Contributed by Ashok Swaminathan, Senior Director, Database Security
An Oracle database is usually a critical asset that contains some of your organization’s most sensitive information. It is therefore important to monitor database activity regularly to ensure that database accounts are not compromised, privileged users are not accessing data they shouldn’t, and malicious attempts to access important data are identified and investigated. Today, I’d like to focus on the auditing capabilities of Data Safe, which enable you to address these issues.
With Data Safe Activity Auditing, you can monitor user activities on Oracle Cloud databases, collect and retain audit records (per industry and regulatory compliance requirements), and trigger alerts for unusual activity. You can audit sensitive data changes, administrator and user activities, and other activities recommended by the Center for Internet Security. You can set up alerts when a database parameter or audit policy changes, a failed login by an admin occurs, a user entitlement changes, or when a user is created or deleted. The Oracle Database includes a number of pre-defined polices and any of these can be enabled through Data Safe with just a few clicks.
The Data Safe dashboard (Figure 1) lets you quickly spot trends in activity, including alerts. From the dashboard, you can also check on the status of the audit trails (audit trails tell Data Safe where in the database to look for audit data) and see the overall auditing activity.
Figure 1: Data Safe User Activity Auditing Dashboard
Setting up Activity Auditing in Data Safe is a simple 3-step process:
1. Select the targets you want to audit
2. Provision audit policies specifying what audit information will be collected
3. Create audit trails that tell Data Safe from where to collect audit information
Once this is done, Data Safe automatically retrieves audit data and stores it in the secure Data Safe repository (separate from the database being monitored so it can’t be deleted or altered). You can set up alerts on key events based on the predefined set of alerts available in Data Safe Activity Auditing. Interactive reports allow you to look at audit data, filter it as needed and create scheduled reports to meet your security and compliance needs.
There are several activity auditing reports provided (Figure 2), such as, a summary of events collected and alerts, all the audited activities, audit policy changes, admin activity, login activity, database query operations, DDLs, DMLs and User and Entitlement changes. You can view the generated alerts, filter and search for them. Both alerts and audit data reports can be customized and saved, or downloaded in PDF or XLS format.
Figure 2: Admin Activity Reports
Data Safe Auditing is easy to use and can be enabled with a few clicks. If you are operating a database in the Oracle Cloud, and aren’t already using Data Safe, you should make configuring the service and auditing your databases a priority. Data Safe is included with your database service at no additional cost and is one of your best tools to ensure your data is protected in the cloud.
For more information about how Data Safe can secure your users and data in the cloud, see our previous blog, "Data Safe: Five Ways to Help Protect Your Digital Assets" and visit our Data Safe web page.