Index

A B C D E F G H I J K L M N O P Q R S T U V W X

Symbols

-HELP command A.14.6
-VERSION command A.14.7

A

access
- remote, security guidelines for 2.1.2
- revoking for secured targets 13.3.4
access rights
- about managing 13.1
- administrator account types 13.1
- controlling by user 13.5.2
- planning 1.7.8
- secured targets. controlling by target or group 13.5.3
accounts
- administrative accounts 13.1
- setting up on secured targets
  - about B.3.1
  - IBM DB2 B.3.6.2
  - Microsoft SQL Server B.3.5.2
  - MySQL B.3.7
  - Oracle Database B.3.2
  - Sybase ASE B.3.3.2
  - Sybase SQL Anywhere B.3.4
ACFS
- See: Oracle ACFS
Actions button 1.8.3
activate, Audit Vault Agent with key 5.2.5
ACTIVATE HOST command A.2.5
Active Directory
- See: Microsoft Active Directory
Adding
- User Content To System Configuration Files I
additional information
- audit collection from Oracle Active Data Guard B.4.1
add target to a group A.6
add target to a target group A.6.1
administrative features 1.4.5
administrators
- access rights 13.1
- roles 1.5
- tasks 1.5
- user account types 13.1
advise on implementation
- Security Technical Implementation Guides (STIG) F
agentctl command
- start/stop 5.3.1.1
- to register Audit Vault Agent as Windows service 5.2.6.2
agent host commands A.2
alerts
- configuring email service for 3.4.1
- forwarding to syslog 3.3.3
ALTER DATA ENCRYPTION command A.9.1
ALTER DISKGROUP command A.10.6
ALTER ENFORCEMENT POINT command A.4.6
ALTER FIREWALL command A.3.9
ALTER HOST command A.2.2
ALTER REMOTE FILESYSTEM command A.11.2
ALTER SAN SERVER command A.10.2
ALTER SECURED TARGET command A.5.2
ALTER SMTP SERVER command A.8.2
ALTER SMTP SERVER DISABLE command A.8.4
ALTER SMTP SERVER ENABLE command A.8.3
ALTER SYSTEM SET command A.12.1
ALTER SYSTEM SMTP SERVER SECURE MODE OFF command A.8.6
ALTER SYSTEM SMTP SERVER SECURE MODE ON command A.8.5
ALTER USER command A.9.9
Applying Static Routing Rules
- Secondary Network Interface card for Audit Vault Server H.6
architecture
- high availability resilient pairs 8.1
Archive data files are required (link) 6.4.3
archiving
- See: Windows File Sharing
- disk space
  - additional for SMB and scp archive data transfer 3.5.2
- expired audit records
  - archive files required 6.4.4
  - how treated 3.5.1
- filesystem
  - additional space for SMB and scp archive data transfer 3.5.2
- NFS filesystem 3.5.2
- policies
  - creating 3.5.3.1
  - described 3.5.1
- port for Windows File Sharing transfer method 3.5.2
- purging data files after retrieving 14.4.2
- retrieving from archives 14.4.2
- security guidelines 2.1.2
- SMB
  - See: Windows File Sharing
- starting an archive job 14.4.1
- transfer method 3.5.2
  - scp 3.5.1
  - SMB 3.5.1, 3.5.2
ArcSight Security Information Event Management (SIEM)
- about 10.1
- deployment procedure 10.2
- enabling interface 10.2
- specifying ArcSight server 10.2
audit data
- date range in memory 14.7.1
- storing in memory on Audit Vault Server 14.7.1
auditing features 1.4.6
AUDITOR and ADMIN commands A.15
audit trails
- Autostart, about 6.4.2
- Autostart parameters, avcli A.12.1
- Autostart status 6.4.3
- cleanup
  - IBM DB2 audit files
  - Microsoft SQL Server audit trail B.5.2
  - Oracle Database B.5.1
- collections, AVCLI command for A.7
- configurations
  - REDO logs, recommended settings C.1
- configuring collection 6.4.1
- dropping a trail A.7.4
- finding list of A.7.3
- IBM DB2
  - about B.2.15
  - prerequisite for starting
- MySQL
  - trail location 6.4.6, A.7.1, A.7.2, B.2.7, B.6.3
  - XML transformation 6.4.6
- planning 1.7.5
- planning configurations 1.7.5
- platform support B.2.15
- purging Oracle Database trail B.5.1
- restart, automatic 6.4.2
- starting and stopping 6.4.2
- starting collection A.7.1
- status
  - Collecting 6.4.3
  - Idle 6.4.3
  - Recovering 6.4.3
  - Stopped 6.4.3
  - Unreachable 6.4.3
- status, checking 6.4.3
- stopping collection A.7.2
- TABLE B.2.15
- types B.2.15
  - location for DIRECTORY type 6.4.1, B.6.3
Audit Vault Agent
- activating 5.2.5
- deactivating 5.3.4
- debug, logging 5.3.2, 14.1.5
- deploying and activating 5.2
- log files location 5.3.2
- logging levels, setting 5.3.2
- OS user account for deployment 5.2.4
- planning deployments 1.7.4
- plug-ins
  - about 5.5.1, B.1
  - deploy and activate procedure 5.5.4
  - undeploying 5.5.5
- removing 5.3.4
- requirements, Java SE 5.2.4
- start in console mode 5.3.1.2
- starting 5.3.1.1
- starting, initial 5.2.5
- stop in console mode 5.3.1.2
- stopping 5.3.1.1, 5.3.4
- timestamps for Oracle Database trail purge process B.5.1.2
- Windows service, autostarting 5.3.1.3
- Windows service, registering 5.2.6.1
- Windows service, unregistering 5.2.6.3
Audit Vault and Database Firewall
- administrative features 1.4.5
- administrator roles 1.5
- administrator tasks 1.5
- auditing features 1.4.6
- configuration workflow 1.6
- documentation, downloading latest 1.1
- IPv6 not supported 2.5
Audit Vault Server
- administrative tasks
  - archiving log disk space, monitoring 14.10
  - changing user passwords 13.6.1
  - flash recovery area 14.11
  - SYSAUX tablespace usage 14.9
- Audit Vault Server
  - reboot upon changing host name 3.3.2.1
- backup/restore 14.6.1
- certificate
  - location 14.1.4.1
  - supplying to Database Firewall 4.5
- certificate renewal 2.8.1
- certificate rotation 2.8.1
- certificate warning, UI 3.2
- changing keyboard layout 14.1.6
- configuration
  - about 3.1
  - initial tasks 3.3
  - network settings 3.3.2.1
- configuring
  - SSH access 3.3.2.2
- detailed diagnostics 14.1.3
- diagnostic checks 14.1.2
- encryption
  - changing keystore password 14.5.3
  - of repository, about 14.5
  - rotating key 14.5.2
- failover 8.2.8
- high availability
  - about 8.2.1
  - failover 8.2.8
  - status 8.2.5
- host name, changing, reboot required 3.3.2.1
- in-memory usage 14.7.5
- IP address
  - changing, reboot required 3.3.2.1
  - supplying to Database Firewall 4.5
- jobs monitoring 14.12
- log files location A.12.1
- logging in to UI 1.8.1
- network configuration 3.3.2.1
- pairing 8.2.1
- planning configuration 1.7.2
- primary server in resilient pair 8.2.4
- public key 14.1.4.2
- reboot
  - upon changing host name 3.3.2.1
- rebooting, powering off 14.1.7
- registering Database Firewall in 3.8
- removing Database Firewall from 14.16.5
- removing secured targets from 6.2.1.4
- restore 14.6.4.1
- SNMP access 3.3.2.2
- status, checking 14.1.1
- syslog destinations, configuring 3.3.3
- testing system operation 3.9
- UI, tabs described 1.8.2
- user accounts, creating in 13.3.2
authentication
- using for host monitor-Database Firewall communication 7.5
Autostart
- audit trail, about 6.4.2
- avcli parameters A.12.1
- status, audit trail 6.4.3
AVCLI commands
- ACTIVATE HOST A.2.5
- ALTER DATA ENCRYPTION A.9.1
- ALTER DISKGROUP A.10.6
- ALTER ENFORCEMENT POINT A.4.6
- ALTER FIREWALL A.3.9
- ALTER HOST A.2.2
- ALTER REMOTE FILESYSTEM A.11.2
- ALTER SAN SERVER A.10.2
- ALTER SECURED TARGET A.5.2
- ALTER SMTP SERVER A.8.2
- ALTER SMTP SERVER DISABLE A.8.4
- ALTER SMTP SERVER ENABLE A.8.3
- ALTER SYSTEM SET A.12.1
- ALTER SYSTEM SMTP SERVER SECURE MODE OFF A.8.6
- ALTER SYSTEM SMTP SERVER SECURE MODE ON A.8.5
- ALTER USER A.9.9
- CLEAR LOG A.14.4
- CONNECT A.14.1
- CREATE ENFORCEMENT POINT A.4.1
- CREATE RESILIENT PAIR A.3.6
- DEACTIVATE HOST A.2.6
- DEPLOY PLUGIN A.13.1
- DOWNLOAD LOG FILE A.12.3
- DROP ENFORCEMENT POINT A.4.2
- DROP FIREWALL A.3.2
- DROP HOST A.2.4
- DROP REMOTE FILESYSTEM A.11.3
- DROP RESILIENT PAIR A.3.8
- DROP SAN SERVER A.10.4
- DROP SECURED TARGET A.5.9
- DROP SMTP SERVER A.8.9
- DROP TRAIL FOR SECURED TARGET A.7.4
- GRANT ACCESS A.9.5
- GRANT ADMIN A.9.7
- GRANT SUPERADMIN A.9.3
- -HELP A.14.6
- LIST ADDRESS FOR SECURED TARGET A.5.4
- LIST ATTRIBUTE FOR SECURED TARGET A.5.7
- LIST ATTRIBUTE OF SMTP SERVER A.8.8
- LIST DISK A.10.5
- LIST DISKGROUP A.10.7
- LIST ENFORCEMENT POINT A.4.3
- LIST EXPORT A.11.4
- LIST FIREWALL A.3.3
- LIST HOST A.2.3
- LIST METRICS A.5.8
- LIST PLUGIN FOR SECURED TARGET TYPE A.13.2
- LIST REMOTE FILESYSTEM A.11.5
- LIST SAN SERVER A.10.8
- LIST SECURED TARGE A.5.5
- LIST SECURED TARGET TYPE A.5.6
- LIST TARGET FOR SAN SERVER A.10.3
- LIST TRAIL FOR SECURED TARGET A.7.3
- POWEROFF FIREWALL A.3.5
- QUIT A.14.8
- REBOOT FIREWALL A.3.4
- REGISTER FIREWALL A.3.1
- REGISTER HOST A.2.1
- REGISTER SAN SERVER A.10.1
- REGISTER SECURED TARGET A.5.1
- REGISTER SMTP SERVER A.8.1
- REVOKE ACCESS A.9.6
- REVOKE ADMIN A.9.8
- REVOKE SUPERADMIN A.9.4
- SHOW CERTIFICATE A.12.2
- SHOW ISCSI INITIATOR DETAILS FOR SERVER A.10.9
- SHOW STATUS FOR FIREWALL A.3.10
- SHOW STATUS OF REMOTE FILESYSTEM A.11.6
- START COLLECTION FOR SECURED TARGET A.7.1
- START ENFORCEMENT POINT A.4.4
- STOP COLLECTION FOR SECURED TARGET A.7.2
- STOP ENFORCEMENT POINT A.4.5
- SWAP RESILIENT PAIR A.3.7
- TEST SMTP SERVER A.8.7
- UNDEPLOY PLUGIN A.13.3
- UPLOAD OR DELETE WALLET FILE A.5.3
- -VERSION A.14.7
AVCLI utility
- about 14.14.1
- downloading 14.14.2
- finding version of 14.14.6
- help information 14.14.6
- invoking 14.14.3
- invoking, with stored credentials 14.14.3.2
- Java_Home environment variable 14.14.2, 14.14.3
- log files location 14.14.5
- logging levels, setting 14.14.5
- running scripts 14.14.4
- stored credentials, using 14.14.3.2

B

Backup/Restore 14.6.1
- about restoring Audit Vault Server 14.6.4.1
- backup up Audit Vault Server 14.6.3.2
- confguring the backup utility 14.6.3.1
- configuring backup utility for restore 14.6.4.3
- high availability configuration 14.6.1
- prerequisites to restore 14.6.4.2
- repository encryption 14.6.1
- required space 14.6.2
- restoring Audit Vault Server 14.6.4.4
- validating the backup 14.6.3.3
Big Data Appliance, as secured target 1.4.4, B.1
BIG-IP ASM (Application Security Manager)
- benefits of integration with Oracle Database Firewall 9.2
- integration with Database Firewall 9.2
blocking
- Database Firewall inline mode, enabling bridge 4.7.3
- DPE mode in enforcement point 6.5.2
- IPv6 traffic 2.5
bridge IP addresses
- in Database Firewall 4.7.3
- subnet restriction for DPE mode 4.7.3

C

CDB, registering secured target 6.2.1.2
certificate
- Audit Vault Server 14.1.4.1
- supplying to Database Firewall 4.5
certificate renewal
- Audit Vault Server 2.8.1
- Database Firewall 2.8.2
certificate warning
- Audit Vault Server, changing UI certificate 3.2
- Database Firewall, changing UI certificate 4.2
change IP address
- Database Firewall 4.6
Changing
- IP Address On A Secondary Network Interface Card H.10
CLEAR LOG command A.14.4
Client IP Addresses, and TCP invited nodes 2.6.2
client program name
- security considerations 2.6.3
client-side security 2.6.3
COLLECTING trail status 6.4.3
collection attributes
- about B.6.2.1
- Active Directory, not required B.6.2.1
- IBM DB2 B.6.2.3
- Linux, not required B.6.2.1
- MySQL B.6.2.4
- Oracle ACFS B.6.2.5
- Oracle Database B.6.2.2
- Solaris, not required B.6.2.1
- SQL Server, not required B.6.2.1
- Sybase ASE, not required B.6.2.1
- Windows, not required B.6.2.1
collection plug-ins
- deploying with AVCLI command A.13.1
- finding list of A.13.2
- undeploying A.13.3
command line utility
- downloading AVCLI 14.14.2
configuration
- audit trails 6.4.1
- Database Firewall
  - about 4.1
- database interrogation 6.7.1.1
- enforcement points 6.5.2
- F5 BIG-IP Application Security Manager (BIG-IP ASM) 9.4.1
- high availability
  - Database Firewall 8.3.1
- secured targets
  - about 6.1
  - registering 6.2.1.1
- understanding workflow 1.6
configuring high availability for Database Firewall in proxy mode
- through client configuration 8.4.1
- through DNS setup 8.4.2
CONNECT command A.14.1
connections, maintaining for database clients 6.5.3
connect strings (for Secured Target Location field) B.6.1
console
- filtering and sorting lists 1.8.3
- reset view 1.8.3
console certificate
- Audit Vault Server 3.2
CREATE ENFORCEMENT POINT command A.4.1
CREATE RESILIENT PAIR command A.3.6
Custom Collector Development 2.6.4

D

DAM mode 8.1
- enforcement point monitoring mode 6.5.2
- with SQL blocking firewall policy 6.5.2
database clients
- connecting through proxy Database Firewall 4.7.4
database connections
- and Database Firewall 2.5
Database Firewall
- adding Database Firewall to Audit Vault Server 3.8
- certificate renewal 2.8.2
- certificate rotation 2.8.2
- certificate warning, UI 4.2
- change IP address 4.6
- configuration 4.1
  - Audit Vault Server certificate and IP address 4.5
  - network services 4.3.2
  - network settings 4.3.1
  - proxy 4.7.4
  - traffic sources 4.7.2
- diagnostics 4.9
- high availability, configuring 8.3.1
- integration with F5 BIG-IP Application Security Manager (BIG-IP ASM) 9.2
  - requirements 9.4.2
- logging in to UI 1.9.1
- network placement 4.7.1
- network services configuration 4.3.2
- network settings, changing 4.3.1
- network traffic, capturing to file 14.16.3
- non-TCP-based connections 2.5
- planning configuration 1.7.3
- ports
  - for external network access D.5
  - for firewall services D.3
  - required to be open D.1
- proxy
  - configuration 4.7.4
  - database client connections 4.7.4
- public key 6.8.3
- removing from Audit Vault Server 14.16.5
- restart, power off 14.16.4
- SNMP access 4.3.2
- SSH access 4.3.2
- status
  - viewing 4.9
- traffic sources, configuring 4.7.2
- Web access 4.3.2
database interrogation B.2.1
- about 6.7.1
- configuring for Microsoft SQL Server databases 6.7.2.1
- configuring for Oracle databases with Network Encryption 6.7.1.2
- configuring for Sybase SQL Anywhere databases 6.7.2.2
- disabling 6.7.4
- enabling 6.7.3
- enforcement point setting 6.5.3
- Sybase SQL Anywhere, installing ODBC driver for Linux 6.7.2.2
database response monitoring
- about 6.9.1
- enabling 6.9.2.1
- enforcement point setting 6.5.3
databases supported 1.4.4
Data Encryption
- starting 14.5.5
data files, purging after retrieve 14.4.2
data retention policies
- about 3.5.1
- creating 3.5.3.1
data security 2.1
date and time
- setting
  - in Audit Vault Server 3.3.1
  - in Database Firewall 4.4
- timestamps in reports 3.3.1
DB2
- See: IBM DB2
DEACTIVATE HOST command A.2.6
debugging
- Audit Vault Agent 5.3.2, 14.1.5
- AVCLI debug log level, setting 14.14.5
- Java framework (Jfwklog) LOGLEVEL A.12.1
- Syslog, generating debug messages 3.3.3
delete target from a group A.6
delete target from a target group A.6.2
deleting hosts 5.6
DEPLOY PLUGIN command A.13.1
developers, downloading SDK 14.15
diagnostic logs
- clearing 14.1.5
- clearing with AVCLI A.14.4
diagnostics
- Audit Vault Server detailed diagnostics 14.1.3
- Audit Vault Server diagnostic checks 14.1.2
- Database Firewall 4.9
DIRECTORY audit trail
- about B.2.15
directory mask
- trail location for DIRECTORY trail type 6.4.1, B.6.3
Disabling
- Secondary Network Interface H.9
disk groups
- about repository 15.5.1
disk space
- additional for SMB and scp archive data transfer 3.5.1
- monitoring archive log space 14.10
dispatcher service, security considerations 2.6.1
DNS servers
- configuring for Database Firewall 4.3.2
documentation, AVDF, downloading latest 1.1
DOWNLOAD LOG FILE command A.12.3
DPE mode
- and spoofing detection rules 6.5.2
- bridge IP addresses 4.7.3
- connections, switching from DAM mode 6.5.3
- enforcement point monitoring mode 6.5.2
- traffic disruption on time synchronization 4.4
DROP ENFORCEMENT POINT command A.4.2
DROP FIREWALL command A.3.2
DROP HOST command A.2.4
DROP REMOTE FILESYSTEM command A.11.3
DROP RESILIENT PAIR command A.3.8
DROP SAN SERVER command A.10.4
DROP SECURED TARGET command A.5.9
DROP SMTP SERVER command A.8.9
DROP TRAIL FOR SECURED TARGET command A.7.4

E

email notifications
- about configuring service 3.4.1
- altering SMTP configuration A.8.2
- configuring (in UI) 3.4.2
- disabling SMTP configuration A.8.4
- enabling SMTP configuration A.8.3
- finding SMTP configuration A.8.8
- registering for A.8.2
- registering SMTP service A.8.1
- removing configuration for secure server A.8.6
- time stamp shown in 3.3.1
- unregistering SMTP service A.8.9
Enable NFS
- Secondary Network Interface Cards H.3
Enable SPA
- Secondary Network Interface Cards For Audit Vault Server H.4
Enabling
- Secondary Network Interface H.1
Enabling Agent To Operate In High Availability Environment
- Secondary Network Interface card for Audit Vault Server H.8
Enabling SSH
- Secondary Network Interface for Audit Vault Server H.5
encryption
- AVCLI commands A.9.1
- Network Encryption 6.8.3
- network encryption, handling 2.4.1
- Oracle Databases, configuration for handling 6.8
- providing public key to encrypted Oracle Database 6.8.3
- security guidelines 2.4.1
- show status, AVCLI command A.9.2
enforcement points
- configuring 6.5.2
- database interrogation setting 6.5.3
- database response setting 6.5.3
- definition 6.5.1
- deleting 6.5.4
- DPE mode and IP spoofing 6.5.2
- Maintain Existing Connections setting 6.5.3
- modifying 6.5.3
- port number used 6.5.6
- starting and stopping 6.5.4
- status 6.5.2
- status, viewing 6.5.5
- status values, defined 6.5.5
Enterprise Manager, Audit Vault and Database Firewall Plug-in for 1.11
entitlement auditing B.2.1
EVENT LOG audit trail B.2.15
Event Repository Encryption 14.5
- wallet 14.5.4
exiting AVCLI A.14.8
expired audit records, archiving 6.4.4
external
- network dependencies 2.3

F

F5 BIG-IP Application Security Manager (BIG-IP ASM)
- about integration 9.2
F5 BIG-IP Application Security Manager (BIG-IP ASM))
- configuration requirements 9.4.1
- configuring with Database Firewall 9.4.2
- creating logging profile 9.4.3
- custom iRule 9.4.4.1
- how integration works 9.3
- iRules syslog messages 9.4.4.1
- policy settings 9.4.3.2
- system requirements for integration 9.1
- transmitting iRule syslog messages 9.4.4.2
F5 BIG-IP Application Security Manager)
- sample iRule 9.4.4
failover
- Audit Vault Server 8.2.8
- disabling/enabling 8.2.9
- manual 8.2.10
filesystem
- additional space for SMB and scp archive data transfer 3.5.1
filtering, lists in Audit Vault Server console 1.8.3
firewall policies, login and logout 6.9.2.2
flash recovery area, monitoring in Audit Vault Server 14.11
formatting, lists in Audit Vault Server console 1.8.3

G

GRANT ACCESS command A.9.5
GRANT ADMIN command A.9.7
granting access privileges A.9.5
granting ADMIN privileges A.9.7
granting super admin privileges A.9.3
GRANT SUPERADMIN command A.9.3
groups
- access rights
  - controlling by group 13.5.3
  - controlling by user 13.5.2
- creating secured target groups 6.2.2
guidelines, general security 2.2

H

help information about AVCLI A.14.6
high availability
- about resilient pairs 8.1
- backup and restore impact on 14.6.1
- backup encryption 14.6.1
- for Audit Vault Server 8.2
- for Database Firewall 8.3.1
- peer system IP/certificate 8.2.5
- SAN repository 15.5.1
- status, checking 8.2.5
host monitor
- enforcement point for 7.2.6
host monitor requirements 7.2.1
host monitors
- about 7.1
- authentication, using 7.5
- checking status of 7.3.5
- deploying on Unix 7.2.4
- deploying on Windows 7.2.3
- installing 7.2
- uninstalling (Unix hosts only) 7.3.6
- updating, Linux only 7.4
hosts
- AVCLI commands used for A.2
- AVCLI User Commands A.15
- changing names 5.1.3
- deleting from Audit Vault Server 5.6
- registering
  - procedure 5.1.2
- registering, about 5.1.1
hybrid cloud
- deployment 12.1
- pre-requisites 12.1
hybrid cloud, deployment 12.1

I

IBM DB2
- audit trail location B.2.6
- collection attributes B.6.2.3
- converting binary audit files to ASCII format
- starting audit trail, prerequisite ASCII conversion 6.4.1
- supported versions B.2.1
- user account script B.3.6.2
IDLE trail status 6.4.3
initialization parameters
- REDO log
  - audit secured target release 10.2 C.3, C.4
  - audit secured target release 11.2 C.2
In-Memory usage
- monitoring 14.7.5
installation, security guidelines 2.1
integrations
- with ArcSight SIEM 10.1
- with F5 BIG-IP Application Security Manager (BIG-IP ASM) 9.2
- with Oracle Audit Vault and Database Firewall, about 1.4.7
Interface Masters Niagara Server adapter card 4.8
IP addresses
- and spoofing detection in DPE mode 6.5.2
- Audit Vault Server
  - changing, reboot required 3.3.2.1
- subnet restrictions for proxy interface 4.7.4
IP Address On A Secondary Network Interface Card
- change H.10
IPv6
- connections not supported 2.5
- traffic blocked 2.5
iRule syslog messages
- BIG-IP ASM command 9.4.4.2

J

Java framework, logging levels, debugging A.12.1
Java SE, Audit Vault Agent requires 5.2.4
jobs, monitoring 14.12

K

key, for activating agent 5.2.5
keyboards
- changing layout 14.1.6
- settings 3.3.1
keystore password, changing 14.5.3

L

link properties
- network setting
  - in Audit Vault Server 3.3.2.1
  - in Database Firewall 4.3.1
Linux
- audit trail location B.2.9, B.2.10
- user/group access required for audit trail B.2.9, B.2.10
LIST ADDRESS FOR SECURED TARGET command A.5.4
LIST ATTRIBUTE FOR SECURED TARGET command A.5.7
LIST ATTRIBUTE OF SMTP SERVER command A.8.8
LIST DISK command A.10.5
LIST DISKGROUP command A.10.7
LIST ENFORCEMENT POINT command A.4.3
LIST EXPORT command A.11.4
LIST FIREWALL command A.3.3
LIST HOST command A.2.3
LIST METRICS command A.5.8
LIST PLUGIN FOR SECURED TARGET TYPE command A.13.2
LIST REMOTE FILESYSTEM command A.11.5
lists, finding objects in Audit Vault Server console 1.8.3
LIST SAN SERVER command A.10.8
LIST SECURED TARGET command A.5.5
LIST SECURED TARGET TYPE command A.5.6
LIST TARGET FOR SAN SERVER command A.10.3
LIST TRAIL FOR SECURED TARGET command A.7.3
locked user accounts
- unlocking 13.3.5
log files
- Audit Vault Agent, location 5.3.2
- AVCLI, location 14.14.5
- clearing 14.1.5
- Java framework, location A.12.1
- system, location A.12.1
- traffic logs, collected 8.1
logging in
- to Database Firewall 1.9.1
logging levels
- Audit Vault Agent, setting 5.3.2
- Java framework A.12.1
- setting, changing for all components 14.1.5
- specifying for AVCLI utility 14.14.5
log in
- to Audit Vault Server 1.8.1
login/logout policies 6.9.2.2

M

MAC addresses, spoofing detection and DPE mode 6.5.2
Maintain Existing Connections enforcement point setting 6.5.3
Maintenance Job
- Scheduling 14.13
Management Interfaces For Audit Vault Server
- features H.11
messages
- Audit Vault E.1
- Database Firewall E.2
metrics of secured targets A.5.8
Micro Focus Security ArcSight Security Information Event Management (SIEM)
- defined 1.4.7
Microsoft Active Directory
- audit trail location B.2.12
- supported versions B.2.1
Microsoft SQL Server
- audit trail location B.2.3
- database interrogation
  - configuring 6.7.1.1
- registering B.5.2
- trace files, preventing from being deleted by accident B.5.2
- user account script B.3.5.2
Microsoft Windows
- audit trail location B.2.11
- file sharing
  - archiving transfer, recommended port 3.5.2
- host monitors, deploying on 7.2.3
- secured target user, administrative permissions 6.3.3
- services, registering AV Agent as 5.2.6.2
- supported versions B.2.1
monitoring
- Audit Vault Server detailed diagnostics 14.1.3
- Audit Vault Server diagnostic checks 14.1.2
- Database Firewall diagnostics 4.9
monitoring mode
- and SQL blocking 6.5.2
- enforcement point setting 6.5.2
Months Archived field 3.5.3.1
Months Online field 3.5.3.1
Multiple
- Network Interface Cards H
Multiple Network Interface Cards H
MySQL
- adding audit trail, prerequisite XML conversion 6.4.1
- collection attributes B.6.2.4
- supported versions B.2.1
- trail location 6.4.6, A.7.1, A.7.2, B.2.7, B.6.3
- user account script B.3.7
- XML transformation utility 6.4.6

N

NETWORK audit trail B.2.15
Network Encryption
- configuring database interrogation to handle 6.8
- decrypting in Database Firewall 6.7.1.2
- native encryption required 6.8.3
- providing public key to encrypted Oracle Database 6.8.3
network mask, Database Firewall network settings 4.3.1
network services
- configuring for Database Firewall 4.3.2
network traffic, capturing to file in Database Firewall 14.16.3
NFS filesystem
- archiving transfer method 3.5.2
- AVCLI commands
  - REGISTER REMOTE FILESYSTEM A.11.1
- registering with the Audit Vault Server A.11.1
- REGISTER REMOTE FILESYSTEM command A.11.1
non-SQL protocol access 2.5
non-TCP-based connections, and Database Firewall 2.5

O

ODBC driver
- required for SQL Anywhere database interrogation 6.7.2.2
opening port
- DBCS 12.2
operating systems supported 1.4.4
Oracle ACFS
- audit trail location B.2.13, B.2.14
- collection attributes B.6.2.5
- supported versions B.2.1
Oracle Advanced Security
- See: Network Encryption
Oracle database
- decrypting Network Encryption traffic 6.7.1.2
- enabling auditing 6.3.2
Oracle Database
- 12c, PDB/CDB and secured targets 6.2.1.2
- audit trail location B.2.2
- collection attributes B.6.2.2
- decrypting Network Encryption traffic 6.7.1.2
- In-Memory
  - about 14.7.1
  - disabling 14.7.4
  - enabling 14.7.2
- purging audit trails B.5.1
- REDO logs, audit data collection reference C.1
- supported versions B.2.1
- user account script B.3.2
- using Network Encryption, configuration for handling 6.8
Oracle RAC
- secured target location, registering 6.2.1.2
Oracle shared server, security considerations 2.6.1
OS username, security considerations 2.6.3

P

passwords
- changing for Audit Vault Server administrator 13.6.2
- changing for Database Firewall administrator 13.6.3
- expiry dates 13.3.3
- requirements 13.6.1
PDB, registering secured target 6.2.1.2
peer system IP/certificate, high availability 8.2.5
platforms supported 1.3, B.2
- for audit trail types B.2.15
- latest matrix 5.2.4
plug-ins
- about 5.5.1, B.1
- deploy and activate procedure 5.5.4
- enabling auditing 5.5.2
- SDK for developing 14.15
- un-deploying 5.5.5
policies
- archiving 3.5.1
- login and logout policies 6.9.2.2
ports
- See: Secure Copy
- archiving
  - defining archiving locations 3.5.2
  - transfer method
    - scp 3.5.2
- enforcement point, finding 6.5.6
- for Audit Vault Server external network access D.4
- for Audit Vault Server services D.2
- for Database Firewall external network access D.5
- for internal TCP communication D.6
- recommended for archiving using Windows file sharing transfer 3.5.2
- required for Database Firewall deployment D.1
- scp
  - See: Secure Copy
- Secure Copy
  - archive datafile transfer 3.5.2
- used by AVDF D
power off
- Audit Vault Server 14.1.7
- Database Firewall 14.16.4
POWEROFF FIREWALL command A.3.5
proxy
- and database client connections 4.7.4
- configuring Database Firewall as 4.7.4
- IP address, subnet restrictions 4.7.4
public key
- Audit Vault Server 14.1.4.2
- Database Firewall 6.8.3
- providing to encrypted Oracle Database 6.8.3
purging audit trails
- IBM DB2 audit files
- Oracle Database B.5.1
- source database in Audit Vault environment B.5.1.2

Q

QUIT command A.14.8
quitting AVCLI A.14.8
quotation marks
- invalid in user names 6.3.3, 13.3.1

R

reboot
- Audit Vault Server 14.1.7
REBOOT FIREWALL command A.3.4
RECOVERING trail status 6.4.3
REDO logs
- audit data collection reference C.1
REGISTER FIREWALL command A.3.1
REGISTER HOST command A.2.1
registering
- hosts
  - procedure 5.1.2
REGISTER SAN SERVER command A.10.1
REGISTER SECURED TARGET command A.5.1
REGISTER SMTP SERVER command A.8.1
remote access, security guidelines 2.1.2
remote monitors
- See: host monitors
reports
- direct database interrogation 6.7.1.1
- host monitoring 7.1
- time stamp shown in PDF/XLS 3.3.1
repository
- about disk groups 15.5.1
- adding SAN disks 15.5.2
- dropping SAN disks 15.5.3
- dropping SAN servers 15.3.2
- high availability environment 15.5.1
- registering SAN servers 15.3.1
- Repository Page described 15.5.1
requirements
- Audit Vault Agent, Java SE 5.2.4
- host monitor 7.2.1
reset console view 1.8.3
resilient pairs
- about 8.1
- of Audit Vault Servers 8.2.1
restart
- Database Firewall 14.16.4
restore, Audit Vault Server 14.6.4.1
retrieving, from archives 14.4.2
REVOKE ACCESS command A.9.6
REVOKE ADMIN command A.9.8
REVOKE SUPERADMIN command A.9.4
revoking
- access privileges 13.3.4, A.9.6
- ADMIN privileges A.9.8
- super admin privileges A.9.4

S

SAN disks
- adding to repository 15.5.2
- dropping from repository 15.5.3
SAN servers
- discovering targets on 15.4.2
- dropping 15.3.2
- logging in to targets 15.4.2
- logging out of targets 15.4.3
- registering 15.3.1
SAN storage
- iSCSI initiator name, configuring 15.2
Scheduling
- Maintenance Job 14.13
Scheduling Maintenance Job 14.13
scp
- See: Secure Copy
scripts
- account privileges on secured targets
  - about B.3.1
  - IBM DB2 B.3.6.2
  - Microsoft SQL Server B.3.5.2
  - MySQL B.3.7
  - Oracle Database B.3.2
  - Sybase ASE B.3.3.2
  - Sybase SQL Anywhere B.3.4
- running AVCLI scripts 14.14.4
SDK, downloading for plug-in development 14.15
Secondary Network Interface
- Applying Static Routing Rules H.6
- disable H.9
- enable H.1
- Enable SSH H.5
- Enabling Agent To Operate In High Availability Environment H.8
Secondary Network Interface Card
- Enable Agent Connectivity H.7
Secondary Network Interface Card for Audit Vault Server H.7
Secondary Network Interface Cards H.3, H.4
Secondary Network Interfaces For Audit Vault Server
- features H.11
Secure Copy
- archive datafile transfer 3.5.1
Secured Target Location field 6.2.1.2, B.6.1
secured targets
- about configuring 6.1
- access rights
  - controlling by secured target or group 13.5.3
  - controlling by user 13.5.2
- altering A.5.2
- attributes
  - listing with AVCLI A.5.7
- Big Data Appliance 1.4.4, B.1
- collection attributes
  - about B.6.2.1
  - Active Directory, not required B.6.2.1
  - IBM DB2 B.6.2.3
  - Linux, not required B.6.2.1
  - MySQL B.6.2.4
  - Oracle ACFS B.6.2.5
  - Oracle Database B.6.2.2
  - Solaris, not required B.6.2.1
  - SQL Server, not required B.6.2.1
  - Sybase ASE, not required B.6.2.1
  - Windows, not required B.6.2.1
- commands used for A.5
- configuring TCPS/SSL connections 6.10
- defined 1.4.4
- dropping A.5.9
- finding attributes A.5.7
- finding metrics A.5.8
- groups, creating 6.2.2
- hosts, registering 5.1.1
- listing address A.5.4
- Microsoft Windows, administrative permissions 6.3.3
- name change, and reports 6.2.1.3
- nondatabase sources, about 1.4.4
- Oracle 12c PDB/CDB 6.2.1.2
- planning audit trail configuration 1.7.5
- registering 6.2.1.1, A.5.1
- removing from Audit Vault Server
  - about 6.2.1.4
- service name 6.2.1.2
- SID 6.2.1.2
- SPA (stored procedure auditing)
  - configuring 6.6
- supported types 1.4.4
- upload or delete A.5.3
Secure Sockets Layer (SSL)
- SMTP configuration A.8.5
security
- and installing 2.1
- Audit Vault and Database Firewall account guidelines 13.3.1
- client-side context information 2.6.3
- Custom Collector Development 2.6.4
- database access handling 2.5
- encryption 2.4.1
- general recommendations 2.2
- guidelines 2.1
- multiple databases on shared listener 2.6.3
- Oracle shared server configuration 2.6.1
- recommendations 2.2
- TCP invited nodes 2.6.2
Security Technical Implementation Guides (STIG)-based advise on implementation F
Security Technical Implementation Guides (STIG)user account rules 13.2
Service Name field 6.2.1.2, A.5.2
settings, keyboard 3.3.1
shared listener, security considerations 2.6.3
SHOW CERTIFICATE command A.12.2
SHOW ISCSI INITIATOR DETAILS FOR SERVER command A.10.9
SHOW STATUS FOR FIREWALL command A.3.10
SHOW STATUS OF REMOTE FILESYSTEM command A.11.6
SID 6.2.1.2
SID field 6.2.1.2, A.5.2
SMB
- See: Windows File Sharing
SMTP
- configuring connection (UI) 3.4.1
- enabling (AVCLI) A.8.3
SNMP access
- Audit Vault Server
  - configuring
    - services 3.3.2.2
    - Web access 3.3.2.2
- configuring for Audit Vault Server 3.3.2.2
- configuring for Database Firewall 4.3.2
- DNS servers
  - configuring for Audit Vault Server 3.3.2.2
- network services
  - configuring for Audit Vault Server 3.3.2.2
- system services
  - configuring for Audit Vault Server 3.3.2.2
- Web access
  - configuring for Audit Vault Server 3.3.2.2
Solaris
- audit trail location B.2.8
- audit trail location format B.2.8, B.6.3
- audit trail location format (avcli) A.7.1
- supported versions B.2.1
sorting lists in Audit Vault Server console 1.8.3
SPA, configuring 6.6
spoofing detection
- MAC and IP address, and DPE mode 6.5.2
SQL, types not captured by Database Firewall 2.4.2
SQL*Net
- and Sybase ASE, required on Agent host 5.2.4
SQL Anywhere
- See: Sybase SQL Anywhere
SQL Server
- See: Microsoft SQL Server
SSH access
- configuring for Audit Vault Server 3.3.2.2
- configuring for Database Firewall 4.3.2
SSL connections
- configuring secured targets for 6.10
START COLLECTION FOR SECURED TARGET command A.7.1
Start data encryption
- process 14.5.5
START ENFORCEMENT POINT command A.4.4
status
- audit trails, checking 6.4.3
- Audit Vault Server
  - checking 14.1.1
- Database Firewall, viewing for 4.9
- high availability 8.2.5
- host monitor, checking 7.3.5
- jobs in Audit Vault Server 14.12
STOP COLLECTION FOR SECURED TARGET command A.7.2
STOP ENFORCEMENT POINT command A.4.5
STOPPED trail status 6.4.3
stored credentials
- AVCLI, configuring 14.14.3.2
stored procedure auditing B.2.1
- configuring 6.6
stored procedure auditing (SPA)
- configuring 6.6
subnet
- bridge IP address restriction 4.7.3
- Database Firewall network settings, default gateway 4.3.1
- Database Firewall network settings, network mask 4.3.1
- for proxy IP address 4.7.4
- ports
  - proxy 4.7.4
- proxy
  - port numbers 4.7.4
- system settings, default gateway 3.3.2.1
- system settings, network mask 3.3.2.1
sudo access configuration 13.4.1
super administrators
- access rights 13.1
- defined 1.5
supported operating systems 1.4.4
supported platforms 1.3, B.2
- for audit trail types B.2.15
- latest matrix 5.2.4
supported secured targets 1.4.4
Suspended, enforcement point status 6.5.5
SWAP RESILIENT PAIR command A.3.7
Sybase ASE
- audit trail location B.2.4
- SQL*Net on Agent host, requirement 5.2.4
- supported versions B.2.1
- user account script B.3.3.2
Sybase SQL Anywhere
- audit trail location B.2.5
- database interrogation
  - configuring 6.7.1.1
  - ODBC driver required 6.7.2.2
- supported versions B.2.1
- user account script B.3.4
synchronizing time
- traffic disruption in DPE mode 4.4
SYSAUX tablespace
- monitoring in Audit Vault Server 14.9
syslog
- Audit Vault and Database Firewall alert forwarding, format 3.3.3
- debug messages, generating 3.3.3
- forward to destinations, configuring 3.3.3
- IP addresses for forwarding 3.3.3
SYSLOG audit trail B.2.15
syslog files B.2.15
system configuration
- understanding workflow 1.6
- workflow
  - with Audit Vault Agent 1.6.1
  - with Database Firewall 1.6.2
system services
- configuring for Database Firewall 4.3.2

T

TABLE audit trail B.2.15
tabs, UI, described 1.8.2
target group A.6
target group AVCLI commands
- ADD TARGET A.6.1
- DELETE TARGET A.6.2
TCP invited nodes, security considerations 2.6.2
TCPS/SSL connections
- configuring secured targets for 6.10
testing, Audit Vault Server operation 3.9
TEST SMTP SERVER command A.8.7
third-party products used with Oracle Audit Vault and Database Firewall 1.4.7
timestamps, and Audit Vault Server date and time 3.3.1
time synchronization, traffic disruption in DPE mode 4.4
Time Zone Offset field 3.3.1
trace files, Microsoft SQL Server, preventing deletion B.5.2
traffic disruptions, and time synchronization in DPE mode 4.4
traffic log files, collected 8.1
traffic sources
- changing in enforcement point 6.5.3
- Database Firewall, configuring in 4.7.2
Trail Location field
- directory mask for DIRECTORY trail type 6.4.1, B.6.3
trail locations
- supported per secured target B.6.3
TRANSACTION LOG
- audit trail, about B.2.15
- recommended settings reference C.1
transfer method, archiving 3.5.2
Transport Layer Security (TLS)
- SMTP configuration A.8.5
troubleshooting
- Agent activation error using avcli G.5
- Agent cannot connect to Audit Vault Server G.7
- Audit Vault Agent
  - access denied while installing as Windows service G.11
  - error on startup G.13
  - java -jar agent.jar failed G.8
  - unable to start through services applet G.12
  - unable to uninstall Windows service G.10
- avcli agent activation error G.5
- cannot collect Oracle Database trail G.7
- Database Firewall, partial traffic only G.3
- Host Monitor, setup error G.14
- host monitor fails G.7
- Oracle Database alerts not triggered G.15
- RPM upgrade failed G.4

U

UI
- Audit Vault Server, tabs described 1.8.2
UI certificates
- Audit Vault Server, changing 3.2
- Database Firewall, changing 4.2
UIDatabase Firewall, about UIDatabase Firewall, about 1.9.2
UNDEPLOY PLUGIN command A.13.3
Unix
- deploying host monitor on 7.2.4
unlock user account 13.3.5, A.9.9
Unreachable, enforcement point status 6.5.5
UNREACHABLE trail status 6.4.3
Update Certificate button
- certificate
  - fetching from upgraded firewall 14.16.6
  - Validation Failed 14.16.6
- Database Firewall
  - certificate validation failed 14.16.6
updating
- host monitors, Linux only 7.4
upload or delete wallet file command A.5.3
user accounts
- about managing 13.1
- Audit Vault Agent deployment, OS user 5.2.4
- changing type 13.3.4
- creating 13.3.2
- deleting 13.3.6
- planning 1.7.8
- status and password expiry 13.3.3
- sudo access, configuring 13.4.1
- unlock 13.3.5
- unlock (AVCLI) A.9.9
User Content To System Configuration Files
- add I
users
- logging in to the Audit Vault Server console 1.8.1
- user names with quotes invalid 6.3.3, 13.3.1

V

version number of AVCLI, finding A.14.7

W

wallet
- event repository encryption, backing up 14.5.4
Web access
- configuring for Database Firewall 4.3.2
Web Application Firewall (WAF)
- defined 1.4.7
- reports in F5 BIG-IP Application Security Manager (BIG-IP ASM) 9.5
Windows
- See: Microsoft Windows
Windows Event Log, and DIRECTORY audit trail B.2.15
Windows File Sharing
- archive datafile transfer 3.5.1, 3.5.2
Windows service
- Audit Vault Agent, registering as 5.2.6.1
- Audit Vault Agent, unregistering as 5.2.6.3

X

XML files, and DIRECTORY audit trail B.2.15