Topics
There are two types of auditor accounts in Oracle Audit Vault and Database Firewall:
Super Auditor:
Creates user accounts for super auditors and auditors
Has auditor access to all secured targets and secured target groups
Grants auditor access to secured targets or secured target groups to auditors
Auditor: Has access to specific secured targets or secured target groups granted by a super auditor
Passwords for these accounts need not be unique; however, Oracle recommends that passwords:
Have at least one uppercase alphabetic, one alphabetic, one numeric, and one special character (plus sign, comma, period, or underscore).
Be between 8 and 30 characters long.
Be composed of the following characters:
Lowercase letters: a-z.
Uppercase letters: A-Z.
Digits: 0-9.
Punctuation marks: comma (,), period (.), plus sign (+), colon(:), and underscore (_).
Not be the same as the user name.
Not be an Oracle reserved word.
Not be an obvious word (such as welcome, account, database, and user).
Not contain any repeating characters.
Super auditors can create both super auditor and auditor user accounts.
To create an auditor account in Oracle Audit Vault and Database Firewall:
Topics
Super auditors have access to all secured targets and secured target groups, and can grant access to specific targets and groups to auditors.
You can control access to secured targets or groups in two ways:
Modify a secured target or group to grant or revoke access for one or more users.
Modify a user account to grant or revoke access to one or more secured targets or groups.
You can change an auditor account type from auditor to super auditor, or vice versa. Note that if you change a user's account type from auditor to super auditor, that user will have access to all secured targets and secured target groups.
To change a user account type in Oracle Audit Vault and Database Firewall:
Log in to the Audit Vault Server console as a super auditor.
Click the Settings tab.
The Manage Auditors page appears by default, and displays existing users and the secured targets or groups to which they have access.
Click the name of the user account you want to change.
In the Modify Auditor page, in the Type section, click Change.
In the Type drop-down list, select the new auditor type.
If you changed the type from Super Auditor to Auditor, grant or revoke access to any secured targets or groups as necessary for this user:
Select the secured targets or groups to which you want to grant or revoke access.
Click Grant Access or Revoke Access.
A check mark indicates access granted. An X indicates that access revoked.
Repeat steps a and b if necessary.
Click Save.
When your Oracle Audit Vault and Database Firewall password expires, you will be prompted to create a new one. However, you can change your password at any time.
Changing your own Password
To change your Oracle Audit Vault and Database Firewall password:
Log in to the Audit Vault Server console as an auditor.
Click the Settings tab, and then under Security, click Change Password.
Enter your Current Password, and then enter your New Password twice.
Click Save.
Changing the Password of Another Auditor
If you are a super auditor, you can change the password of an auditor.
To change the password of an auditor:
Log in to the Audit Vault Server console as a super auditor.
Click the Settings tab, and then under Security, click Manage Auditors. (It should be selected by default.)
In the Manage Auditors page, click the name of the auditor.
In the Change Password section, fill the New Password and Re-enter New Password fields.
Click Save.
Topics
You can configure Oracle AVDF alerts to trigger an email when an alert is raised or a report is generated. For example, you can create an alert that is triggered every time a connection is made by an application shared schema account outside of the application (for example, APPS
or SYSADM
). When the user tries to log in, Oracle AVDF sends an email to two administrators warning them about misuse of the application account.
To accomplish this, you must create an email distribution list that defines who will receive the email, and then create an email template that contains a message. You select the template to be used for email notification when you define the alert rule.
An email template enables you to specify the content of an email notification that is triggered by an alert or a report being generated.
To create or modify an email template:
Log in to the Audit Vault Server console as an auditor.
Note:
An auditor can create, modify, and delete email templates that were initially created by the same auditor. This is applicable in case of upgrade to Oracle Audit Vault and Database Firewall 12.2.0.8.0
and later.
Email templates that were created prior to upgrade of Oracle Audit Vault and Database Firewall 12.2.0.8.0
, can be modified or deleted by a super auditor.
Click the Settings tab.
From the Notifications menu on the left, click Email Templates.
The Email Templates page displays a list of existing email templates, which you can modify or delete. Some of these templates are predefined.
Click Create to create a new template, or click the name of an existing template to modify it.
Select the template Type:
Alert: Creates an email template used for alert notifications.
Report Attachment: Creates an email template used for report notifications, and attaches a PDF of the report to the email.
Report Notification: Creates an email template used for report notifications, but does not attach the PDF file of the report.
Enter or select the desired values for Name, Description, and Format of this email template.
Use the available tags on the right as building blocks for the Subject and Body of the email.
The available tags depend on the type of notification. Table 3-1 and Table 3-2 explain the tags in detail.
You can either click the tag name to transfer it to the template, or copy and paste the tag name to appear in either the Subject or Body of the template.
For example, using these tags, you create this template:
For Subject, you enter Report: #AlertName#, #DateCreated#
For Body, you enter The #ReportName# is ready for review at #URL#
.
Then the following email notification may be generated:
Subject: System Privileges Report, May 26, 2015, 3:15:06 PM
Body: The System Privileges Report is ready for review at http://mau.example.com/console/f?p=7700:4:3525486105242281::NO::P4_REPORT_ID:36
If you had selected Alert Notification Template in the earlier step, then in the Event Information section, select the audit events that you want included in the notification.
The Event Information section does not appear if you had selected Report Attached Template or Report Notification Template.
Click Save.
After you create a new template, it is listed in the Notification Templates page. From there, you can modify or delete templates as necessary.
Table 3-1 lists the available tags for alert notification templates.
Table 3-1 Tags Available for Alert Notification Email Templates
Alert Tag Name | Description |
---|---|
|
A special tag that is used as a shortcut to include all the available tags in the email |
|
The ID of the alert |
|
Name of the alert |
|
Time the event causing the alert was created |
|
Severity of the alert (Critical or Warning) |
|
Status of the Alert (for example, New, Open, or Closed) |
|
Description of the alert |
|
URL of the alert |
Table 3-2 lists the available tags for report notification templates.
Table 3-2 Tags Available for Report Attachment or Notification Email Templates
Report Tag Name | Description |
---|---|
|
Name of the report |
|
Date and time the report was generated |
|
Report Category name, such as "Access Reports" |
|
URL link to the report (for Report Notification templates) |
This section contains information to create, modify, and use existing PDF or XLS report templates.
Prerequisites
BI Publisher Desktop is installed on Microsoft Windows host.
User is able to log in to Audit Vault Server through console.
Information pertaining to the AVSYS schema holding audit data is available.
Oracle Audit Vault and Database Firewall provides a default template for Oracle Audit Vault and Database Firewall alerts sent to syslog. If you do not want to use the default template, you can create your own alert syslog templates, and select one to use as a default instead. Using your own template lets you add more information to alert syslog messages.
To create an alert syslog template: