Copyright © 2012, 2024, Oracle and/or its affiliates.
The image describes Oracle Audit Vault Database Firewall architecture.
Oracle Audit Vault and Database Firewall (Oracle AVDF) audits databases and monitors network-based activities to help manage the security posture of Oracle and non-Oracle databases, hosted in the cloud or on-premises.
Targets include Oracle and non-Oracle databases, as well as operating systems, directory services, and custom targets, such as XML and JSON. You can use Oracle AVDF to monitor hundreds or thousands of targets. For a complete list of supported targets, see the product compatibility matrix.
The Database Firewall monitors SQL traffic from clients (users and applications) to databases and determines whether to allow, log, alert, substitute, or block the SQL. It sends the network events that it captures to the Audit Vault Server. You can optionally install a Host Monitor Agent on the target host to monitor SQL traffic. The Host Monitor Agent sends audit data to the Database Firewall, which then sends the data to the Audit Vault Server.
Audit Vault Agents retrieve audit data from audit trails, which are sources of audit data for the targets. They send the audit data that they collect to the Audit Vault Server. Alternatively, you can use agentless collection for up to 20 Oracle Database and Microsoft SQL Server audit trails. With agentless collection, instead of installing the Audit Vault Agent, you use the agentless collection service that comes with the Audit Vault Server instead of deploying the Audit Vault Agent on the target host machines.
The Audit Vault Server is the central repository of audit data and network events. It also stores the policies and configuration data that are defined by the Oracle AVDF administrator, and it produces reports and alerts for the auditors.
You can deploy Oracle AVDF on-premises or on Oracle Cloud Infrastructure (OCI) by provisioning Oracle AVDF instances through the Oracle Cloud Marketplace. Both types of deployment can monitor targets that are deployed on-premises and on OCI.
You can also configure Oracle AVDF for high availability to maximize reliability and ensure continuity. High availability requires a pair of Audit Vault Server instances or a pair of Database Firewall instances (or both). One instance works as the primary and another instance works as the standby.