2 Managing Secured Targets

Topics

• About Managing Secured Targets

• Viewing and Changing Settings for a Secured Target

• Creating and Modifying Secured Target Groups

• Managing Compliance for Secured Target Databases

• Setting Access Rights for Secured Targets and Groups

About Managing Secured Targets

Secured targets are created by an Oracle AVDF administrator. A secured target is created for each database or other supported audit source for which you want to retrieve audit data, and/or for a database you want to monitor with a database firewall.

As an auditor, you can view data for secured targets to which a super auditor has granted you access.

You can use the Secured Targets tab of the Audit Vault Server console to control the following aspects of the secured targets that you can access:

• View and sort the list of secured targets. See "Working with Lists of Objects in the UI".

• View, change, or access the following for each secured target:

  • Audit trails

  • Enforcement points

  • Firewall policy

  • Audit policy (for Oracle databases only)

  • User entitlements (for Oracle databases only)

  • Stored Procedure Auditing (SPA)

  • Retention policy

• Create or modify secured target groups

• Manage entitlement snapshots and labels

Viewing and Changing Settings for a Secured Target

Topics

• Viewing a List of Audit Trails

• Viewing a List of Enforcement Points

• Selecting a Firewall Policy

• Viewing Audit Policy Settings for Oracle Databases

• Retrieving User Entitlement Data for Oracle Database Secured Targets

• Activating Stored Procedure Auditing

• Setting a Data Retention (Archiving) Policy

Viewing a List of Audit Trails

An Oracle AVDF administrator starts and stops audit trails. As an auditor, you can view lists of audit trails for secured targets you have access to. You can see the trails collected for a single secured target or for all your secured targets:

• Viewing a List of Audit Trails for One Secured Target

• Viewing a List of Audit Trails for All Your Secured Targets

Viewing a List of Audit Trails for One Secured Target

To view audit trails for a secured target:

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. Select a secured target from the list.

   You can adjust the appearance of the list from the Actions menu. See "Working with Lists of Objects in the UI".

3. Click the arrow to expand the Audit Trails section in this secured target.

   Audit trails for this secured target are listed in a table showing the trail, its status, its trail type, and the host from which the trail was collected.

4. Optionally, click the up or down arrow in a column title to sort (ascending or descending) by that column.

Viewing a List of Audit Trails for All Your Secured Targets

To view a list of audit trails for all your secured targets:

1. Log into the Audit Vault Server console as an auditor, and click the Settings tab or the Secured Targets tab.

2. From the Quick Links menu, click Audit Trails.

   Audit trails for all your secured targets are listed in a table showing the trail, its status, the secured target name and type, and the host from which the trail was collected, the trail location and type.

   You can adjust the appearance of the list from the Actions menu. See "Working with Lists of Objects in the UI".

3. Optionally, click a column title to sort by that column.

Viewing a List of Enforcement Points

An Oracle AVDF administrator creates enforcement points for database secured targets monitored by a database firewall. As an auditor, you can see the enforcement points configured for the database secured targets you have access to. You can see the enforcement points for one secured target or for all your secured targets:

• Viewing a List of Enforcement Points for One Database Secured Target

• Viewing a List of Enforcement Points for All Your Secured Target Databases

Viewing a List of Enforcement Points for One Database Secured Target

To list the enforcement points for a database secured target:

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. From the Secured Targets list, select a secured target.

3. Click the arrow to expand the Enforcement Points section in this secured target. This section is not visible if the secured target is not a database.

4. Click the name of the enforcement point to see its details.

Viewing a List of Enforcement Points for All Your Secured Target Databases

To list enforcement points configured for all your database secured targets:

1. Log into the Audit Vault Server console as an auditor, and click the Settings tab or the Secured Targets tab.

2. From the Quick Links menu, click Enforcement Points.

3. Click the name of the enforcement point to see its details.

Selecting a Firewall Policy

If a secured target is a database monitored by a Database Firewall, you can upload or change the firewall policy assigned to the secured target.

To set or change the firewall policy for a database secured target:

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. Select a secured target from the list.

3. Click the arrow to expand the Firewall Policy section in this secured target.

   The firewall policy set for this secured target is listed.

   (The Firewall Policy section is not visible if the secured target is not a database.)

4. To change the firewall policy, click Change, select a different policy from the drop-down list, and then click Save.

   The drop-down list contains preloaded firewall policies as well as those created by auditors.

For detailed information on firewall policies, see "Creating Database Firewall Policies".

Viewing Audit Policy Settings for Oracle Databases

You can view audit policy settings for Oracle databases from the Secured Targets tab.

To view audit settings for Oracle databases from the secured target page:

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. Select a secured target from the list.

3. Click the arrow to expand the Audit Policy section in this secured target. If the secured target is not an Oracle database you will not see an Audit Policy section.

   The Retrieve Audit Settings button allows you to retrieve this Oracle Database's audit settings at this point in time. See "Retrieving Audit Settings from an Oracle Database".

   Audit policies for this secured target are listed in a table showing audit type, number of settings in use and the number needed, and the number of problems flagged. You can click the link for each audit type to go to the Audit Settings page (Policy tab), and from there, modify the settings. See "Specifying Which Audit Settings Are Needed".

For detailed information on audit policies, see "Creating Audit Policies for Oracle Databases".

Retrieving User Entitlement Data for Oracle Database Secured Targets

When you retrieve user entitlement data for an Oracle Database secured target, a snapshot of the data at this point in time is added to the entitlement snapshots retrieved at earlier points in time. From there, you can organize snapshots by assigning them labels, and compare entitlement data from different snapshots or labels. See "Working With Entitlement Snapshots and Labels".

To retrieve entitlement data for a secured target:

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. Select a secured target from the list.

3. Click the arrow to expand the User Entitlements section in this secured target.

   The timestamp of when entitlement data was last retrieved, if any, appears.

4. Click Retrieve User Entitlement Data.

   A confirmation message appears.

You can check the status of entitlement retrieval by clicking Jobs in the Settings tab.

Activating Stored Procedure Auditing

You can audit changes to stored procedures in a secured target in Oracle AVDF reports (see "Stored Procedure Auditing Reports"). In order to see this data for a database secured target, you must activate Stored Procedure Auditing for that secured target.

To activate stored procedure auditing for a secured target:

1. Log in to the Audit Vault Server console as an auditor.

2. Click the Secured Targets tab, and then click the name of the secured target you want.

3. Scroll down and expand the Stored Procedure Auditing section.

4. Select Activate Stored Procedure Auditing.

   
   Description of the illustration ''spa_enable.gif''
   
   

5. Set the following fields:

   • First Run Time: Select the date and time to run stored procedure auditing for this database for the first time.

   • Repeat Every: Select how often to repeat stored procedure auditing for this database.

6. Click Save.

Note:

In order to collect stored procedure changes from a secured target database, your Oracle AVDF administrator must run scripts to set up the correct user privileges on that database. See Oracle Audit Vault and Database Firewall Administrator's Guide for information.

Setting a Data Retention (Archiving) Policy

The data retention policy for a secured target determines how long audit data is retained for that target. An Oracle AVDF administrator creates retention policies, and an auditor selects one of the available policies to assign to a secured target.

If you do not select a retention policy for a secured target, the default retention policy will be used (12 months retention online and 12 months in archives before purging).

A new retention policy takes effect as of the date you select the policy, but does not apply to existing data.

To set a data retention policy for a secured target:

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. Select a secured target from the list.

3. Click the arrow to expand the Retention Policy section in this secured target.

   The current retention policy, if set, is listed.

4. To set or change the retention policy, click Change, and then select from the available retention policies.

5. Click Save.

For information on configuring retention (archiving) policies, see the Oracle Audit Vault and Database Firewall Administrator's Guide.

Creating and Modifying Secured Target Groups

Topics

• About Secured Target Groups

• Creating and Modifying Secured Target Groups

About Secured Target Groups

As a super auditor you can organize secured targets into groups for the purpose of granting auditor access to them as a group instead of individually.

Oracle AVDF provides a set of preconfigured user groups related to compliance categories, for example HIPAA or DPA. You can add secured targets to those groups to generate the specific compliance reports related to those databases.

Creating and Modifying Secured Target Groups

As a super auditor you can create secured target groups in order to grant other administrators access to secured targets as a group rather than individually.

To create a secured target group: 

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. From the Manage menu on the left, click Groups.

   Preconfigured groups are listed in the bottom pane, and user-defined groups are listed in the top pane.

   You can adjust the appearance of the list in the bottom pane from the Actions menu. See "Working with Lists of Objects in the UI".

3. Click Create, and enter a name and optional description for the group.

4. To add secured targets to the group, select the secured targets, and click Add Members.

5. Click Save.

   The new group appears in the top pane of the groups page.

To modify a secured target group: 

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. From the Manage menu on the left, click Groups.

   Preconfigured groups are listed in the bottom pane, and user-defined groups are listed in the top pane.

   You can adjust the appearance of the list in the bottom pane from the Actions menu. See "Working with Lists of Objects in the UI".

3. Click the group name.

4. In the Modify Secured Target Group page, select secured targets you want to add or remove, and then click Add Members or Drop Members.

5. Optionally, you can change the name or description of a user-defined group.

6. Click Save.

Managing Compliance for Secured Target Databases

To ensure that the correct compliance reports are available for secured target databases, you add those secured targets to the appropriate preconfigured group in the Audit Vault Server. For more information on compliance reports, see "Compliance Report Descriptions".

To assign a secured target to a compliance group:

1. Log into the Audit Vault Server console as an auditor, and click the Secured Targets tab.

2. From the Manage menu, click Groups.

   The groups page appears, listing user-defined groups and preconfigured secured target groups.

3. In the Preconfigured Secured Target Groups section, click a compliance group. For example, select HIPAA.

4. In the Modify Secured Target Group page, select the secured target databases to add to this compliance group, and then click Add Members.

5. To remove a secured target database from the compliance group, select the secured target, and then click Drop Members.

6. Click Save.

Setting Access Rights for Secured Targets and Groups

If you have the super auditor role in Oracle AVDF, you can set access rights for secured targets and groups. Only auditors that have been granted access to specific secured targets or groups will be able to see them or data related to them. You can manage access by secured target or group, or by user.

See "Managing User Accounts and Access" for instructions.