DBSAT (Oracle Database Security Assessment Tool) is a utility used to provide security recommendation on how to mitigate identified security risks /gaps on Oracle Databases.
The tool can be used to identify misconfigurations, excessive user privileges, issues with database security policies, and deliver recommendations to better secure the Oracle databases related assets. It can also help to discover and classify regulated sensitive data, from different data dictionaries (English, French, Greek, Italian, German, Portuguese, Spanish).

Oracle Enterprise Manager 24ai DBSAT is Integrated as a Compliance Standard Feature

With the latest release of Oracle Enterprise Manager 24ai, DBSAT is integrated (with EM 13.5) as a Compliance Standard feature and can inspect any database registered to the Enterprise Manager, generating reports, and detect possible security drifts of the inspected databases.

In this post we will use an Oracle Enterprise Manager 24ai, from the Oracle OCI Marketplace image, and an OCI compute node configured with the Oracle Database 19.26 App 20Jan2025 image to demonstrate all integration steps to use this tool in order l to gather the security posture of the 19.26 database.

As a prerequisite, the Oracle Enterprise manager 24ai has to be updated to 24ai Release 1 Update 3.

The MOS doc ID  3050869.2 give all the details about the way to update the Enterprise Manager, and the l associated  agent on the target Linux server, which is hosting the 19.26 database.

The first part of the operations on the OEM is depicted by the below picture:

1- Verify  that the target host agent is already registered in the OEM  and updated to the correct version ie 24.1.0.3
2- Check the container database
3– Go to the Compliance Standards/Search and find the DBSAT
4– Associate the ORCL database with the DBSAT

 

EM 24ai

 

The steps and the results of the DBSAT are displayed below:

  1. Go to the ORLC database and refresh the configuration
  2. Notice the DBSAT tool is deployed, and check the raw results
  3. Go to the Compliance/Dashboard and get the details of the discovery (detailed results, reports, incidents by rule)

 

Enterprise Summary



With the latest version of Oracle Enterprise Manager 24, the setup, configuration, and the inspection of the target databases using the embedded DBSAT tool is getting much easier, and the security of the database assets is greatly enforced. Download Oracle Enterprise Manager and get started today. 


Resources: