3 Managing Targets

You can view and change target settings, create and modify target groups, manage compliance settings, and set access rights to targets and groups.

3.1 About Managing Targets

Targets are created by an Oracle Audit Vault and Database Firewall administrator.

A target is created for each database or other supported audit source for which you want to retrieve audit data, and for a database you want to monitor with a Database Firewall.

As an auditor, you can view data for targets to which a super auditor has granted you access.

You can use the Targets tab of the Audit Vault Server console to control the following aspects of the targets that you can access:

  • View and sort the list of targets.

  • View and access the following for each target:

    • Audit Trails

    • Database Firewall Monitoring

    • Target Groups

    • Access Rights

    • User Entitlements Snapshots

3.2 Viewing and Changing Settings for a Target

You can view and change settings such as policy settings, entitlement data, or a list of audit trails for a target.

3.2.1 Viewing Audit Data Collection and Database Firewall Monitoring Details for Targets

You can view audit data collection and database firewall monitoring details for each target on the Targets tab.

  1. Log into the Audit Vault Server console as an auditor.
  2. Click the Targets tab.
  3. Select a target from the list.

    On the target details page, you can view the following information about the target:

    • Connect String
    • Description
    • Retention Policy displays the data retention policy that is currently in effect for the target. You can also select a new policy here.
    • Audit Data Collection displays details about the current audit trails that are configured for the target. Details include the audit trail location, trail type, status, name of the agent, time the collection was last started, and time until which data was collected.
    • For database targets, the Database Firewall Monitoring displays details about the current database firewall monitoring points that are configured for the target. Details include the connection details, database firewall name, status, traffic source, proxy port, and deployment mode. You can also view and change the database firewall monitoring policy here.

3.2.2 Scheduling the Retrieval of Audit Settings for an Oracle Database

To retrieve audit policy settings for an Oracle Database, schedule an audit policy retrieval job for the target.

After patching to Oracle AVDF 20.12, you will need to
  1. Rerun the Oracle privileges script for successful audit policy retrieval for container database targets. For more information see Oracle Database Setup Scripts.
  2. Retrieve audit policies before provisioning or viewing audit policies. For more information see Retrieving and Modifying Audit Policies from an Oracle Database
  1. Log in to the Audit Vault Server console as an auditor.
  2. Click the Targets tab.
  3. Click the Schedule Retrieval Jobs icon for the target.
  4. On the Schedule Retrieval Jobs page, select one of the following options under Audit Policy:

    • To run the job immediately, select Retrieve Immediately.
    • To schedule the job or change an existing schedule, follow these steps:

      1. Select Create/Update Schedule.
      2. Select Enable.
      3. Enter the start date and time and the repetition frequency.
  5. Click Save.

3.2.3 Retrieving User Entitlement Data for Oracle Database Targets

To retrieve data for user entitlement snapshots, submit or schedule a user entitlement retrieval job for an Oracle Database target.

  1. Log in to the Audit Vault Server console as an auditor.
  2. Click the Targets tab.
  3. Click the Schedule Retrieval Jobs icon for the target.
  4. On the Schedule Retrieval Jobs page, select one of the following options under User Entitlements:

    • To run the job immediately, select Retrieve Immediately.
    • To schedule the job or change an existing schedule, follow these steps:

      1. Select Create/Update Schedule.
      2. Select Enable.
      3. Enter the start date and time and the repetition frequency.
  5. Click Save.

Note:

All user entitlement snapshots will be purged after 18 months from the time of data retrieval.

3.2.4 Retrieving Security Assessment Data for Oracle Database Targets

To retrieve data for the security assessment reports, submit or schedule the security assessment retrieval job for an Oracle Database target.

When an Oracle Database is registered as a target in Oracle AVDF, the first security assessment job is submitted automatically. You can then manually submit the job to run immediately or schedule it to run at a specified frequency, such as weekly or monthly.

Note:

All assessment data will be purged after 18 months from the time of data retrieval.

For implementing Database Security Posture Management (DSPM), it is recommended to schedule the Security Assessment retrieval job for each target.

To create or change a security assessment retrieval job:

  1. Log in to the Audit Vault Server console as an auditor.
  2. Click the Targets tab.
  3. Click the Schedule Retrieval Jobs icon for the target.
  4. On the Schedule Retrieval Jobs page, select one of the following options under Security Assessment:

    • To run the job immediately, select Assess Immediately.
    • To schedule the job or change an existing schedule, follow these steps:

      1. Select Create/Update Schedule.
      2. Select Enable.
      3. Enter the start date and time and the repetition frequency.
  5. Click Save.

3.2.5 Retrieving Sensitive Objects for Oracle Database Targets

To identify privileged users and sensitive data for data discovery, submit or schedule the sensitive data retrieval job for an Oracle Database target.

When an Oracle Database is registered as a target in Oracle AVDF, the first data discovery job is submitted automatically. You can then manually submit the job to run immediately or schedule it to run at a specified frequency, such as weekly or monthly.

To create or change a sensitive data discovery job:

  1. Log in to the Audit Vault Server console as an auditor.
  2. Click the Targets tab.
  3. Click the Schedule Retrieval Jobs icon for the target.
  4. On the Schedule Retrieval Jobs page, select one of the following options under Sensitive Objects:
    • To run the job immediately, select Discover Immediately.
    • To schedule the job or change an existing schedule, follow these steps:

      1. Select Create/Update Schedule.
      2. Select Enable.
      3. Enter the start date and time and the repetition frequency.
    • To disable the schedule, follow these steps:
      1. Select Create/Update Schedule.
      2. Select Disable.

        Note:

        Disabling the schedule does not revoke the user privileges for data discovery on the Oracle Database. Disabling the schedule only stops the schedule and prevents the sensitive data from updating.
  5. Click Save.

3.2.6 Activating Stored Procedure Auditing

To retrieve data for the stored procedure auditing reports, schedule the stored procedure auditing retrieval job for a database target.

  1. Log in to the Audit Vault Server console as an auditor.
  2. Click the Targets tab.
  3. Click the Schedule Retrieval Jobs icon for the target.
  4. Under Stored Procedure Auditing, follow these steps:

    1. Select Create/Update Schedule.
    2. Select Enable.
    3. Enter the start date and time and the repetition frequency.
  5. Click Save.

Note:

See Oracle Audit Vault and Database Firewall Administrator's Guide for information about collecting stored procedure changes from a target database. An Oracle Audit Vault and Database Firewall administrator must run scripts to set up the correct user privileges on the target database.

3.2.7 Viewing a List of Audit Trails for a Target

An Oracle Audit Vault and Database Firewall administrator starts and stops audit trails.

As an auditor, you can view lists of audit trails for targets you have access to. You can see the trails collected for one or more targets.
  1. Log into the Audit Vault Server console as an auditor.
  2. Click Targets tab.
  3. Click Audit Trails in the left navigation menu.
  4. Select a target from the list displayed. The details pertaining to the specific target is displayed on the screen.
  5. Scroll down. The Audit Data Collection tab is selected by default.

    The audit trails for the target are listed in a table with the following columns:

    • Audit Trail Location
    • Audit Trail Status
    • Audit Trail Type
    • Collection Agent
    • Last Start At
  6. Optionally, click on the column name title for the following options:
    • Sort Ascending
    • Sort Descending
    • Hide Column
    • Control Break

    There is search field and other options available.

3.2.8 Selecting a Firewall Policy

If a target is a database monitored by a Database Firewall, you can upload or change the firewall policy assigned to the target.

  1. Log into the Audit Vault Server console as an auditor.
  2. Click Policies tab
  3. Click Database Firewall Policies tab in the left navigation menu.
  4. A list of User-defined Database Firewall Policies and Pre-defined Database Firewall Policies are displayed on the screen.
  5. Click on a specific target to view the firewall policy defined. You can make changes to the policy here from this screen.

See Also:

3.2.9 Viewing a List of Database Firewall Monitoring Points

An Oracle Audit Vault and Database Firewall administrator creates monitoring points for database targets monitored by Database Firewall.

As an auditor, you can see the Database Firewall monitoring points configured for the database targets you have access to. You can see the monitoring points for one target or for all your targets.

3.2.9.1 Viewing a List of Monitoring Points for a Database Target

You can access a list of monitoring points for a database target.

  1. Log into the Audit Vault Server console as an auditor.
  2. Click on Targets tab.
    The Targets sub tab in the left navigation menu is selected by default. The main page lists all the targets configured.
  3. Select a specific target.
  4. Scroll down and click on Database Firewall Monitoring sub tab. It contains a list of all the Database Firewall monitoring points associated with this target. This section is not visible if the target is not a database.
3.2.9.2 Viewing a List of Monitoring Points for All Your Target Databases

You can access a list monitoring points configured for all your database targets.

  1. Log in to the Audit Vault Server console as an auditor.
  2. Click on Targets tab.
  3. From the left navigation menu, click Database Firewall Monitoring.
  4. The main page lists all the targets and the status of the corresponding Database Firewall monitoring points. Click the name of the specific target to see its details.

3.2.10 Setting a Data Retention (Archiving) Policy

The data retention policy for a target determines how long audit data is retained for that target.

An Oracle Audit Vault and Database Firewall administrator creates retention policies, and an auditor selects one of the available policies to assign to a target. If you do not select a retention policy for a target, the default retention policy will be used (12 months retention online and 12 months in archives before purging). Do not set the retention policy after data collection has started from the target. After the retention period is reached, the archived data is purged and cannot be retrieved. A new retention policy takes effect as of the date you select the policy, but does not apply to existing data.
  1. Log in to the Audit Vault Server console as an auditor.
  2. Click on Targets tab.
    The Targets sub tab in the left navigation menu is selected by default. The main page lists all the targets configured.
  3. Select a target from the list.
  4. The Retention Policy field displays the duration of the retention and archival policy for the specific target.
  5. To set or change the retention policy, click the edit icon next to the Retention Policy field. Select from the available retention policies.
  6. Click Save.

See Also:

3.3 Creating and Modifying Target Groups

You can create and modify a named group of targets.

3.3.1 About Target Groups

A super auditor can organize multiple targets into a group to grant auditor access to them in one operation instead of individually.

Oracle Audit Vault and Database Firewall provides a set of preconfigured user groups related to compliance categories, for example HIPAA or DPA. You can add targets to those groups to generate the specific compliance reports related to those databases.

3.3.2 Creating and Modifying Target Groups

You must be a super auditor to create and modify target groups.

Creating a target group

  1. Log in to the Audit Vault Server console as a super auditor.

  2. Click Targets tab.

  3. Click Target Groups tab in the left navigation menu. A list of User-define Groups and Pre-configured Groups are displayed on the screen.

  4. Click Create button in the top right corner.

  5. In the Create Target Group dialog, do the following:

  6. Click Save.

Modifying a target group

  1. Log in to the Audit Vault Server console as a super auditor.

  2. Click Targets tab.

  3. Click Target Groups tab in the left navigation menu. A list of User-define Groups and Pre-configured Groups are displayed on the screen.

  4. Click the name of the target group to modify.

  5. In the Modify Target Group dialog, perform any of the following modifications:

  6. Click Save.

3.4 Managing Compliance for Target Databases

To ensure that the correct compliance reports are available for target databases, you add those targets to the appropriate preconfigured group in the Audit Vault Server.

To assign a target to a compliance group:

  1. Log in to the Audit Vault Server console as an auditor.
  2. Click Targets tab.
  3. Click Target Groups tab in the left navigation menu.

    A list of User-defined Groups and Pre-configured Groups are displayed on the screen.

  4. In the Pre-configured Groups section, click on a specific group name.
  5. In the Modify Target Group dialog:
  6. Click Save.

    See Also:

3.5 Setting Access Rights for Targets and Groups

If you have the super auditor role in Oracle Audit Vault and Database Firewall, you can set access rights for targets and groups.

Only auditors that have been granted access to specific targets or groups will be able to see them or data related to them. You can manage access by target or group, or by user.

See Also:

Managing User Accounts and Access for instructions.