3 Managing Targets

You can view and change target settings, create and modify target groups, manage compliance settings, and set access rights to targets and groups.

3.1 About Managing Targets

Targets are created by an Oracle Audit Vault and Database Firewall administrator.

A target is created for each database or other supported audit source for which you want to retrieve audit data, and for a database you want to monitor with a Database Firewall.

As an auditor, you can view data for targets to which a super auditor has granted you access.

You can use the Targets tab of the Audit Vault Server console to control the following aspects of the targets that you can access:

• View and sort the list of targets.

  See Also:

  Working with Lists of Objects in the UI

• View and access the following for each target:

  • Audit Trails

  • Database Firewall Monitoring

  • Target Groups

  • Access Rights

  • User Entitlements Snapshots

3.2 Viewing and Changing Settings for a Target

You can view and change settings such as policy settings, entitlement data, or a list of audit trails for a target.

3.2.1 Viewing Audit Policy Settings for Oracle Databases

You can view audit policy settings for Oracle databases from the Targets tab.

1. Log into the Audit Vault Server console as an auditor.
2. Click Targets tab.
3. Select a target from the list.
4. The following details are displayed for the specific target selected:
   • Connect String
   • Description
   • Retention Policy

   On this page, there are two tabs:

   • Audit Data Collection
   • Database Firewall Monitoring

   Below these tabs, the following details are displayed:

   • Audit Policy
   • User Entitlements
   • Stored Procedure Auditing
5. There are two buttons for the sections:
   • Save
   • Retrieve

   The Retrieve button enables you to retrieve the audit settings for the Oracle Database at this point in time.

6. There is an option to enable or disable on this screen. It can accomplished by simply checking on the radio button.

See Also:

• Logging in to the Audit Vault Server Console

• Retrieving and Modifying Audit Policies from an Oracle Database

• Specifying which Audit Policies are needed

• Creating Audit Policies for Oracle Databases for detailed information on audit policies.

3.2.2 Retrieving User Entitlement Data for Oracle Database Targets

Retrieving user entitlement data for an Oracle Database target adds a snapshot of the data to the entitlement snapshots retrieved earlier.

From there, you can organize snapshots by assigning them labels, and compare entitlement data from different snapshots or labels.

You can start entitlement data retrieval immediately or set up a schedule for retrieval.

To retrieve entitlement data for a target:

1. Log into the Audit Vault Server console as an auditor.

2. Click Targets tab.

3. Click User Entitlement Snapshots option in the left navigation menu. The timestamp of the entitlement data retrieved is displayed against the list of available targets.

4. Select a target from the list.

5. The details of this target appears. Scroll down on this page to User Entitlements section.

6. To schedule retrieval, click on the Enable radio button.

7. Set the following:

   1. In the Start At field, use the calendar icon to select a date and time for the retrieval process.

   2. Next to Repeat Every, select the frequency of retrieving the data.

   3. Below this, select from the available options: Hour, Days, Weeks, Months.

8. Click Save.

See Also:

• Logging in to the Audit Vault Server Console

• Working With Entitlement Snapshots and Labels

3.2.3 Activating Stored Procedure Auditing

You can audit changes to stored procedures in a target in Oracle Audit Vault and Database Firewall reports.

In order to see this data for a database target, you must activate Stored Procedure Auditing for that target.

1. Log in to the Audit Vault Server console as an auditor.

2. Click the Targets tab. There is a Targets tab in the left navigation menu that is selected by default. A list of available targets are displayed.

3. Click on the name of a specific target. The details pertaining to this target is displayed on the screen.

4. Scroll down to the Stored Procedure Auditing section at the bottom of the screen.

5. Select the Enable radio button.

6. Set the following:

   • 1. In the Start At field, use the calendar icon to select a date and time for the retrieval process.

     2. Next to Repeat Every, select the frequency of retrieving the data.

     3. Below this, select from the available options: Hour, Days, Weeks, Months.

7. Click Save.

See Also:

• Oracle Audit Vault and Database Firewall Administrator's Guide for information to collect stored procedure changes from a target database. Oracle Audit Vault and Database Firewall administrator must run scripts to set up the correct user privileges on that database.

• Stored Procedure Changes

• Logging in to the Audit Vault Server Console

3.2.4 Viewing a List of Audit Trails for a Target

An Oracle Audit Vault and Database Firewall administrator starts and stops audit trails.

As an auditor, you can view lists of audit trails for targets you have access to. You can see the trails collected for one or more targets.

1. Log into the Audit Vault Server console as an auditor.
2. Click Targets tab.
3. Click Audit Trails in the left navigation menu.
4. Select a target from the list displayed. The details pertaining to the specific target is displayed on the screen.
5. Scroll down. The Audit Data Collection tab is selected by default.

   The audit trails for the target are listed in a table with the following columns:

   • Audit Trail Location
   • Audit Trail Status
   • Audit Trail Type
   • Collection Agent
   • Last Start At
6. Optionally, click on the column name title for the following options:
   • Sort Ascending
   • Sort Descending
   • Hide Column
   • Control Break

   There is search field and other options available.

   See Also:

   Logging in to the Audit Vault Server Console

3.2.5 Selecting a Firewall Policy

If a target is a database monitored by a Database Firewall, you can upload or change the firewall policy assigned to the target.

1. Log into the Audit Vault Server console as an auditor.
2. Click Policies tab
3. Click Database Firewall Policies tab in the left navigation menu.
4. A list of User-defined Database Firewall Policies and Pre-defined Database Firewall Policies are displayed on the screen.
5. Click on a specific target to view the firewall policy defined. You can make changes to the policy here from this screen.

See Also:

• Database Firewall Policies for detailed information on firewall policies.

• Logging in to the Audit Vault Server Console

3.2.6 Viewing a List of Database Firewall Monitoring Points

An Oracle Audit Vault and Database Firewall administrator creates monitoring points for database targets monitored by Database Firewall.

As an auditor, you can see the Database Firewall monitoring points configured for the database targets you have access to. You can see the monitoring points for one target or for all your targets.

3.2.6.1 Viewing a List of Monitoring Points for a Database Target

You can access a list of monitoring points for a database target.

1. Log into the Audit Vault Server console as an auditor.
2. Click on Targets tab.
   The Targets sub tab in the left navigation menu is selected by default. The main page lists all the targets configured.
3. Select a specific target.
4. Scroll down and click on Database Firewall Monitoring sub tab. It contains a list of all the Database Firewall monitoring points associated with this target. This section is not visible if the target is not a database.

   See Also:

   Logging in to the Audit Vault Server Console

3.2.6.2 Viewing a List of Monitoring Points for All Your Target Databases

You can access a list monitoring points configured for all your database targets.

1. Log in to the Audit Vault Server console as an auditor.
2. Click on Targets tab.
3. From the left navigation menu, click Database Firewall Monitoring.
4. The main page lists all the targets and the status of the corresponding Database Firewall monitoring points. Click the name of the specific target to see its details.

   See Also:

   Logging in to the Audit Vault Server Console

3.2.7 Setting a Data Retention (Archiving) Policy

The data retention policy for a target determines how long audit data is retained for that target.

An Oracle Audit Vault and Database Firewall administrator creates retention policies, and an auditor selects one of the available policies to assign to a target. If you do not select a retention policy for a target, the default retention policy will be used (12 months retention online and 12 months in archives before purging). Do not set the retention policy after data collection has started from the target. After the retention period is reached, the archived data is purged and cannot be retrieved. A new retention policy takes effect as of the date you select the policy, but does not apply to existing data.

1. Log in to the Audit Vault Server console as an auditor.
2. Click on Targets tab.
   The Targets sub tab in the left navigation menu is selected by default. The main page lists all the targets configured.
3. Select a target from the list.
4. The Retention Policy field displays the duration of the retention and archival policy for the specific target.
5. To set or change the retention policy, click the edit icon next to the Retention Policy field. Select from the available retention policies.
6. Click Save.

See Also:

• Oracle Audit Vault and Database Firewall Administrator's Guide for information on configuring retention (archiving) policies.

• Logging in to the Audit Vault Server Console

3.3 Creating and Modifying Target Groups

You can create and modify a named group of targets.

3.3.1 About Target Groups

A super auditor can organize multiple targets into a group to grant auditor access to them in one operation instead of individually.

Oracle Audit Vault and Database Firewall provides a set of preconfigured user groups related to compliance categories, for example HIPAA or DPA. You can add targets to those groups to generate the specific compliance reports related to those databases.

3.3.2 Creating and Modifying Target Groups

You must be a super auditor to create and modify target groups.

Creating a target group

1. Log in to the Audit Vault Server console as a super auditor.

2. Click Targets tab.

3. Click Target Groups tab in the left navigation menu. A list of User-define Groups and Pre-configured Groups are displayed on the screen.

4. Click Create button in the top right corner.

5. In the Create Target Group dialog, do the following:

   Release Oracle AVDF 20.1 and 20.2

   Release Oracle AVDF 20.3 and later

   Name field: Enter a name for the target group. Description: Optionally, enter a description for this target group. Under Members section, select one or more members by clicking the check box against the member name. Click the Add button.

   Group Name field: Enter a name for the target group. Description: Optionally, enter a description for this target group. Under Members section, select one or more members by moving them from the Available column to Selected column. You can also search for the targets in the field below the Members section using the target name. To remove the targets, select one or more members and move them back to the Available column from the Selected column.

6. Click Save.

Modifying a target group

1. Log in to the Audit Vault Server console as a super auditor.

2. Click Targets tab.

3. Click Target Groups tab in the left navigation menu. A list of User-define Groups and Pre-configured Groups are displayed on the screen.

4. Click the name of the target group to modify.

5. In the Modify Target Group dialog, perform any of the following modifications:

   Release Oracle AVDF 20.1 and 20.2	Release Oracle AVDF 20.3 and later
   Change the Name of the target group. Optionally edit the Description. Under the Members section, add or remove members by selecting the check box against the member. Click Add or Remove buttons accordingly.	Change the Group Name. Optionally edit the Description. Under the Members section, add or remove members by moving them in between the Available and Selected columns. You can also search for the targets in the field below the Members section using the target name.

6. Click Save.

See Also:

• Working with Lists of Objects in the UI

• Logging in to the Audit Vault Server Console

3.4 Managing Compliance for Target Databases

To ensure that the correct compliance reports are available for target databases, you add those targets to the appropriate preconfigured group in the Audit Vault Server.

To assign a target to a compliance group:

1. Log in to the Audit Vault Server console as an auditor.
2. Click Targets tab.
3. Click Target Groups tab in the left navigation menu.

   A list of User-defined Groups and Pre-configured Groups are displayed on the screen.

4. In the Pre-configured Groups section, click on a specific group name.
5. In the Modify Target Group dialog:

   Release Oracle AVDF 20.1 and 20.2	Release Oracle AVDF 20.3 and later
   Select the target databases to add to this compliance group. Select the targets and then click Remove, to remove a target database from the compliance group.	Select the target databases to add to the compliance group by moving them from the Available column to the Selected column. Select the target databases to remove from the compliance group by moving them from the Selected column to the Available column.

6. Click Save.

   See Also:

   • Compliance Reports for more information on compliance reports.

   • Logging in to the Audit Vault Server Console

3.5 Setting Access Rights for Targets and Groups

If you have the super auditor role in Oracle Audit Vault and Database Firewall, you can set access rights for targets and groups.

Only auditors that have been granted access to specific targets or groups will be able to see them or data related to them. You can manage access by target or group, or by user.

See Also:

Managing User Accounts and Access for instructions.