23 Monitoring Oracle Database Vault
You can monitor Oracle Database Vault by checking for violations to the Database Vault configurations and by tracking changes to policies.
Topics:
Monitoring Security Violation Attempts
You should periodically check for violations to the Oracle Database Vault configuration.
Topics:
About Monitoring Security Violation Attempts
You can check for security violations, such as realm or command rule violations.
This feature displays data such as the user name of the person committing the violation, the action they committed, and a time stamp of the activity.
Before you can view these events, if you have not migrated your database to unified auditing, then you must ensure that the AUDIT_TRAIL initialization parameter is set to DB or DB, EXTENDED. If you have migrated your database to use unified auditing, then you do not need to configure any additional settings. You are ready to check for security violations.
Using Oracle Database Vault Administrator to Monitor Security Violations
A user who has been granted the appropriate role can use Oracle Database Vault Administrator to monitor security violations.
- In the Attempted Violations Report page, set the period of time and other filter settings to define the data that you want to capture, and then click Go.
The report appears, similar to the following page:
Monitoring Security Policy Changes
You should periodically check for changes to the Oracle Database Vault configuration.
Topics:
About Monitoring Security Policy Changes
The Database Vault Policy Change Report in Oracle Database Vault Administrator tracks changes that have been made to security settings.
You can check the number of policy changes for the categories in the following list. These categories reflect changes to the database security policy (that is, its configuration) in any given environment. If something changes that is security related, you can use the chart and tables to drill down to find unexpected changes that should be investigated.
Before you can view these events, if you have not migrated your database to unified auditing, then you must ensure that the AUDIT_TRAIL initialization parameter is set to DB or DB, EXTENDED. If you have migrated your database to use unified auditing, you do not need to configure any additional settings. You are ready to check for changes to Database Vault policies.
-
Database Vault policy: Shows changes made through the Oracle Database Vault administrative packages or user interface, indicating Oracle Database Vault configuration or policy changes.
-
Label Security policy: Shows changes made through the Oracle Database Vault administrative packages or user interface, indicating Oracle Label Security policy or privilege changes.
-
Audit Policy: Shows changes to the database audit policy coming from
AUDITorNOAUDITstatements. -
Privilege Grants: Shows changes to system or object privilege
GRANTstatements. -
Privilege Revokes: Shows changes to system or object privilege
REVOKEstatements. -
Database Account: Shows changes to
CREATE USER,ALTER USER, orDROP USERstatements. -
Database Role: Shows changes to
CREATE ROLE,ALTER ROLE, orDROP ROLEstatements.
Using Oracle Database Vault to Monitor Security Policy Changes by Category
A user who has been granted the appropriate role can use Oracle Database Vault Administrator to monitor security policy changes by category.
- In the Attempted Violations Report page, set the period of time and other filter settings to define the data that you want to capture, and then click Go.
The report appears, similar to the following page:
