| Oracle® Database Vault Administrator's Guide 10g Release 2 (10.2) Part Number B25166-04 |
|
|
View PDF |
| Oracle® Database Vault Administrator's Guide 10g Release 2 (10.2) Part Number B25166-04 |
|
|
View PDF |
This chapter explains how you can monitor activity on Oracle Database Vault. It includes the following sections:
Note:
To make the charts used in the Monitor page accessible for to users of assistive technology, see "Enabling Oracle Database Vault Accessibility" in Oracle Database Vault Installation Guide.You can check the number of policy changes for the categories in the following list. These categories reflect changes in the database that comprise an overall view of the database security policy (that is, its configuration) in any given environment. If something changes that is security related, you can use the chart and tables to drill down to see what is going on. This feature helps you find unexpected changes that should be investigated.
Database Vault policy: Shows changes from the Oracle Database Vault administrative packages or user interface, indicating Oracle Database Vault configuration or policy changes.
Label Security policy: Similar to Database Vault policy, but applies to any Oracle Label Security policy or privilege changes.
Audit Policy: Shows changes to the core database audit policy coming from AUDIT or NOAUDIT statements. Before you can audit the database audit policy, the AUDIT_TRAIL initialization parameter must be set to DB. See "Core RDBMS Auditing Policy" for an example.
Privilege Grants: Shows system or object privilege GRANT statements.
Privilege Revokes: Shows system or object privilege REVOKE statements.
Database Account: Shows CREATE USER, ALTER USER, or DROP USER statements.
Database Role: Shows CREATE ROLE, ALTER ROLE, or DROP ROLE statements.
To obtain the details of policy changes that have taken place, see "Security Policy Changes Detail" for more information.
Follow these steps:
Log in to Oracle Database Vault Administrator using the Oracle Database Vault owner (with the DV_OWNER role) or security analyst account (with the DV_SECANALYST role).
"Starting Oracle Database Vault Administrator" explains how to log on.
In the Administration page, click Monitor.
At the top of the Monitor page, set a period of time for the monitoring action by selecting from the Show Records For list and clicking Go.
This section of the Monitor page also indicates the last time the data on the page was refreshed.
In the Monitor page, click Security Policy Changes by Category.
A graph similar to the following appears:
You can check the details of security policy changes, such the user who made the change, the action that occurred, the time stamp of the change, and so on. To determine the number of changes to categories of security policies, see "Security Policy Changes by Category" for more information.
Follow these steps:
Log in to Oracle Database Vault Administrator with an account that uses the DV_OWNER, DV_ADMIN, or DV_SECANALYST role.
"Starting Oracle Database Vault Administrator" explains how to log in.
In the Administration page, click Monitor.
At the top of the Monitor page, set a period of time for the monitoring action by selecting from the Show Records For list and clicking Go.
This section of the page also indicates the last time the data on the page was refreshed.
In the Monitor page, click Security Policy Changes by Detail.
A table appears, listing security policy changes for the following areas:
| |
Time stamp | Return Code |
| |
User Name | Action Object Name |
| |
User Host | Rule Set Name |
| |
Action Name | Action Command |
You can check for security violations, finding out data such as the user name of the person committing the violation, the action they committed, and a time stamp of the activity.
Follow these steps:
Log in to Oracle Database Vault Administrator with an account that uses the DV_OWNER, DV_ADMIN, or DV_SECANALYST role.
"Starting Oracle Database Vault Administrator" explains how to log in.
In the Administration page, click Monitor.
At the top of the Monitor page, set a period of time for the monitoring action by selecting from the Show Records For list and clicking Go.
This section of the Monitor page also indicates the last time the data on the page was refreshed.
In the Monitor page, click Security Violation Attempts.
A table appears, listing security policy changes for the following areas:
| |
Time stamp | Return Code |
| |
User Name | Action Object Name |
| |
User Host | Rule Set Name |
| |
Action Name | Action Command |
You can view structural changes to the database or database schema objects. This feature also audits statements such as CREATE TABLE, ALTER TABLE, DROP TABLE, and ALTER DATABASE . It audits all commands, not just commands that are used in command rules. For example, if someone has unexpectedly altered a table on a production system, you can use this feature to determine what is happening.
Follow these steps:
Log in to Oracle Database Vault Administrator with an account that uses the DV_OWNER, DV_ADMIN, or DV_SECANALYST role.
"Starting Oracle Database Vault Administrator" explains how to log in.
In the Administration page, click Monitor.
At the top of the Monitor page, set a period of time for the monitoring action by selecting from the Show Records For list and clicking Go.
This section of the Monitor page also indicates the last time the data on the page was refreshed.
In the Monitor page, click Database Configuration and Structural Changes.
A table similar to the following appears:
