Skip Headers
Oracle® Audit Vault Auditor's Guide
Release 10.2.3.2
Part Number E14460-01
Home
Book List
Index
Contact Us
Next
View PDF
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Audit Vault for Auditors?
Near Real Time Activity Monitoring
User Entitlement Audit Data
E-Mail Notifications for Alerts and Reports
Trouble Ticket Notifications for Alerts
Annotating and Attesting Alerts and Reports
More Functionality for Advanced Alerts
Scheduling Reports to be Sent to Other Users in PDF Format
Additional and Changed Reports
New and Changed Audit Events
Oracle Audit Vault Console User Interface Enhancements
1
Introducing Oracle Audit Vault for Auditors
1.1
How Do Auditors Use Oracle Audit Vault?
1.2
General Steps for Using Oracle Audit Vault
1.2.1
Step 1: Ensure That the Source Databases Are Collecting Audit Data
1.2.2
Step 2: Create Audit Policies for Oracle Database Data
1.2.3
Step 3: Optionally, Create and Monitor Alerts
1.2.4
Step 4: View and Customize the Oracle Audit Vault Reports
1.2.5
Step 5: Respond to Reports and Alerts
1.3
Database Requirements for Collecting Audit Data
1.3.1
Requirements for Oracle Database
1.3.1.1
Ensuring That Auditing Is Enabled in the Source Database
1.3.1.2
Using Recommended Audit Settings in the Source Database
1.3.2
Requirements for SQL Server, Sybase ASE, and IBM DB2 Databases
1.4
Starting the Oracle Audit Vault Console
1.5
Ensuring That the Oracle Audit Vault Collectors Can Collect Data
2
Creating Oracle Audit Vault Policies and Alerts
2.1
About Oracle Audit Vault Policies and Alerts
2.2
General Steps for Creating Oracle Audit Vault Policies and Alerts
2.3
Retrieving Audit Policy Settings from the Source Oracle Database
2.3.1
Step 1: Retrieve the Audit Settings from the Source Oracle Database
2.3.2
Step 2: Activate (Update) the Fetched Audit Settings State
2.4
Creating Oracle Vault Audit Policies for SQL Statements
2.4.1
About SQL Statement Auditing
2.4.2
Defining a SQL Statement Audit Policy
2.5
Creating Oracle Audit Vault Policies for Schema Objects
2.5.1
About Schema Object Auditing
2.5.2
Defining a Schema Object Audit Policy
2.6
Creating Oracle Audit Vault Policies for Privileges
2.6.1
About Privilege Auditing
2.6.2
Defining a Privilege Audit Policy
2.7
Creating Oracle Audit Vault Policies for Fine-Grained Auditing
2.7.1
About Fine-Grained Auditing
2.7.1.1
Auditing Specific Columns and Rows
2.7.1.2
Using Event Handlers in Fine-Grained Auditing
2.7.2
Defining a Fine-Grained Auditing Policy
2.8
Creating Capture Rules for Redo Log File Auditing
2.8.1
About Capture Rules Used for Redo Log File Auditing
2.8.2
Defining a Capture Rule for Redo Log File Auditing
2.9
Verifying Oracle Audit Vault Policy Settings
2.10
Provisioning Audit Vault Policies to the Source Oracle Database
2.10.1
Saving the Audit Policy Settings to a SQL Script for a Database Administrator
2.10.2
Manually Provisioning the Audit Policy Settings to the Source Database
2.11
Copying Oracle Audit Vault Policies to Other Oracle Databases
2.12
Creating and Configuring Alerts
2.12.1
About Alerts
2.12.2
Creating Templates to be Used for Alerts
2.12.2.1
Creating an E-Mail Notification Profile
2.12.2.2
Creating an E-Mail Notification Template
2.12.2.3
Creating a Trouble Ticket Template
2.12.3
Creating Alert Status Values
2.12.4
Creating a Basic Alert
2.12.5
Creating an Advanced Alert
2.12.5.1
About Advanced Alerts
2.12.5.2
Creating an Advanced Alert That Uses a Condition
2.12.5.3
Creating an Advanced Alert Condition That Uses a Function
2.12.6
Monitoring Alerts
2.13
Responding to an Alert
2.14
Setting a Retention Period for Audit Data
3
Using Oracle Audit Vault Reports
3.1
What Are Oracle Audit Vault Reports?
3.2
Accessing the Oracle Audit Vault Audit Reports
3.3
Using the Default Reports
3.3.1
About the Default Reports
3.3.2
Using the Default Access Reports
3.3.2.1
About the Default Access Reports
3.3.2.2
Activity Overview Report
3.3.2.3
Data Access Report
3.3.2.4
Database Vault Report
3.3.2.5
Distributed Database Report
3.3.2.6
Procedure Executions Report
3.3.2.7
User Sessions Report
3.3.3
Using the Default Management Activity Reports
3.3.3.1
About the Default Management Activity Reports
3.3.3.2
Account Management Report
3.3.3.3
Audit Commands Report
3.3.3.4
Object Management Report
3.3.3.5
Procedure Management Report
3.3.3.6
Role and Privilege Management Report
3.3.3.7
System Management Report
3.3.4
Using the Default System Exception Reports
3.3.4.1
About the Default System Exception Reports
3.3.4.2
Exception Activity Report
3.3.4.3
Invalid Audit Record Report
3.3.4.4
Uncategorized Activity Report
3.3.5
Using the Default Entitlement Reports
3.3.5.1
About the Default Entitlement Reports
3.3.5.2
User Accounts Report and User Accounts by Source Report
3.3.5.3
User Privileges Report and User Privileges by Source Report
3.3.5.4
User Profiles Report and User Profiles by Source Report
3.3.5.5
Database Roles Report and Database Roles by Source Report
3.3.5.6
System Privileges Report and System Privileges by Source Report
3.3.5.7
Object Privileges Report and Object Privileges by Source Report
3.3.5.8
Privileged Users Report and Privileged Users by Source Report
3.4
Using the Compliance Reports
3.4.1
About the Compliance Reports
3.4.2
Credit Card Compliance Report: Related Data Access Compliance Report
3.4.3
Financial Compliance Reports
3.4.3.1
Financial Related Data Access Report
3.4.3.2
Financial Related Data Modifications Report
3.4.4
Health Care Compliance Report: EPHI Related Data Access Report
3.4.5
Common Credit Card, Financial, and Health Care Compliance Reports
3.4.5.1
Audit Setting Changes Report
3.4.5.2
Before/After Values Report
3.4.5.3
Database Failed Logins Report
3.4.5.4
Database Login/Logoff Report
3.4.5.5
Database Logoff Report
3.4.5.6
Database Logon Report
3.4.5.7
Database Startup/Shutdown Report
3.4.5.8
Deleted Objects Report
3.4.5.9
Program Changes Report
3.4.5.10
Schema Changes Report
3.4.5.11
System Events Report
3.4.5.12
User Privilege Change Activity Report
3.5
Using the Critical and Warning Alert Reports
3.5.1
About the Critical and Warning Alert Reports
3.5.2
All Alerts Report
3.5.3
Critical Alerts Report
3.5.4
Warning Alerts Report
3.6
Scheduling and Creating PDF Reports
3.6.1
About Scheduling and Creating PDF Reports
3.6.2
Scheduling and Creating a PDF Report
3.7
Annotating and Attesting Reports
3.7.1
About Annotating and Attesting Reports
3.7.2
Annotating and Attesting a Report
3.8
Generating and Comparing Snapshots of Entitlement Audit Data
3.8.1
About Entitlement Report Snapshots and Labels
3.8.2
General Steps for Using Entitlement Reports
3.8.3
Retrieving Entitlement Audit Data to Create the Snapshot
3.8.4
Creating an Entitlement Snapshot Label
3.8.5
Assigning Snapshots to a Label
3.8.6
Viewing Entitlement Snapshot and Label Audit Data
3.8.6.1
Checking Entitlement Reports for Individual Snapshot or Label Audit Data
3.8.6.2
Checking Entitlement Reports for Changes to Snapshot or Label Audit Data
3.9
Controlling the Display of Data in a Report
3.9.1
About Controlling the Display of Report Data
3.9.2
Hiding or Showing Columns in a Report
3.9.2.1
Hiding the Currently Selected Column
3.9.2.2
Hiding or Showing Any Column
3.9.3
Filtering Data in a Report
3.9.3.1
Filtering All Rows Based on Data from the Currently Selected Column
3.9.3.2
Filtering Column and Row Data
3.9.3.3
Filtering Row Data Using an Expression
3.9.4
Sorting Data in a Report
3.9.4.1
Sorting Row Data for the Currently Selected Column
3.9.4.2
Sorting Row Data for All Columns
3.9.5
Highlighting Rows in a Report
3.9.6
Charting Data in a Report
3.9.7
Adding a Control Break to a Column in a Report
3.9.8
Resetting the Report Display Values to Their Default Settings
3.10
Finding Information About Report Data
3.10.1
Finding Detailed Information About an Audit Record
3.10.2
Finding Information About the Purpose of a Column
3.11
Working with User-Defined Reports
3.11.1
About User-Defined Reports
3.11.2
Creating a Category for User-Defined Reports
3.11.2.1
Creating a Category Name
3.11.2.2
Alphabetizing the Category Name List
3.11.2.3
Editing a Category Name
3.11.3
Creating a User-Defined Report
3.11.4
Accessing a User-Defined Report
3.12
Downloading a Report to a CSV File
4
Oracle Audit Vault Data Warehouse Schema
4.1
About the Oracle Audit Vault Data Warehouse Schema
4.2
Oracle Audit Vault Audit Data Warehouse Architecture
4.3
Design of the Audit Data Warehouse Schema
4.4
How the Fact Table and Dimension Tables Work
4.5
Fact Table Constraints and Indexes
4.6
Relationships Between the Fact and Dimension Tables
4.6.1
AUDIT_EVENT_FACT Fact Table
4.6.2
CLIENT_HOST_DIM Dimension Table
4.6.3
CLIENT_TOOL_DIM Dimension Table
4.6.4
CONTEXT_DIM Dimension Table
4.6.5
EVENT_DIM Dimension Table
4.6.6
PRIVILEGES_DIM Dimension Table
4.6.7
SOURCE_DIM Dimension Table
4.6.8
TARGET_DIM Dimension Table
4.6.9
TIME_DIM Dimension Table
4.6.10
USER_DIM Dimension Table
A
Oracle Database Audit Events
A.1
About the Oracle Database Audit Events
A.2
Account Management Events
A.3
Application Management Events
A.4
Audit Command Events
A.5
Data Access Events
A.6
Oracle Database Vault Events
A.7
Exception Events
A.8
Invalid Record Events
A.9
Object Management Events
A.10
Peer Association Events
A.11
Role and Privilege Management Events
A.12
Service and Application Utilization Events
A.13
System Management Events
A.14
Unknown or Uncategorized Events
A.15
User Session Events
B
Microsoft SQL Server Audit Events
B.1
About the Microsoft SQL Server Audit Events
B.2
Account Management Events
B.3
Application Management Events
B.4
Audit Command Events
B.5
Data Access Events
B.6
Exception Events
B.7
Invalid Record Events
B.8
Object Management Events
B.9
Peer Association Events
B.10
Role and Privilege Management Events
B.11
Service and Application Utilization Events
B.12
System Management Events
B.13
Unknown or Uncategorized Events
B.14
User Session Events
C
Sybase Adaptive Server Enterprise Audit Events
C.1
About the Sybase Adaptive Server Enterprise Audit Events
C.2
Account Management Events
C.3
Application Management Events
C.4
Audit Command Events
C.5
Data Access Events
C.6
Exception Events
C.7
Invalid Record Events
C.8
Object Management Events
C.9
Peer Association Events
C.10
Role and Privilege Management Events
C.11
Service and Application Utilization Events
C.12
System Management Events
C.13
Unknown or Uncategorized Events
C.14
User Session Events
D
IBM DB2 Audit Events
D.1
About the IBM DB2 Audit Events
D.2
Account Management Events
D.3
Application Management Events
D.4
Audit Command Events
D.5
Data Access Events
D.6
Exception Events
D.7
Invalid Record Events
D.8
Object Management Events
D.9
Peer Association Events
D.10
Role and Privilege Management Events
D.11
Service and Application Utilization Events
D.12
System Management Events
D.13
Unknown or Uncategorized Events
D.14
User Session Events
Index
Scripting on this page enhances content navigation, but does not change the content in any way.