Index

A  B  C  D  E  F  G  H  I  L  M  N  O  P  Q  R  S  T  U  V  W  X 

---

A

action level

defined, 4.4.1

setting level in policy, 4.4.3

Administration Console

about, 1.3.2.1, 3.1

auditing, 1.3.2.3

Dashboard tab, 1.3.2.1, 3.1, 3.3

logging in, 3.2.3

Search Traffic Log page, 6.1.3

Traffic Log page, 6.1.1

users who can log in, 3.2.2

administration log, 1.2.6.2

Analysis tab

cluster group percentages, 4.3.3.1

new data pie chart indicators, 4.6.3

pie chart indicators, 4.3.3.1

threat severity indicator, 4.3.3.1

using profiles in, 4.4.7.2

Analyzer

about, 1.3.1, 4.1.1

Analysis tab, 4.3.3.1

Baseline tab, 4.3.2.2, 4.3.7, 4.3.7

creating policy file, 4.5.1

Details tab, 4.3.3.2, 4.4.7.2

how it uses clusters, 4.1.2

main window, 4.3.2

model data analysis, 4.3

Properties tab, 4.3.9

Summary tab, 4.3.2.1

supplying training data for, 4.2.2

tabs, 4.3.2.2

using policy file SQL statements, 1.2.4.2

anomalies

of statements, default rule for, 4.4.4.4

applications

in Database Firewall, 1.3

architecture

Oracle Database Firewall, 1.2.3

assign policies

procedure for, 4.4.2

assign threat severities

procedure for, 4.4.2

attacks, 1.2.2

See security attacks

audit reports

descriptions, 7.2.3.1

generating, 7.2

manual audit for stored procedures, 5.2.2

manual audit for user roles, 5.3.2

auditing

about, 1.3.2.3

automated attack, 4.4.6

---

B

Baseline tab

filters, 4.3.7

blocking

in cluster properties, 4.4.5

in Default Rule, 4.4.4.4

See Database Policy Enforcement

blocking, IPv6 traffic, 2.4

---

C

Client IP Addresses

and TCP invited nodes, 2.5.2

client program name

security considerations, 2.5.3

Client Program Sets

Tools menu, 4.4.8

client-side security, 2.5.3

cluster groups

example contents, 4.3.3.1

viewing data by, 4.3.3

viewing in Details tab, 4.3.3.2

clusters

about, 4.1.2

action level, 4.4.1

displaying data in Baseline tab, 4.3.7

encrypted traffic, 4.4.3.1

finding properties of, 4.4.5

how used by Analyzer, 4.1.2

logging level, 4.4.1

percentage of statements in cluster group, 4.3.3.1, 4.3.3.1

threat severity, 4.4.1

compression, log data, 1.2.6.1

creating policy files, 1.2.4

---

D

DAM

see Database Activity Monitoring

Dashboard contents

enforcement points, 3.3.1

Quick Start, 3.3.1

threat status, 3.3.1

throughput status, 3.3.1

top ten threats, 3.3.1

traffic snapshot example, 3.3.1

Dashboard tab, 1.3.2.1, 3.1

Filter button, 3.3.1

data

analyzing in model, 4.3

exporting as HTML, 4.7.2

filtering in Details and Analysis tabs, 4.3.6

masked data example, 4.3.3.1

masking sensitive data, 4.7.1

new, assigning policy rules to, 4.6.4

new, refining policies with, 4.6

security, 2.1

updated, analyzing, 4.6.3

viewing by

cluster group, 4.3.3

database columns, 4.3.5

database tables, 4.3.4

profile, 4.3.8

data definition file

in reports, 7.3

upload to report, 7.3

data masking

example statement, Analysis tab, 4.3.3.1

feature, 4.7.1

Data Protection Act, 7.2.3.2

database

connections and Database Firewall, 2.4

Database Activity Monitoring (DAM)

about, 1.4

strategy for using, 1.4

Database Policy Enforcement (DPE)

about, 1.4

and high availability, not supported, 1.2.3

IPv6, traffic blocked, 4.4.1

setting blocking, 1.4

substitute statements, 4.4.5

DB User Sets

Tools menu, 4.4.8

Default Rule

customizing, 4.4.4.4

in relation to other policies, 4.4.4.4

Details tab

using profiles in, 4.4.7.2

viewing cluster groups, 4.3.3.2

digital signature, log data, 1.2.6.1

dispatcher service

security considerations, 2.5.1

display

dividing screen into two, 4.7.4

.dna file, 4.5.2

DPA, 7.2.3.2

DPE

see Database Policy Enforcement

---

E

encrypted traffic, 4.4.3.1

encryption

security guidelines, 2.3.1

enforcement points

dashboard display, 3.3.1

escalation

action not available, what to do when upgrading, 4.4.4.3

event log

about, 1.2.6.2

examples

traffic snapshot, 3.3.1

Exceptions

creating as part of policy, 4.4.4.2

defining sets for, 4.4.8

Exception Groups, 4.4.4.2

order applied, 4.4.4.2

using Exclude in definition, 4.4.4.2

Exclude

in Exception definition, 4.4.4.2

---

F

filtering data

by using profiles, 4.4.7

in Baseline tab, 4.3.7

in policies, 4.3.6

---

G

GLBA, 7.2.3.2

Gramm-Leach-Bliley Act, 7.2.3.2

guidelines

general security, 2.2

---

H

hackers

See security attacks

Health Insurance Portability and Accountability Act, 7.2.3.2

high availability

and DPE mode, 1.2.3

HIPAA, 7.2.3.2

HTML, exporting data as, 4.7.2

---

I

injected SQL

security attacks, 1.2.4

installation

security guidelines, 2.1

IP Address Sets

Tools menu, 4.4.8

IP addresses

using ranges in sets, 4.4.8

IPv6

traffic blocked, 4.4.1

IPv6, traffic blocked, 2.4

---

L

log search results

and scheduling reports, 6.1.5

Progress or percentage complete figure, 6.1.4

selecting which to use for audit reports, 7.2.1.2

log unique policies

about, 4.2.2

enabling, 4.2.2.1

storage of SQL data, 4.2.2

using, 4.6.2

logging

about, 1.2.6

blocking SQL statements, 1.4

compressed, 1.2.6.1

digital signature, 1.2.6.1

location of logging rules, 1.2.6

purpose, 1.2.6

setting level in policy, 4.4.3

targeted, 1.2.6

types available, 1.2.6.2

logging level

defined, 4.4.1

login policies for database users, 4.4.6

logout policies for database users, 4.4.6

long SQL statements, 1.2.2

---

M

Match All Tables

in Novelty Policy rules, 4.4.4.3

Match Any Table

in Novelty Policy rules, 4.4.4.3

Microsoft SQL Server

using server trace file for training Analyzer, 4.2.2

models

about creating, 4.2.1

creating, 4.2

creating from policy file, 4.7.3

difference between model and policy files, 4.5.2

opening existing, 4.2.4

models and policy files

storing setting in model, 1.2.4.1

---

N

Novelty Policy

adding tables to definition, 4.4.4.3

after upgrading to release 5.1, 4.4.4.3

creating, 4.4.4.3

Match All Tables, 4.4.4.3

Match Any Table, 4.4.4.3

matching statement classes only, order of applying, 4.4.4.3

matching statement examples, 4.4.4.3

order applied, 4.4.4.3

setting properties at group level, 4.4.4.3

statement matches multiple, 4.4.4.3

substitute statement, 4.4.4.3

---

O

operational modes

about, 1.2.5

defined, 1.4

Oracle Advanced Security, 4.4.3.1

decrypting in Database Firewall, 4.4.3.1

Oracle Business Intelligence Publisher

adding reports with, 7.3

Oracle Database Firewall

about, 1.2.1

advantages over other firewall products, 1.2.2

architecture, 1.2.3

scanning SQL traffic, 1.2.3

typical deployment, 1.2.3

Oracle Database Firewall Analyzer

See Analyzer

Oracle shared server

security considerations, 2.5.1

OS User Sets

Tools menu, 4.4.8

OS username

security considerations, 2.5.3

---

P

Payment Card Industry (PCI), 7.2.3.2

PCI, 7.2.3.2

pie charts

indicators for new data sets, 4.6.3

indicators in Analysis tab, 4.3.3.1

planning Oracle Database Firewall system, 1.4

policies

action level, setting, 4.4.3

creating a model for, 4.2.1

creating automatically, 4.4.2

creating Exceptions, 4.4.4.2

creating file in Analyzer, 4.5.1

creating model from policy file, 4.7.3

designing, 4.4.1

development process, 4.1.3

exporting as HTML, 4.7.2

filtering

data displayed, 4.3.6

data displayed (profiles), 4.4.7

displayed clusters, 4.3.7

finding cluster properties, 4.4.5

IPv6, traffic blocked, 4.4.1

iterative development cycle, 4.6.1

listing in Administration Console, 4.5.3

logging level, setting, 4.4.3

logins for database users, 4.4.6

logouts for database users, 4.4.6

masking sensitive data, 4.7.1

operational modes, 1.2.5

procedure for automatic creation, 4.4.2

profiles, 4.4.7

refreshing with updated data, 4.6.2

See also Analyzer

supplying training data for, 4.2.2

threat severity, setting, 4.4.3

threat status, 3.3.1

updated data, analyzing, 4.6.3

uploading and deploying, about, 4.5

uploading and enabling in Database Firewall, 4.5.3

viewing general properties of, 4.3.9

policy files

about, 1.2.4

clusters, 1.2.4.2

creating, 1.2.4

difference between policy and model files, 4.5.2

Policy Warning

in Summary tab, 4.3.2.1, 4.4.4.4

profiles

about, 4.4.7

creating, 4.4.7.1

defining sets for, 4.4.8

using in Analysis tab, 4.4.7.2

using in Details tab, 4.4.7.2

viewing data by, 4.3.8

Progress

column, percentage complete in log search results, 6.1.4

properties

of clusters, changing, 4.4.5

Properties tab, 4.3.9

protection level

planning, 1.4

---

Q

Quick Start Dashboard option, 3.3.1

---

R

reports

adding with Oracle Business Intelligence Publisher, 7.3

adding your own, 7.3

audit report descriptions, 7.2.3.1

generating audit and summary, 7.2

menu options, 7.2.1.1

parameters, defining, 7.2.1.2

sample report, 7.2.2

scheduling, 7.4

scheduling and log search results, 6.1.5

Summarize Now button, 7.2.1.2

summary report descriptions, 7.2.3.2

RTF, report template format, 7.3

---

S

sample report, 7.2.2

Sarbanes-Oxley, 7.2.3.2

screen, dividing into two screens, 4.7.4

search results

See log search results

security

and Default Rule block action, 4.4.4.4

and installing, 2.1

client-side context information, 2.5.3

database access handling, 2.4

encryption, 2.3.1

multiple databases on shared listener, 2.5.3

Oracle shared server and dispatchers, 2.5.1

recommendations, 2.2

TCP invited nodes, 2.5.2

security attacks, 1.2.4

blind SQL injection attacks, 1.2.2

external, 1.2.2

internal, 1.2.2

zero-day attacks, 1.2.2

sets

factors used in profiles and exceptions, 4.4.8

procedure for defining, 4.4.8

shared listener

security considerations, 2.5.3

.smdl file, 4.5.2

SOX, 7.2.3.2

SQL

types not captured by Database Firewall, 2.3.2

SQL statements

default rule for anomalies, 4.4.4.4

finding percentage in a cluster, 4.3.3.1

injected SQL, 1.2.4

long, 1.2.2

match more than one Novelty Policy, 4.4.4.3

types, 1.2.2

viewing by

cluster groups, 4.3.3

database columns, 4.3.5

database table, 4.3.4

profile, 4.3.8

stored procedure auditing (SPA)

about, 5.1

approving changes to, 5.2.3

filtering options, 5.2.4

general approval process, 5.2.1

running manual audit, 5.2.2

stored procedures

auditing, 1.3.2.3

substitute statements

in cluster properties, 4.4.5

in Novelty Policy, 4.4.4.3

length restriction, 4.4.4.3, 4.4.4.4, 4.4.5

Summarize Now button, reports, 7.2.1.2

summary reports

descriptions, 7.2.3.2

generating, 7.2

Summarize Now button, 7.2.1.2

Summary tab

creating a policy automatically, 4.4.2

elements of, 4.3.2.1

Policy Warning area, 4.4.4.4

---

T

tables

adding to Novelty Policy definition, 4.4.4.3

TCP invited nodes

security considerations, 2.5.2

template

for reports, 7.3

upload to report, 7.3

threat severity

defined, 4.4.1

indicator, 4.3.3.1

setting level in policy, 4.4.3

threat status, 3.3.1

throughput status, 3.3.1

Timeslices

Tools menu, Timeslices, 4.4.8

Tools menu

Client Program Sets, 4.4.8

DB User Sets, 4.4.8

IP Address Sets, 4.4.8

OS User Sets, 4.4.8

top ten threats, 3.3.1

traffic log

about, 1.2.6.2

for training data, 4.2.2, 4.2.3.1

log search results and scheduled reports, 6.1.5

viewing, 6.2

training data

enabling log unique policies for, 4.2.2.1

from file, defined, 4.2.2

from file, procedure for, 4.2.3.2

from traffic log, 4.2.2, 4.2.3.1

supplying to analyzer, 4.2.2

---

U

Update menu, 4.4.4.3

Update Schema Objects

in Update menu, 4.4.4.3

upgrading

and escalation action in Novelty Policy, 4.4.4.3

and existing Novelty Policies, 4.4.4.3

user role auditing (URA)

about, 5.1

approving changes to, 5.3.3

filtering options, 5.3.4

general approval process, 5.3.1

running manual audit, 5.3.2

---

V

view

dividing screen into two, 4.7.4

---

W

warnings

specifying in cluster properties, 4.4.5

wild cards

in defining sets, 4.4.8

---

X

XLS, report template format, 7.3