Manage SQL Firewall

Update the Database Security Configuration

Under Data Safe - Database Security, select SQL Firewall.
From the Target summary tab, select the name of a target database.
This will take you to the Configuration details page.
Perform any of the following tasks:
- Click Disable next to SQL Firewall status to disable SQL Firewall. This will stop any ongoing collections and policies will no longer be enforced.
- Click Turn on or Turn off next to Auto-purge violation logs to turn this on or off. This specifies whether Data Safe should automatically purge the violation logs from the database after collecting the violation logs and persisting them on Data Safe.
  
  Note:
  When this is turned on violation logs are automatically purged every seven days.
- Click Include or Exclude next to Database jobs to include or exclude database jobs for SQL Firewall enforcement.
- Click Refresh next to Last refresh time to refresh Data Safe's copy of the policies if you made a recent policy change within the database.
- Under the Actions menu, select Move Resource to move the Database Security Configuration to a different compartment.

Purge a SQL Collection

Purge helps clean the collection logs for the user. You typically need to purge the SQL Collection when you need to recapture an application SQL workload for the same database user following application updates. The SQL collection can be started again for the database user once it is purged.

Under Data Safe - Database Security, select SQL Firewall.
From the Target summary tab, select the name of a target database.
This will take you to the Configuration details page.
Click the SQL collections tab.
Click on a database user name.
This will take you to the SQL collection details page.
Under the Actions menu, select Purge to remove the SQL collection log. This will not affect any SQL Firewall Policies that were generated from this collection.

Drop a SQL Collection

Drop will remove the SQL Collection and collection logs for the selected database user. You typically have to drop the SQL Collection when you need to remove SQL Firewall protection for a database user who is no longer active or has changed responsibilities in the system.

Under Data Safe - Database Security, select SQL Firewall.
From the Target summary tab, select the name of a target database.
This will take you to the Configuration details page.
Click the SQL collections tab.
Click on a database user name.
This will take you to the SQL collection details page.
Under the Actions menu, select Drop to delete the SQL collection. Dropping a SQL collection will not have an impact on already generated or enforced SQL Firewall policies.

View and Manage SQL Firewall Policies

Under Data Safe - Database Security, select SQL Firewall.
From the Target summary tab, select the name of a target database.
This will take you to the Configuration details page.
Click the SQL Firewall policies tab.
Click on a database user name.
This will take you to the Firewall policy details page.
(Optional) Update the allowed SQL session context values as desired.
1. Find the Session context section of the Details tab.
2. Select Update for the respective row.
3. To remove a value, select the X at the end of the row in the panel.
4. To add a value, select Add and enter the new value in the empty field.
5. Select Update client IP/client program/client OS user, depending on which context information you selected.
(Optional) Download a PDF or XLS report of all Unique allowed SQL statements.
1. Click the Unique allowed SQL statements tab.
2. Under the Actions menu in the Unique allowed SQL statements table, select Generate report.
  A pop-up will appear.
3. Select which format you want the report in, PDF or XLS.
4. Enter a name for the report.
5. Optionally, enter a description for the report.
6. Select Generate report.
7. Download the report. You have two options:
  - In the Generate report window, select the here link. The document will begin downloading.
  - Select Close to close the Generate report window. Then, select the Download report button. A dialog box is displayed providing you options to open or save the document.

Update SQL Firewall Policies

Adding new SQL statements from SQL Collection

Under Data Safe - Database Security, select SQL Firewall.
From the Target summary tab, select the name of a target database.
This will take you to the Configuration details page.
Click the SQL collections tab.
Click on a database user name.
This will take you to the SQL collections details page.
Click on the associated SQL Firewall policy located in the Details tab.
This will take you to the Firewall details page.
Temporarily disable the SQL Firewall policy by selecting Disable under the Actions menu. Confirm disablement in the pop-up by clicking Disable.
Navigate back to the SQL collection by clicking SQL collection details in the page breadcrumbs.
Click Start to capture SQL statements.
Initiate the SQL statements you want to add on your target database.
Click Stop once you have collected the SQL statements.
Under the Actions menu, select Update firewall policy to append the new SQL statements to the associated policy.
Click on the associated SQL Firewall policy located in the Details tab.
This will take you to the Firewall details page.
Select Deploy and Enforce.
1. Select the enforcement scope:
  - All (Session contexts and SQL statements)
  - Session contexts only - This option enforces the checks only on the database connection paths.
  - SQL statements only - This option enforces the checks only on the SQL statements.
2. Select the action on violations:
  - Observe (Allow) and log violations - This option will observe and allow all SQL statements and connections to the database while logging any violations.
  - Block and log violations - This option will block any SQL statements and database connections not listed in the policy and log the violations. Consider this option when you want SQL Firewall to prevent unauthorized SQL traffic to the database.
3. Audit for violations
  - On - This option will write the violation records to the audit trail. It enables alerting and helps demonstrate compliance to your audit requirements. Ensure to start the audit trail in Oracle Data Safe to collect the audit events. These audit events contribute to the monthly free limit of 1 million audit records per month per target database.
  - Off
4. Select Deploy and enforce.

Deleting allowed SQL statements

Under Data Safe - Database Security, select SQL Firewall.
Under SQL Firewall, select SQL Firewall policies.
Click on a database user name for a specific target database.
Select the Unique allowed SQL statements tab.
Select SQL statement(s) you want to delete.
Select Delete allowed SQLs.

Adding allowed SQL statements from the Violations log

Under Data Safe - Database Security, select SQL Firewall.
Under SQL Firewall, select SQL Firewall policies.
Click on a database user name for a specific target database.
Select the Unique allowed SQL statements tab.
Under the Actions menu, select Add from violations .
Filter and select SQL statements.
Select Update.

Update the Enforcement of SQL Firewall Policies

Under Data Safe - Database Security, select SQL Firewall.
From the Target summary tab, select the name of a target database.
This will take you to the Configuration details page.
Click the SQL Firewall policies tab.
Select a SQL Firewall policy from the list.
This will take you to the Firewall policy details page.
Select Deploy and Enforce.
1. Select the enforcement scope:
  - All (Session contexts and SQL statements)
  - Session contexts only - This option enforces the checks only on the database connection paths.
  - SQL statements only - This option enforces the checks only on the SQL statements.
2. Select the action on violations:
  - Observe (Allow) and log violations - This option will observe and allow all SQL statements and connections to the database while logging any violations.
  - Block and log violations - This option will block any SQL statements and database connections not listed in the policy and log the violations. Consider this option when you want SQL Firewall to prevent unauthorized SQL traffic to the database.
3. Audit for violations
  - On - This option will write the violation records to the audit trail. It enables alerting and helps demonstrate compliance to your audit requirements. Ensure to start the audit trail in Oracle Data Safe to collect the audit events. These audit events contribute to the monthly free limit of 1 million audit records per month per target database.
  - Off
4. Select Deploy and enforce.

Disable or Enable SQL Firewall Policies

Under Data Safe - Database Security, select SQL Firewall.
From the Target summary tab, select the name of a target database.
This will take you to the Configuration details page.
Click the SQL Firewall policies tab.
Select a SQL Firewall policy from the list.
This will take you to the Firewall policy details page.
Under the Actions menu, select Disable or Enable. Disabling will stop the SQL Firewall from evaluating any incoming SQL traffic against this SQL Firewall policy. However, this will not delete the policy and it can be enabled again later.

Drop SQL Firewall Policies

Under Data Safe - Database Security, select SQL Firewall.
From the Target summary tab, select the name of a target database.
This will take you to the Configuration details page.
Click the SQL Firewall policies tab.
Select a SQL Firewall policy from the list.
This will take you to the Firewall policy details page.
Under the Actions menu, select Drop. This will delete the SQL Firewall policy and a SQL Collection will have to be initiated again to re-create this policy.