Activity Auditing Overview

Activity Auditing lets you audit user activity on your target databases so you can monitor database usage and be alerted of unusual database activities.

This article has the following topics:

About Activity Auditing

You entrust your databases to your database administrators, account owners, and end users. However, it’s important to monitor database activity regularly because accounts are always at risk for being compromised or misused. Activity Auditing in Oracle Data Safe helps to ensure accountability and improve regulatory compliance.

With Activity Auditing, you can monitor user activities on Oracle databases by doing the following:
  • Collect and retain audit records per industry and regulatory compliance requirements. For example, you can audit sensitive database changes, administrator and user activities, activities recommended by the Center for Internet Security (CIS), and activities defined by your own organization.
  • Trigger alerts as needed for unusual or blacklisted behavior. For example, you can choose to be alerted when a database parameter or audit policy changes, a failed login by an admin occurs, a user entitlement changes, and when a user is created or deleted.

Activity Auditing provides a wide range of interactive audit reports, including the All Activity report, which is a comprehensive report that contains every audited activity. Other reports focus on specific areas, such as user and entitlement changes, administrative activity, data access, database schema changes, and login sessions. You can also download a report as a spreadsheet or PDF file, which is useful for compliance reporting.

Activity Auditing Workflow

The workflow for Activity Auditing involves registering target databases, configuring Activity Auditing jobs, monitoring the audit data, and managing the activity auditing jobs.

The following steps outline the general process for using the Activity Auditing feature.

  1. Register the target database for which you want to collect audit data.
  2. Configure an Activity Auditing job for your target database. You can choose to configure multiple target databases at one time.
    1. In the Activity Auditing wizard, select your target database and retrieve its audit policies.
    2. Select audit policies to provision on your target database. You can choose categories of audit policies, individual custom policies, Oracle pre-seeded policies, and the Center for Internet Security (CIS) recommendations policy.
    3. Select alert policies to provision on your target database. Alerts are generated when certain user activities occur on the target database. You can choose to be alerted to database parameter changes, failed logins by administrator users, audit policy changes, user creations/deletions, and user entitlement changes.
    4. Register an audit trail for the target database. For an Autonomous Database, Activity Auditing automatically registers the UNIFIED_AUDIT_TRAIL.
    5. Start collecting audit data. Audit data collection begins when you start the Activity Auditing job and continues until you stop the job. Turn on the auto purge feature at your discretion.
  3. Monitor the audit data:
    • View and manage audit reports for the target database from the Reports tab.
    • View and manage alerts from the Alerts tab.
  4. Manage the audit job:
    • Manage the audit trail from the Audit Trails page. You can start, stop, pause, and resume collecting audit data and delete the audit trail.
    • View the audit job running on the Jobs page, but manage the job from the Audit Trails page.