Notifications in OCI provide a common, efficient infrastructure for operational alerts and application integration. OCI notifications are reliable, low latency, and implement a publish and subscribe paradigm that reduces the need for polling by connected applications. Setting up notifications from scratch can be challenging, however. This is why Data Safe now makes it easier to configure notifications. Notifications allow you to quickly set up and receive messages informing you about a variety of different events and conditions in Data Safe. Best of all, you can now define notifications directly within the Data Safe console without navigating away from the feature you are working on. Notifications can improve operational security by alerting you with an email, SMS message, or Slack message when something in your database environment changes.
To understand how we've made notifications easier to use, it’s necessary to first understand a little bit about how OCI notifications work. OCI notifications involve creating and associating OCI resources to create operational alerts. These resources include:
Putting it all together, an event that meets conditions defined by a rule triggers a notification that is sent to subscribers of a topic.
We've added contextual notifications to the Data Safe console to make setting up notifications easy for users. We are calling these contextual notifications because the events you choose from are now displayed within the context of the Data Safe function you are working with. No more scrolling through hundreds of different events trying to find the ones that are relevant to you!
A new notifications tab can be found in the various features of Data Safe, allowing you to create and manage notifications for a Data Safe feature while working in the context of that feature. You will find notification tabs in many areas of the Data Safe console, for example:
To make getting started with notifications even easier, we created quick-start templates for the most common use cases. Let's look at an example of creating a simple but useful notification to show you how this works.
Many data breaches can trace their cause to administrator error. A frequent source of that error is configuration drift. A setting or parameter is changed – often to facilitate troubleshooting or solve an urgent operational issue – and that change weakens the system's security. Data Safe helps you identify this type of "drift" away from an approved security baseline, and notifications can bring that drift quickly to your attention. Let's use the new notifications capability to email us if Data Safe spots configuration drift. We first open the Security assessment page and click the new notifications tab.
On the notifications tab we see quick start templates – these are ready-to-go notification policies that make sense in the context of the Data Safe area you are working in. We’ll click A security assessment has drifted from baseline to create our notification.
To create our notification, we add three things to the template:
That’s all it takes – click Create notification, and the next time Data Safe detects that the most recent security assessment doesn’t match the baseline, you’ll get an email letting you know.
Note: for email subscriptions, Data Safe will first send an email to the address you entered asking you to confirm you wish to subscribe to the notification. Until you confirm the subscription, Data Safe will not actually send a notification email to that address.
You’ll find the new notification tabs throughout Data Safe – wherever it makes sense in the context of the screen you are working with to proactively notify you that something has changed. These include:
Notifications work the same way throughout Data Safe except for Target-policy associations in the alert console. We'll look at an example of that next.
Data Safe includes several predefined alert policies for conditions like SQL Firewall violations, user profile changes, user entitlement changes, etc. When Data Safe detects the conditions defined by one of these policies, an alert is created, which you can view in the All alerts report. Alerts can also trigger an alarm, which in turn can be used to trigger a notification. Target-policy associations allow you to enable an alert policy for a Data Safe target database.
At first glance, these are similar to other notifications – two quick start templates are defined.
These predefined templates make sense for Data Safe instances with just a few target databases. But as the number of target databases increases, the number of alerts generated in the system may also increase, and it might make sense to define your notification more narrowly. Let's take a look at a common use case – user entitlements.
We’re going to narrow down the conditions Data Safe will check to send us an alert so that we don’t receive notifications for things we don’t care about. In the case of user entitlement changes, I might only care if a new entitlement is granted, but not care if an entitlement is revoked. To create this kind of custom notification, we will click Create notification (the grey button) instead of using one of the templates. Then, we’ll click Advanced alarm notification. This opens a form where we can create our advanced notification. In the screenshot below you’ll see that I’ve added callouts to indicate where changes are entered into the form – for this use case, there are eight of them. That number will vary depending on how many rules you create.
Click Create notification and you’re done! You’ll be notified whenever Data Safe detects a user entitlement change AND that change is a grant.
By stacking different conditions you can narrow your notification focus to just those alerts you care about, reducing the “noise” of unnecessary notifications.
Note: conditions are always cumulative – always an “and” operation. There is no ability to have an “or” or “not” condition.
And that’s all there is to it. Notifications are extremely flexible and can be tailored for a wide variety of use cases. If you’d like to see the new feature in operation, here is a short video that walks you through several ways of using it. Visit the Data Safe documentation to learn more about contextual notifications and explore how you can use this capability to improve your operation security.
To learn more about Data Safe, you can view this short introductory video. For a hands-on tour, visit our Data Safe tutorials on Oracle LiveLabs. You can also experience using Data Safe with your own databases and data by taking advantage of the Oracle Autonomous Database 30-day free trial.
Bettina Schaeumer is a Senior Principal Product Manager for Database Security, responsible for Oracle Data Safe. Bettina is based in the Bay Area, California. She has more than twenty years of experience in product and solution management, go-to-market strategies, sales operations, sales enablement, program management and consulting for major software companies. While covering a variety of solutions in enterprise software, business networks, business analytics, internet of things,
technology and database systems throughout her career, she is focusing on databases and database security in the past few years.