Index

A B C D E F H I L M N O P Q R S T U V W

A

action level

defined, 3.4.1

novelty policy, 3.4.4.3

setting level in policy, 3.4.3

Administration Console

about, 1.3.2.1, 2.1

auditing, 1.3.2.3

Dashboard tab, 1.3.2.1, 2.1, 2.3

logging in, 2.2.2

Reports page, 6.1.2

Search Traffic Log page, 5.1.3

Traffic Log page, 5.1.1

users who can log in, 2.2.1

administration log, 1.2.6.2

Advanced Security Option (ASO), 3.4.3.1

Analysis tab

cluster group percentages, 3.3.3.1

new data pie chart indicators, 3.6.3

pie chart indicators, 3.3.3.1

threat severity indicator, 3.3.3.1

using profiles in, 3.4.7.2

Analyzer

about, 1.3.1, 3.1.1

Analysis tab, 3.3.3.1

Baseline tab, 3.3.2.2, 3.3.7, 3.3.7

creating policy file, 3.5.1

Details tab, 3.3.3.2, 3.4.7.2

how it uses clusters, 3.1.2

main window, 3.3.2

model data analysis, 3.3

Properties tab, 3.3.9

Summary tab, 3.3.2.1

supplying training data for, 3.2.2

tabs, 3.3.2.2

using policy file SQL statements, 1.2.4.2

anomalies

of statements, default rule for, 3.4.4.4

applications

in Database Firewall, 1.3

architecture

Oracle Database Firewall, 1.2.3

ASO (Advanced Security Option), 3.4.3.1

assign policies

procedure for, 3.4.2

assign threat severities

procedure for, 3.4.2

attacks, 1.2.2

See security attacks

audit reports

manual audit for stored procedures, 4.2.2

manual audit for user roles, 4.3.2

auditing

about, 1.3.2.3

automated attack, 3.4.6

B

Baseline tab

filters, 3.3.7

blocking

in cluster properties, 3.4.5

See Database Policy Enforcement

C

cluster groups

example contents, 3.3.3.1

viewing data by, 3.3.3

viewing in Details tab, 3.3.3.2

clusters

about, 3.1.2

action level, 3.4.1

displaying data in Baseline tab, 3.3.7

encrypted traffic, 3.4.3.1

finding properties of, 3.4.5

how used by Analyzer, 3.1.2

logging level, 3.4.1

percentage of statements in cluster group, 3.3.3.1, 3.3.3.1

threat severity, 3.4.1

creating policy files, 1.2.4

D

DAM

see Database Activity Monitoring

Dashboard contents

enforcement points, 2.3.1

Quick Start, 2.3.1

threat status, 2.3.1

throughput status, 2.3.1

top ten threats, 2.3.1

traffic snapshot example, 2.3.1

Dashboard tab, 1.3.2.1, 2.1

Filter button, 2.3.1

data

analyzing in model, 3.3

exporting as HTML, 3.7.2

filtering in Details and Analysis tabs, 3.3.6

masked data example, 3.3.3.1

masking sensitive data, 3.7.1

new, assigning policy rules to, 3.6.4

new, refining policies with, 3.6

updated, analyzing, 3.6.3

viewing by

cluster group, 3.3.3

database columns, 3.3.5

database tables, 3.3.4

profile, 3.3.8

data definition file

in reports, 6.4

upload to report, 6.4

data masking

example statement, Analysis tab, 3.3.3.1

feature, 3.7.1

Database Activity Monitoring (DAM)

about, 1.4

strategy for using, 1.4

Database Policy Enforcement (DPE)

about, 1.4

IPv6, traffic blocked, 3.4.1

setting blocking, 1.4

substitute statements, 3.4.5

databases

state of in order to monitor, 3.2.2

Default Rule

customizing, 3.4.4.4

Details tab

using profiles in, 3.4.7.2

viewing cluster groups, 3.3.3.2

display

dividing screen into two, 3.7.4

DPE

see Database Policy Enforcement

E

encrypted traffic, 3.4.3.1

enforcement points

dashboard display, 2.3.1

event log

about, 1.2.6.2

examples

traffic snapshot, 2.3.1

Exceptions

creating as part of policy, 3.4.4.2

defining sets for, 3.4.8

using Exclude in definition, 3.4.4.2

Exclude

in Exception definition, 3.4.4.2

F

filtering data

by using profiles, 3.4.7

in Baseline tab, 3.3.7

in policies, 3.3.6

H

hackers

See security attacks

HTML, exporting data as, 3.7.2

I

injected SQL

security attacks, 1.2.4

IPv6

traffic blocked, 3.4.1

L

log search results

and scheduling reports, 5.1.5

log unique policies

about, 3.2.2

enabling, 3.2.2.1

storage of SQL data, 3.2.2

using, 3.6.2

logging

about, 1.2.6

blocking SQL statements, 1.4

location of logging rules, 1.2.6

purpose, 1.2.6

setting level in policy, 3.4.3

targeted, 1.2.6

types available, 1.2.6.2

logging level

defined, 3.4.1

logout policies for database users, 3.4.6

long SQL statements, 1.2.2

M

Microsoft SQL Server

using server trace file for training Analyzer, 3.2.2

models

about creating, 3.2.1

creating, 3.2

creating from policy file, 3.7.3

opening existing, 3.2.4

procedure for creating, 3.2.3

models and policy files

storing setting in model, 1.2.4.1

N

Novelty Policy

creating, 3.4.4.3

statement matches multiple, 3.4.4.3

substitute statement, 3.4.4.3

O

operational modes

about, 1.2.5

defined, 1.4

Oracle Database Firewall

about, 1.2.1

advantages over other firewall products, 1.2.2

architecture, 1.2.3

scanning SQL traffic, 1.2.3

typical deployment, 1.2.3

Oracle Database Firewall Analyzer

See Analyzer

P

pie charts

indicators for new data sets, 3.6.3

indicators in Analysis tab, 3.3.3.1

planning Oracle Database Firewall system, 1.4

policies

action level, setting, 3.4.3

creating a model for, 3.2.1

creating automatically, 3.4.2

creating Exceptions, 3.4.4.2

creating file in Analyzer, 3.5.1

creating model from policy file, 3.7.3

designing, 3.4.1

development process, 3.1.3

exporting as HTML, 3.7.2

filtering

data displayed, 3.3.6

data displayed (profiles), 3.4.7

displayed clusters, 3.3.7

finding cluster properties, 3.4.5

IPv6, traffic blocked, 3.4.1

iterative development cycle, 3.6.1

listing in Management Server, 3.5.2

logging level, setting, 3.4.3

logins for database users, 3.4.6

logouts for database users, 3.4.6

masking sensitive data, 3.7.1

Novelty Policy, 3.4.4.3

operational modes, 1.2.5

procedure for automatic creation, 3.4.2

profiles, 3.4.7

refreshing with updated data, 3.6.2

Q

Quick Start Dashboard option, 2.3.1

R

reports

adding your own, 6.4

defining parameters, 6.2

menu options, 6.3

scheduling, 6.5

scheduling and log search results, 5.1.5

S

screen, dividing into two screens, 3.7.4

security attacks, 1.2.4

blind SQL injection attacks, 1.2.2

external, 1.2.2

internal, 1.2.2

zero-day attacks, 1.2.2

sets

factors used in profiles and exceptions, 3.4.8

procedure for defining, 3.4.8

SQL statements

default rule for anomalies, 3.4.4.4

finding percentage in a cluster, 3.3.3.1

injected SQL, 1.2.4

long, 1.2.2

match more than one Novelty Policy, 3.4.4.3

types, 1.2.2

viewing by

cluster groups, 3.3.3

database columns, 3.3.5

database table, 3.3.4

profile, 3.3.8

stored procedure auditing (SPA)

about, 4.1

approving changes to, 4.2.3

filtering options, 4.2.4

general approval process, 4.2.1

running manual audit, 4.2.2

stored procedures

auditing, 1.3.2.3

substitute statements

in cluster properties, 3.4.5

in Novelty Policy, 3.4.4.3

Summary tab

creating a policy automatically, 3.4.2

elements of, 3.3.2.1

T

template

for reports, 6.4

upload to report, 6.4

threat severity

defined, 3.4.1

indicator, 3.3.3.1

setting level in policy, 3.4.3

threat status, 2.3.1

throughput status, 2.3.1

top ten threats, 2.3.1

traffic log

about, 1.2.6.2

for training data, 3.2.2, 3.2.3.1

log search results and scheduled reports, 5.1.5

viewing, 5.2

training data

enabling log unique policies for, 3.2.2.1

from file, defined, 3.2.2

from file, procedure for, 3.2.3.2

from traffic log, 3.2.2, 3.2.3.1

supplying to analyzer, 3.2.2

U

user role auditing (URA)

about, 4.1

approving changes to, 4.3.3

filtering options, 4.3.4

general approval process, 4.3.1

running manual audit, 4.3.2

V

view

dividing screen into two, 3.7.4

W

warnings

specifying in cluster properties, 3.4.5