3 Managing Targets
You can view and change target settings, create and modify target groups, manage compliance settings, and set access rights to targets and groups.
3.1 About Managing Targets
Targets are created by an Oracle Audit Vault and Database Firewall administrator.
A target is created for each database or other supported audit source for which you want to retrieve audit data, and for a database you want to monitor with a Database Firewall.
As an auditor, you can view data for targets to which a super auditor has granted you access.
You can use the Targets tab of the Audit Vault Server console to control the following aspects of the targets that you can access:
-
View and sort the list of targets.
See Also:
-
View and access the following for each target:
-
Audit Trails
-
Database Firewall Monitoring
-
Target Groups
-
Access Rights
-
User Entitlements Snapshots
-
3.2 Viewing and Changing Settings for a Target
You can view and change settings such as policy settings, entitlement data, or a list of audit trails for a target.
3.2.1 Viewing Audit Data Collection and Database Firewall Monitoring Details for Targets
You can view audit data collection and database firewall monitoring details for each target on the Targets tab.
3.2.2 Scheduling the Retrieval of Audit Settings for an Oracle Database
To retrieve audit policy settings for an Oracle Database, schedule an audit policy retrieval job for the target.
- Rerun the Oracle privileges script for successful audit policy retrieval for container database targets. For more information see Oracle Database Setup Scripts.
- Retrieve audit policies before provisioning or viewing audit policies. For more information see Retrieving and Modifying Audit Policies from an Oracle Database
- Log in to the Audit Vault Server console as an auditor.
- Click the Targets tab.
- Click the Schedule Retrieval Jobs icon for the target.
-
On the Schedule Retrieval Jobs page, select one of the following options under Audit Policy:
- To run the job immediately, select Retrieve Immediately.
-
To schedule the job or change an existing schedule, follow these steps:
- Select Create/Update Schedule.
- Select Enable.
- Enter the start date and time and the repetition frequency.
- Click Save.
3.2.3 Retrieving User Entitlement Data for Oracle Database Targets
To retrieve data for user entitlement snapshots, submit or schedule a user entitlement retrieval job for an Oracle Database target.
- Log in to the Audit Vault Server console as an auditor.
- Click the Targets tab.
- Click the Schedule Retrieval Jobs icon for the target.
-
On the Schedule Retrieval Jobs page, select one of the following options under User Entitlements:
- To run the job immediately, select Retrieve Immediately.
-
To schedule the job or change an existing schedule, follow these steps:
- Select Create/Update Schedule.
- Select Enable.
- Enter the start date and time and the repetition frequency.
- Click Save.
Note:
All user entitlement snapshots will be purged after 18 months from the time of data retrieval.3.2.4 Retrieving Security Assessment Data for Oracle Database Targets
To retrieve data for the security assessment reports, submit or schedule the security assessment retrieval job for an Oracle Database target.
When an Oracle Database is registered as a target in Oracle AVDF, the first security assessment job is submitted automatically. You can then manually submit the job to run immediately or schedule it to run at a specified frequency, such as weekly or monthly.
Note:
All assessment data will be purged after 18 months from the time of data retrieval.For implementing Database Security Posture Management (DSPM), it is recommended to schedule the Security Assessment retrieval job for each target.
To create or change a security assessment retrieval job:
- Log in to the Audit Vault Server console as an auditor.
- Click the Targets tab.
- Click the Schedule Retrieval Jobs icon for the target.
-
On the Schedule Retrieval Jobs page, select one of the following options under Security Assessment:
- To run the job immediately, select Assess Immediately.
-
To schedule the job or change an existing schedule, follow these steps:
- Select Create/Update Schedule.
- Select Enable.
- Enter the start date and time and the repetition frequency.
- Click Save.
3.2.5 Retrieving Sensitive Objects for Oracle Database Targets
To identify privileged users and sensitive data for data discovery, submit or schedule the sensitive data retrieval job for an Oracle Database target.
When an Oracle Database is registered as a target in Oracle AVDF, the first data discovery job is submitted automatically. You can then manually submit the job to run immediately or schedule it to run at a specified frequency, such as weekly or monthly.
To create or change a sensitive data discovery job:
- Log in to the Audit Vault Server console as an auditor.
- Click the Targets tab.
- Click the Schedule Retrieval Jobs icon for the target.
- On the Schedule Retrieval Jobs page,
select one of the following options under
Sensitive Objects:
- To run the job immediately, select Discover Immediately.
-
To schedule the job or change an existing schedule, follow these steps:
- Select Create/Update Schedule.
- Select Enable.
- Enter the start date and time and the repetition frequency.
- To disable the schedule, follow these steps:
- Select Create/Update Schedule.
- Select Disable.
Note:
Disabling the schedule does not revoke the user privileges for data discovery on the Oracle Database. Disabling the schedule only stops the schedule and prevents the sensitive data from updating.
- Click Save.
3.2.6 Activating Stored Procedure Auditing
To retrieve data for the stored procedure auditing reports, schedule the stored procedure auditing retrieval job for a database target.
- Log in to the Audit Vault Server console as an auditor.
- Click the Targets tab.
- Click the Schedule Retrieval Jobs icon for the target.
-
Under Stored Procedure Auditing, follow these steps:
- Select Create/Update Schedule.
- Select Enable.
- Enter the start date and time and the repetition frequency.
- Click Save.
Note:
See Oracle Audit Vault and Database Firewall Administrator's Guide for information about collecting stored procedure changes from a target database. An Oracle Audit Vault and Database Firewall administrator must run scripts to set up the correct user privileges on the target database.3.2.7 Viewing a List of Audit Trails for a Target
An Oracle Audit Vault and Database Firewall administrator starts and stops audit trails.
3.2.8 Selecting a Firewall Policy
If a target is a database monitored by a Database Firewall, you can upload or change the firewall policy assigned to the target.
- Log into the Audit Vault Server console as an auditor.
- Click Policies tab
- Click Database Firewall Policies tab in the left navigation menu.
- A list of User-defined Database Firewall Policies and Pre-defined Database Firewall Policies are displayed on the screen.
- Click on a specific target to view the firewall policy defined. You can make changes to the policy here from this screen.
See Also:
-
Database Firewall Policies for detailed information on firewall policies.
3.2.9 Viewing a List of Database Firewall Monitoring Points
An Oracle Audit Vault and Database Firewall administrator creates monitoring points for database targets monitored by Database Firewall.
As an auditor, you can see the Database Firewall monitoring points configured for the database targets you have access to. You can see the monitoring points for one target or for all your targets.
3.2.9.1 Viewing a List of Monitoring Points for a Database Target
You can access a list of monitoring points for a database target.
3.2.10 Setting a Data Retention (Archiving) Policy
The data retention policy for a target determines how long audit data is retained for that target.
See Also:
-
Oracle Audit Vault and Database Firewall Administrator's Guide for information on configuring retention (archiving) policies.
3.3 Creating and Modifying Target Groups
You can create and modify a named group of targets.
3.3.1 About Target Groups
A super auditor can organize multiple targets into a group to grant auditor access to them in one operation instead of individually.
Oracle Audit Vault and Database Firewall provides a set of preconfigured user groups related to compliance categories, for example HIPAA or DPA. You can add targets to those groups to generate the specific compliance reports related to those databases.
3.3.2 Creating and Modifying Target Groups
You must be a super auditor to create and modify target groups.
Creating a target group
-
Log in to the Audit Vault Server console as a super auditor.
-
Click Targets tab.
-
Click Target Groups tab in the left navigation menu. A list of User-define Groups and Pre-configured Groups are displayed on the screen.
-
Click Create button in the top right corner.
-
In the Create Target Group dialog, do the following:
Release Oracle AVDF 20.1 and 20.2 Release Oracle AVDF 20.3 and later - Name field: Enter a name for the target group.
- Description: Optionally, enter a description for this target group.
- Under Members section, select one or more members by clicking the check box against the member name.
-
Click the Add button.
- Group Name field: Enter a name for the target group.
- Description: Optionally, enter a description for this target group.
- Under Members section, select one or more members by moving them from the Available column to Selected column. You can also search for the targets in the field below the Members section using the target name.
- To remove the targets, select one or more members and move them back to the Available column from the Selected column.
-
Click Save.
Modifying a target group
-
Log in to the Audit Vault Server console as a super auditor.
-
Click Targets tab.
-
Click Target Groups tab in the left navigation menu. A list of User-define Groups and Pre-configured Groups are displayed on the screen.
-
Click the name of the target group to modify.
-
In the Modify Target Group dialog, perform any of the following modifications:
Release Oracle AVDF 20.1 and 20.2 Release Oracle AVDF 20.3 and later - Change the Name of the target group.
- Optionally edit the Description.
- Under the Members section, add or remove members by selecting the check box against the member.
- Click Add or Remove buttons accordingly.
- Change the Group Name.
- Optionally edit the Description.
- Under the Members section, add or remove members by moving them in between the Available and Selected columns. You can also search for the targets in the field below the Members section using the target name.
-
Click Save.
3.4 Managing Compliance for Target Databases
To ensure that the correct compliance reports are available for target databases, you add those targets to the appropriate preconfigured group in the Audit Vault Server.
To assign a target to a compliance group:
3.5 Setting Access Rights for Targets and Groups
If you have the super auditor role in Oracle Audit Vault and Database Firewall, you can set access rights for targets and groups.
Only auditors that have been granted access to specific targets or groups will be able to see them or data related to them. You can manage access by target or group, or by user.
See Also:
Managing User Accounts and Access for instructions.