCHAR2 (2048 CHAR)

The database user that modified the object

CHANGED_AT

TIMESTAMP WITH LOCAL TIME ZONE

The date and time when the object was changed

DETECTED_AT

TIMESTAMP WITH LOCAL TIME ZONE

The date and time when the change was detected on the controller


Data for Database Firewall Reports

This section describes data that you need to create custom Database Firewall reports:

Table A-21 describes the AVSYS.FW_CLUSTERS table, which provides summary data on cluster traffic to secured target databases, and gives an example statement that would appear in a given cluster.

Table A-21 AVSYS.FW_CLUSTERS

Column Data Type Description

ID

NUMBER

Cluster global identifier

SECURED_TARGET_ID

INTEGER

The secured target database for this cluster

CLUSTER_HASH

INTEGER

The hash of the cluster

GRAMMAR_VERSION

INTEGER

Version number of the Database Firewall grammar

FIREWALL_DIALECT

SMALLINTEGER

Database type of the cluster (seeAVSYS.SECURED_TARGET_TYPE Table for meaning)

CLUSTER_TYPE

VARCHAR2 (40 BYTE)

Type of statements included in the cluster

REPRESENTATION

CLOB

Cluster path representation

CLUSTER_EXAMPLE

CLOB

An example statement in the cluster


Table A-22 describes the AVSYS.FW_CLUSTER_COMPONENTS table, which provides cluster data broken down into cluster components. This data may be used, for example, to report on clusters related to a specific database table or table column.

Table A-22 AVSYS.FW_CLUSTER_COMPONENTS

Column Data Type Description

CLUSTER_ID

INTEGER

Foreign key that references the ID column of the AVSYS.FW_CLUSTERS table

COMPONENT_INDEX

INTEGER

Index of the component (starts with 1)

COMPONENT_TYPE

VARCHAR2(50 BYTE)

Component type may be one of: 'keyword', 'column', 'table', 'procedure', 'cluster_set', 'function', '_'

COMPONENT_VALUE

VARCHAR2(4000 CHAR)

The component string

COMPONENT_USAGE

VARCHAR2(50 BYTE)

Component usage may be one of: NULL,'read', 'write', 'define', 'call', 'control'