Go to main content
1/32
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Quick Reference for Common Tasks
About this Quick Reference
Secured Targets
User Accounts and Access Rights
Email Notifications
Status and Job Monitoring
Audit Policies (for Oracle Databases)
Firewall Policies
Creating, Copying, and Editing Firewall Policies
Defining a Firewall Policy
Publishing and Deploying a Firewall Policy
Reports
Entitlements
Alerts
Changes In This Document
Revision History
1
Introducing Oracle Audit Vault and Database Firewall
1.1
Downloading the Latest Version of This Manual
1.2
Learning About Oracle AVDF
1.3
The Auditor's Role
1.4
Understanding Secured Targets
1.5
Understanding Firewall Policies
1.6
Understanding Audit Policies and Audit Data Collection
1.6.1
Requirements for Collecting Audit Data from Secured Targets
1.6.1.1
Requirements for Oracle Database
1.6.1.1.1
Ensuring That Auditing Is Enabled in the Secured Target Database
1.6.1.1.2
Using Recommended Audit Settings in the Secured Target Database
1.6.1.2
Requirements for SQL Server, Sybase ASE, and IBM DB2 Databases
1.7
Configuring Alerts and Notifications
1.8
Generating Reports
1.9
Creating Users and Managing Access
1.10
Logging in and Understanding the Audit Vault Server Console UI
1.10.1
Logging in to the Audit Vault Server Console
1.10.2
Understanding the Tabs in the Audit Vault Server Console UI
1.10.3
Working with Lists of Objects in the UI
2
Managing Secured Targets
2.1
About Managing Secured Targets
2.2
Viewing and Changing Settings for a Secured Target
2.2.1
Viewing Audit Policy Settings for Oracle Databases
2.2.2
Retrieving User Entitlement Data for Oracle Database Secured Targets
2.2.3
Activating Stored Procedure Auditing
2.2.4
Viewing a List of Audit Trails
2.2.4.1
Viewing a List of Audit Trails for One Secured Target
2.2.4.2
Viewing a List of Audit Trails for All Your Secured Targets
2.2.5
Selecting a Firewall Policy
2.2.6
Viewing a List of Enforcement Points
2.2.6.1
Viewing a List of Enforcement Points for One Database Secured Target
2.2.6.2
Viewing a List of Enforcement Points for All Your Secured Target Databases
2.2.7
Setting a Data Retention (Archiving) Policy
2.3
Creating and Modifying Secured Target Groups
2.3.1
About Secured Target Groups
2.3.2
Creating and Modifying Secured Target Groups
2.4
Managing Compliance for Secured Target Databases
2.5
Setting Access Rights for Secured Targets and Groups
3
Managing Access and Other Settings
3.1
Managing User Accounts and Access
3.1.1
About Oracle Audit Vault and Database Firewall Auditor Accounts and Passwords
3.1.2
Creating Auditor Accounts
3.1.3
Viewing the Status of Auditor User Accounts
3.1.4
Managing User Access to Secured Targets or Groups
3.1.4.1
About Managing User Access
3.1.4.2
Controlling Access by User
3.1.4.3
Controlling Access by Secured Target or Group
3.1.5
Changing a User Account Type
3.1.6
Unlocking a User Account
3.1.7
Deleting an Auditor Account
3.1.8
Changing the Auditor Password
3.2
Creating Templates and Distribution Lists for Email Notifications
3.2.1
About Email Notifications and Templates
3.2.2
Creating or Modifying an Email Distribution List
3.2.3
Creating or Modifying an Email Template
3.3
Creating Non-Interactive Report Templates
3.3.1
Creating Non-Interactive Report Template
3.3.2
Modifying Non-Interactive Report Template
3.3.3
Generating XML Data File Using SPOOL Command
3.3.4
Generating Reports Using RTF And XML Sample Templates
3.4
Creating Alert Syslog Templates
3.5
Viewing Enforcement Point and Audit Trail Status
3.5.1
Viewing Enforcement Point Status
3.5.2
Viewing Audit Trail Status
3.6
Monitoring Jobs
4
Creating Audit Policies for Oracle Databases
4.1
About Audit Policies
4.1.1
General Steps for Creating Audit Policies for Oracle Databases
4.2
Retrieving and Modifying Audit Settings from an Oracle Database
4.2.1
Understanding the Columns on the Audit Settings Page
4.2.2
Retrieving Audit Settings from Multiple Oracle Databases
4.2.3
Scheduling Retrieval of Audit Settings for a Single Oracle Database
4.2.4
Specifying Which Audit Settings Are Needed
4.3
Creating Additional Audit Policy Settings for an Oracle Database
4.3.1
About Creating Audit Policy Settings
4.3.2
Creating Audit Policies for SQL Statements
4.3.2.1
About SQL Statement Auditing
4.3.2.2
Defining SQL Statement Audit Settings
4.3.2.3
Understanding the Statement Audit Settings Page
4.3.3
Creating Audit Policies for Schema Objects
4.3.3.1
About Schema Object Auditing
4.3.3.2
Defining Schema Object Audit Settings
4.3.3.3
Understanding the Object Audit Settings Page
4.3.4
Creating Audit Policies for Privileges
4.3.4.1
About Privilege Auditing
4.3.4.2
Defining Privilege Audit Settings
4.3.4.3
Understanding the Privilege Audit Settings Page
4.3.5
Creating Audit Policies for Fine-Grained Auditing (FGA)
4.3.5.1
About Fine-Grained Auditing
4.3.5.1.1
Auditing Specific Columns and Rows
4.3.5.1.2
Using Event Handlers in Fine-Grained Auditing
4.3.5.2
Defining Fine-Grained Audit Settings
4.3.5.3
Understanding the Fine-Grained Audit Settings Page
4.3.6
Creating Capture Rules for Redo Log File Auditing
4.3.6.1
About Capture Rules Redo Log File Auditing
4.3.6.2
Defining a Capture Rule for Redo Log File Auditing
4.3.6.3
Understanding the Capture Rule Settings Page
4.4
Provisioning Audit Policies to an Oracle Database
4.4.1
Exporting Audit Settings to a SQL Script
4.4.2
Provisioning the Audit Settings from the Audit Vault Server
5
Creating Database Firewall Policies
5.1
Overview of Database Firewall Policies
5.1.1
About Firewall Policies
5.1.2
The Steps of Developing a Database Firewall Policy
5.2
Creating a Database Firewall Policy
5.2.1
Creating a New Database Firewall Policy
5.2.2
Copying a Database Firewall Policy
5.2.3
Editing a Database Firewall Policy
5.2.4
Understanding a Database Firewall Policy's Overview Page
5.3
Defining a Database Firewall Policy
5.3.1
About Defining the Policy
5.3.2
Defining Session Filters to Use in Profiles and Exceptions
5.3.3
Creating an Exception
5.3.3.1
About Exception
5.3.3.2
Creating Exceptions
5.3.3.3
The Order of Applying Exceptions
5.3.4
Defining Policy Rules for Analyzed SQL
5.3.4.1
About Analyzed SQL
5.3.4.2
Defining Policy Rules for Analyzed SQL
5.3.4.3
Analyzing SQL Encrypted with Oracle Network Encryption
5.3.5
Creating a Novelty Policy
5.3.5.1
About Novelty Policies
5.3.5.2
Creating Novelty Policies
5.3.5.3
The Order of Applying Novelty Policies
5.3.5.4
Novelty Policy Examples
5.3.6
Defining a Default Rule
5.3.6.1
About the Default Rule
5.3.6.2
Default Rule Settings in Relation to Other Policies
5.3.6.3
Defining the Default Rule
5.3.7
Blocking SQL and Creating Substitute Statements
5.3.8
Configuring Other Policy Settings
5.3.8.1
Creating Login and Logout Policies for Database Users
5.3.8.2
Masking Data
5.3.8.3
Setting a Policy for Invalid SQL
5.3.8.4
Configuring Global Database Firewall Policy Settings
5.4
Using Profiles to Customize a Database Firewall Policy
5.4.1
About Profiles
5.4.2
Creating a Profile
5.5
Publishing and Deploying Firewall Policies
5.5.1
About Publishing and Using Firewall Policies
5.5.2
Publishing a Database Firewall Policy
5.5.3
Deploying Firewall Policies to Secured Targets
6
Reports
6.1
About the Reports in Audit Vault and Database Firewall
6.1.1
Related Event Data Appendices
6.2
Browsing the Built-In Reports
6.3
Downloading a Report in HTML or CSV Format
6.4
Customizing the Built-in Reports
6.4.1
About Customizing Built-in Reports
6.4.2
Filtering and Controlling the Display of Data in a Report
6.4.2.1
About Filtering and Display Settings in Reports
6.4.2.2
Filtering Data in a Report
6.4.2.2.1
About Filtering Data in Reports
6.4.2.2.2
Filtering Column and Row Data Using the Search Bar
6.4.2.2.3
Filtering All Rows Based on Data from a Selected Column
6.4.2.2.4
Filtering Row Data Using an Expression
6.4.2.3
Hiding or Showing Columns in a Report
6.4.2.4
Formatting Data in a Report
6.4.2.4.1
Sorting Row Data for All Columns
6.4.2.4.2
Highlighting Rows in a Report
6.4.2.4.3
Charting Data in a Report
6.4.2.4.4
Adding Control Breaks to a Report
6.4.2.4.5
Using the Group By Function to Format a Report
6.4.2.5
Resetting the Report Display Values to Their Default Settings
6.4.3
Saving your Customized Reports
6.4.4
Accessing Your Saved Custom Reports
6.5
Scheduling and Generating PDF or XLS Reports
6.5.1
About Scheduling and Creating PDF or XLS Reports
6.5.2
Creating a Report Schedule
6.5.3
Viewing or Modifying Report Schedules
6.5.4
Downloading Generated Reports in PDF or XLS Format
6.5.5
Notifying Users About Generated PDF or XML Reports
6.6
Annotating and Attesting Reports
6.7
Creating and Uploading Your Own Custom Reports
6.8
Activity Reports
6.8.1
About the Activity Reports
6.8.2
Activity Reports
6.8.2.1
About the Activity Reports
6.8.2.2
Activity Overview Report
6.8.2.3
All Activity Report
6.8.2.4
Audit Settings Changes Report
6.8.2.5
Data Access Report
6.8.2.6
Data Modification Report
6.8.2.7
Data Modification Before-After Values Report
6.8.2.8
Database Schema Changes Report
6.8.2.9
Entitlements Changes Report
6.8.2.10
Failed Logins Report
6.8.2.11
User Login and Logout Report
6.8.2.12
Startup and Shutdown Report
6.8.3
Alert Reports
6.8.4
Correlation Reports
6.8.5
Database Firewall Reports
6.8.6
Entitlement Reports
6.8.7
Stored Procedure Auditing Reports
6.9
Summary Reports
6.9.1
Trend Charts
6.9.2
Anomaly Reports
6.9.3
Summary Reports
6.10
Compliance Reports
6.10.1
About the Compliance Reports
6.10.2
Associating Secured Targets with Compliance Report Categories
6.10.3
Reports Based on IRS Publication 1075
6.11
Specialized Reports
6.11.1
About the Specialized Reports
6.11.2
Oracle Database Reports - Database Vault Activity
6.12
Data Privacy Reports
6.12.1
Implementation In Oracle Audit Vault And Database Firewall
6.12.2
Importing Sensitive Data Into Repository
6.12.3
Accessing Data Privacy Reports
7
Managing Entitlements
7.1
Managing and Viewing Entitlement Data
7.2
Working With Entitlement Snapshots and Labels
7.2.1
About Entitlement Snapshots and Labels
7.2.2
Creating, Modifying, or Deleting Labels for Entitlement Snapshots
7.2.3
Assigning Labels to Entitlement Snapshots
7.3
Generating Entitlement Reports
7.3.1
About Viewing Entitlement Reports with Snapshots and Labels
7.3.2
Viewing Entitlement Reports by Snapshot or Label
7.3.3
Comparing Entitlement Data Using Snapshots or Labels
7.4
Entitlement Report Descriptions
7.4.1
About the Entitlement Reports
7.4.2
User Accounts Reports
7.4.3
User Privileges Reports
7.4.4
User Profiles Reports
7.4.5
Database Roles Reports
7.4.6
System Privileges Reports
7.4.7
Object Privileges Reports
7.4.8
Privileged Users Reports
8
Creating Alerts
8.1
About Alerts
8.1.1
Overview
8.1.2
Defining Useful Alerts
8.2
Creating Alerts and Writing Alert Conditions
8.2.1
Creating or Modifying an Alert
8.2.2
Writing Alert Conditions
8.2.2.1
About Alert Conditions
8.2.2.2
Writing an Alert Condition
8.2.3
Disabling, Enabling, or Deleting Alerts
8.3
Monitoring Alerts
8.4
Responding to an Alert
8.5
Creating Custom Alert Status Values
8.6
Forwarding Alerts to Syslog
A
Oracle Audit Vault and Database Firewall Database Schemas
A.1
About Oracle Audit Vault and Database Firewall Schemas
A.2
Metadata for Activity Reports
A.3
Data for Event Reports
A.4
Data for Alert Reports
A.5
Data for Entitlement Reports
A.6
Data for SPA Reports
A.7
Data for Database Firewall Reports
B
Data Warehouse Partition
C
Audit Record Fields
D
Oracle Database Audit Events
D.1
About the Oracle Database Audit Events
D.2
Account Management Events
D.3
Application Management Events
D.4
Audit Command Events
D.5
Data Access Events
D.6
Database Vault Events
D.6.1
Database Vault Events in Oracle Database 11g
D.6.2
Database Vault Events in Oracle Database 12c
D.7
Exception Events
D.8
Invalid Record Events
D.9
Object Management Events
D.10
Peer Association Events
D.11
Role and Privilege Management Events
D.12
Service and Application Utilization Events
D.13
System Management Events
D.14
Unknown or Uncategorized Events
D.15
User Session Events
E
AIX Audit Events
F
Sybase ASE Audit Events
F.1
About the Sybase ASE Audit Events
F.2
Account Management Events
F.3
Application Management Events
F.4
Audit Command Events
F.5
Data Access Events
F.6
Exception Events
F.7
Invalid Record Events
F.8
Object Management Events
F.9
Peer Association Events
F.10
Role and Privilege Management Events
F.11
Service and Application Utilization Events
F.12
System Management Events
F.13
Unknown or Uncategorized Events
F.14
User Session Events
G
Microsoft SQL Server SQL Trace Audit Events
G.1
About the Microsoft SQL Server Audit Events
G.2
Account Management Events
G.3
Application Management Events
G.4
Audit Command Events
G.5
Data Access Events
G.6
Exception Events
G.7
Invalid Record Events
G.8
Object Management Events
G.9
Peer Association Events
G.10
Role and Privilege Management Events
G.11
Service and Application Utilization Events
G.12
System Management Events
G.13
Unknown or Uncategorized Events
G.14
User Session Events
G.15
Target Type Values for SQL Trace Audit Events
G.15.1
Possible Target Types Values Associated With Certain SQL Trace Audit Events
H
Microsoft SQL Server SQL Audit and Event Log Events
H.1
SQL Audit Events
H.2
Event Log Events
H.3
Target Type Values for SQL Audit and Event Log Events
H.3.1
Possible Target Types Values Associated With SQL Audit and Event Log Events
I
IBM DB2 Audit Events
I.1
About the IBM DB2 for LUW Audit Events
I.2
Account Management Events
I.3
Application Management Events
I.4
Audit Command Events
I.5
Context Events
I.6
Data Access Events
I.7
Exception Events
I.8
Execution Event
I.9
Invalid Record Events
I.10
Object Management Events
I.11
Peer Association Events
I.12
Role and Privilege Management Events
I.13
Service and Application Utilization Events
I.14
System Administration Events
I.15
System Management Events
I.16
Unknown or Uncategorized Events
I.17
User Session Events
I.18
Possible Target Type Values for IBM DB2 Audit Events
I.18.1
List 1: Possible Target Type Values for IBM DB2 Audit Events
I.18.2
List 2: Possible Target Type Values for IBM DB2 Audit Events
I.18.3
List 3: Possible Target Type Values for IBM DB2 Audit Events
J
MySQL Audit Events
K
Solaris Operating System Audit Events
L
Microsoft Windows Operating System Audit Events
M
Linux Operating System Audit Events
N
Oracle ACFS Audit Events
O
Active Directory Audit Events
O.1
About Active Directory Audit Events
O.2
Directory Service Audit Trail Events
O.3
Security Audit Trail Events
Index
Scripting on this page enhances content navigation, but does not change the content in any way.