1 Getting Started with Oracle Security Monitoring and Analytics

About Oracle Security Monitoring and Analytics

What is Oracle Security Monitoring and Analytics?

Oracle Security Monitoring and Analytics is a security solution provided as part of Oracle Management Cloud’s unified platform. Its core functionality is around cyber security, providing you with IT solutions in the form of anomaly detection and investigations, and remediation of the broadest range of security threats across on-premises and cloud IT assets. Oracle Security Monitoring and Analytics provides integrated security information and event management (SIEM) and user, and entity behavior analytics (UEBA) capabilities built on machine learning, user session awareness, and up-to-date threat intelligence context.

The following diagram shows the integration of Oracle Security Monitoring and Analytics with other cloud solutions also designed as platform components for Oracle Management Cloud.

Diagram illustrating the integration with its counterparts


Product Key Features

Real-time threat detection based on rules and patterns:

Universal threat visibility— Collect and analyze any security relevant data.

SOC-ready content— Ready to use, vendor neutral SOC content library.

Threat intelligence leverage— Connect to any threat feed, leverage embedded reputation data.

Advanced threat analytics and visualization:

Data access anomaly detection— Detect SQL query anomalies for any user, database or application.

Identify anomalous activity of an entity based on instance-based and peer-based behavior baselines.

Multi-dimensional anomaly detection— Detect anomalies across multiple behavioral attributes.

Session awareness and attack chain visualization— Faster detection with user awareness kill chain visualization.

Enhanced Security Monitoring with Oracle Management Cloud Platform:

Topology awareness— Detect multi-tier application attacks and lateral movement indicators.

Additional features include:
  • Correlation Rule-tunning
  • Customizable Watchlists
  • Storage management
  • Integration with IDCS and CASB services

Collecting Operating System Logs from Your Host Platforms

You can collect log data from your hosts and get immediate insight into potential security threats across your environments.

Collect Linux Default Logs

Enable default OS event logs in Linux.

Prerequisite Checklist

Configuration Steps

Linux Log Configuration Task Requirements For additional details, see...
STEP 1. - Enable host monitoring in OMC. Enable the Linux host where you installed the agent. By default your host is already added as an entity, however, monitoring is disabled. Enable Host Monitoring in Using Oracle Infrastructure Monitoring
STEP 2. - Associate your (Linux host) entity for log collection. From Log Analytics > Log Admin > Entities, click New Association and select the new Linux host. Configure New Entity Associations in Using Log Analytics
STEP 3. - Select log sources for your new (Linux host) entity. Select the Linux logs that apply for your environment. Host Sources

Associating Entities to Existing Log Sources in Using Oracle Log Analytics

STEP 4. - Validate your log collection. Ensure your setup is successfully completed: validate your collection. Navigate to Security Analytics > Security Data Explorer. Validate Log Collections

For a complete list of supported log sources and quick-start configuration guides, see Appendix Host Sources

Collect Windows Default Logs

Enable default logs for Windows platforms.

Prerequisites

Table 1-1 Log Configuration Steps

Windows Log Configuration Task Requirements For additional details, see...
STEP 1. - Enable host monitoring in OMC. Enable the Windows host where you installed the agent. By default your host is already added as an entity, however, monitoring is disabled. Enable Host Monitoring in Using Oracle Infrastructure Monitoring
STEP 2. - Associate your (Windows host) entity for log collection. From Log Analytics > Log Admin > Entities, click New Association and select the new Windows host. Configure New Entity Associations in Using Log Analytics
STEP 3. - Select log sources for your new (Windows host) entity. Select the Windows Security Events log source to associate with your Windows host. Host Sources

Associating Entities to Existing Log Sources in Using Oracle Log Analytics

STEP 4. - Validate your log collection. Ensure your setup is successfully completed: validate your collection. Navigate to Security Analytics > Security Data Explorer. Validate Log Collections

For a complete list of supported log sources and quick-start configuration guides, see Appendix Host Sources