1 Changes in Oracle Audit Vault and Database Firewall Release 20

New features in Oracle AVDF Release 20.9

• Security Assessment: AVDF 20.9 introduces a centralized security assessment solution for enterprises by integrating the popular Database Security Assessment Tool (DBSAT) for Oracle Databases. The full-featured assessment with compliance mappings and recommendations will help organizations clearly understand their security posture for all their Oracle databases in one central place.
• Before/After reporting for Microsoft SQL Server: The Before/After report for the Microsoft SQL server is a valuable addition to the already available before/after report for the Oracle database, helping organizations improve their compliance posture.
• Upgraded Platform: The operating system for the Oracle Audit Vault Server and Database Firewall Server has been updated to Oracle Linux 8, delivering enhanced security and stability to the embedded platform.
• Discover sensitive objects and privileged users: AVDF 20.9 now helps customers discover sensitive data and privileged users in the Oracle database. Customers can also create Database Firewall global sets with the discovered privileged users and sensitive objects, and use them to create database firewall policy in just three steps.
• Agentless Audit Collection: Customers can now accelerate the deployment of AVDF with the agentless audit collection service for Oracle databases. With this feature, there's no need for agent installation or upgrades on target Oracle databases, making deployment quick and effortless. The agentless audit collection service helps small or remote deployments and proof of concepts where time and resources are limited.
• Agent security hardening: When updating to Oracle AVDF 20.9 or later, tighten the agent user privileges after all the agents have been updated.
• Administrator dashboard: The admin dashboard has been re-designed to provide administrators with more insights and details about the targets, agents, and database firewalls in Oracle AVDF. Administrators have the option to drill down into the charts and tables to view more detailed information as well.

New features in Oracle AVDF Release 20.8

• Introducing support for renewing or rotating certificates for Audit Vault Agent, Database Firewall, and Audit Vault Server. See Certificates for complete information.
• Enhanced administration of the TLS proxy certificates through Audit Vault Server console. See Creating TLS Proxy Certificates for Database Firewall and Modifying a Database Firewall Monitoring Point for complete information.
• Capability to decrypt TLS traffic and analyze the SQL statements going to Oracle RAC targets. See Configuring a TLS Proxy for an Oracle Real Application Clusters Database for complete information.

• Audit Vault Agent auto restart functionality can now be configured remotely. See the following topics for complete information:

  • Configuring Agent Auto Restart Functionality Remotely
  • Check if Audit Vault Agent Has Auto Restart Functionality Enabled
  • ALTER HOST

• Automatic renewal of Audit Vault Agent certificate before it expires. See About Audit Vault Agent Certificates for complete information.

• Introducing a new AVCLI command to RETRIEVE AUDIT POLICIES.

New features in Oracle AVDF Release 20.7

• Introducing VM.Standard.E4.Flex as a supported shape for installing Oracle AVDF appliances on OCI.

• New Features in Database Firewall:

  • Capability to decrypt TLS traffic and analyze the SQL statements going to Oracle Database targets. See Monitoring TLS Encrypted SQL Traffic for more information.
  • A new Default policy is added to Pre-defined Policies. It logs all login and logout events to the database along with DDL or DCL activities. See Creating and Configuring a Database Firewall Monitoring Point for more information.
  • ERSPAN support for Database Firewall deployed in Monitoring (Out of Band) mode. See Configuring Encapsulated Remote Switched Port Analyzer with Database Firewall for more information.
  • In case a Linux host machine has multiple network devices, then the Host Monitor Agent can now monitor all those network devices. See Creating a Monitoring Point for the Host Monitor Agent and Creating a Network Audit Trail for more information.

• New Features in Audit Vault Server:

  • Introducing support for monitoring of Audit Vault Server. See Monitoring Audit Vault Server for more information.
  • Improved audit trail status reporting mechanism in the Audit Vault Server console. This feature eliminates incorrect reporting of unreachable trails. See Checking the Status of Trail Collection in Audit Vault Server and ALTER SYSTEM SET for more information.
  • Network and system settings for the standby Audit Vault Server can now be configured using the primary Audit Vault Server console. See Changing the Standby Audit Vault Server Network Configuration and Changing the Standby Audit Vault Server System Settings for more information.
  • Ability for super administrator to create and edit a user-defined data retention policy and set it as default. The retention policy can be selected during target registration. See Creating Archive and Retention Policies and Registering Targets for more information.

• New Features in Audit Vault Agent:

  • Introducing Audit Vault Agent auto restart functionality that restarts the Agent in case host machine is restarted or the Agent goes down for any reason. See Configuring Agent Auto Restart Functionality for more information.
  • Oracle AVDF can collect unified audit trail data from both primary and standby Oracle Active Data Guard databases consistently. With this feature Oracle AVDF can now collect audit data generated on the standby database. See Additional Information for Audit Collection from Oracle Active Data Guard for more information.

New features in Oracle AVDF Release 20.6

• Automated pre-check of Audit Vault Agent on the host machine. See the topics Validation During Audit Vault Agent Deployment and Validation During Host Monitor Agent Deployment for more information.
• Provide historical data of audit trail downtime for better visibility of audit trail status. See Checking the Status of Trail Collection in Audit Vault Server for more information.
• Database Firewall instances with existing monitoring points can now be paired for high availability. See Configuring High Availability of Database Firewall Instances With Monitoring Points for more information.

• Broaden Oracle AVDF with support for Microsoft SQL Server (Standard Edition) version 2019 for audit collection. See Microsoft SQL Server Plug-in for Oracle Audit Vault and Database Firewall for more information.

• Providing flexibility by setting user's preferred time zone in Audit Vault Server console for a specific session. See Changing the Time Zone for more information.
• For installation of Host Monitor Agent on Windows, manual installation of Npcap is no longer needed. Npcap is automatically installed along with the Agent installation. See Deploying the Host Monitor Agent on a Windows Host Machine for more information.
• A super administrator can view all the archived datafiles. See Viewing Archived Datafiles for complete information.

New features in Oracle AVDF Release 20.5

• To improve security posture, introducing Security Technical Implementation Guidelines (STIG) unified audit policy for provisioning on Oracle Database targets. See ENABLE UNIFIED AUDIT POLICY for more information.
• Broaden Oracle AVDF platform compatibility with support for IBM DB2 Database Partitioning Feature (DPF) on Linux and AIX platform for audit collection. See Converting Binary Audit Files to ASCII Format for IBM DB2 for more information.
• For Host Monitoring on Windows, Npcap is automatically downloaded along with the Agent software (agent.jar) file. See Deploying the Host Monitor Agent on a Windows Host Machine for more information.

New features in Oracle AVDF Release 20.4

• Introducing capability to enable FIPS 140-2 for Audit Vault Server and Database Firewall. See Enabling FIPS 140-2 in Oracle AVDF for more information.
• 2X audit collection rate. See Registering Targets for more information.
• Support for audit collection and network monitoring (using Database Firewall) of Oracle Database 21.
• Support for audit collection from Autonomous Data Warehouse (Dedicated) and Autonomous Transaction Processing (Dedicated).
• Support for audit collection from MongoDB 4.4.
• Enable conditional auditing for Unified Audit policies. See ENABLE UNIFIED AUDIT POLICY for more information.

• Additional user management capability through AVCLI. See AVCLI User Commands for more information.

• Introducing Oracle GoldenGate Extract Cleanup utility to simplify maintenance.

New features in Oracle AVDF Release 20.3

• Support for audit collection and network monitoring (using Database Firewall) of Microsoft SQL Server (Enterprise Edition) 2019. See Product Compatibility Matrix for complete information.
• Support for audit collection from Microsoft SQL Server Extended events. See Microsoft SQL Server Plug-in for Oracle Audit Vault and Database Firewall for complete information.
• Support for Microsoft SQL Server Always On availability group.
• Support for automating retention policy configuration, unified audit policy provisioning, and alert policy management tasks through AVCLI. See Retention Policy AVCLI Commands, Unified Audit Policy AVCLI Commands, and Alert Policy Management AVCLI Commands for complete information.
• Support for Audit Vault Agent configuration to restart automatically when the host machine is restarted. See Audit Vault Agent Auto Start Configuration for complete information.

New features in Oracle AVDF Release 20.2

• Audit Vault Agent can be associated with more than one IP address for Audit Vault Server communication. See section Registering Hosts on the Audit Vault Server for complete information.
• Supporting audit collection, Audit Vault Agent deployment, and Host Monitor Agent deployment on Microsoft Windows Server (x86-64) version 2019. See Microsoft Windows Plug-in for Oracle Audit Vault and Database Firewall for complete information.
• Enhancement in audit collection from CDB_UNIFIED_AUDIT_TRAIL for PDBs. See section Configuring Audit Trail Collection for CDBs and PDBs for complete information.
• Supporting audit records collection from DB2 instance level audit.

New features in Oracle AVDF Release 20.1

• Supports audit data collection from new target types and versions. Unified console for Audit and Firewall management. Registering a target for audit collection and Database Firewall monitoring is now simplified. Refer to the following sections for more information:
  • Registering Targets
  • Adding Audit Trails with Agent-Based Collection
  • Plug-ins That are Shipped with Oracle Audit Vault and Database Firewall

• Supports audit collection for more target types and version. See Platform Support for more information.

• Supports automatic archival of audit or log data. See the following sections for complete information:

  • Enabling Automatic Archival
  • Starting an Archive Job Manually
  • About Archiving and Retrieving Data in Oracle Audit Vault and Database Firewall
  • Error OAV-47409 While Managing Archive Locations

• You can now restore a backup to a new system with a new IP address and not retain the old IP address by default:

  Post Restore Tasks

• Supports changing the TCP/TCPS ports used by Audit Vault Server database. See Configuring Custom Ports on Network Interfaces for complete information.

• Supports provisioning of recommended Unified audit policies.

• Supports audit collection from Container Database. See Configuring Audit Trail Collection for CDBs and PDBs for complete information.

• Improved audit collection performance.

• Introduced new command-line interface commands. See Specifying the Audit Vault Server Certificate and IP Address and Configuring Network Services for Oracle Database Firewall for complete information.

• Secure communication between the syslog clients and servers using authentication and encryption. See Configuring Remote Syslog Over TLS.
• Supports user authentication with Microsoft Active Directory and OpenLDAP for users connecting to Audit Vault Server console. See Integrating Oracle Audit Vault and Database Firewall with Microsoft Active Directory or OpenLDAP for complete information.
• Using Oracle Database Firewall with Oracle RAC is simplified.
• Enhanced DDI to retrieve session information for Oracle Database targets. This is available for Oracle Database Firewall in monitoring and blocking, or in monitoring only mode. See Step 2: Run the Oracle Advance Security Integration Script for complete information.
• Supports Bonding of Network Interface Cards for increased throughput.
• Introducing new System Configuration Utilities.
• Supports fiber channel based storage with multipath. See Configuring Fiber Channel-Based Storage for Audit Vault Server for complete information.
• Introduced Quick JSON collector to collect audit data from any JSON audit file including MongoDB. See Configuring Quick JSON Target Type to Collect Audit Data from MongoDB for complete information.
• Built-in support for PostgreSQL.