Communities
|
Social Applications
Networks
Support
|
|
C-Level Executives
Other Roles
|
|
Support
Education
Partner
Other Tasks
|
Frequently Asked Questions
Overview
- What is Oracle Audit Vault?
- What features are available in Audit Vault?
- Who is the target market for Oracle Audit Vault?
- What are the key benefits of Oracle Audit Vault?
- How does Oracle Audit Vault simplify compliance reporting?
- How does Oracle Audit Vault detect threats early?
- How does Oracle Audit Vault provide security and scalability?
- Does Oracle Audit Vault support non-Oracle databases and applications?
How Audit Vault Helps Customers Meet Compliance with Database Monitoring
- Many customers are looking to follow the COSO/COBIT framework for their compliance auditing requirements. How does Oracle Audit Vault help them?
- How does Oracle Audit Vault help with PCI compliance?
- How does Oracle Audit Vault fit into Oracle’s compliance framework/GRC solution/strategy?
- What should a customer audit in a database to help meet compliance regulations?
- How prevalent is database auditing?
- How are customers addressing the auditing problem today?
Audit Vault Reports
- What kind of reports does Oracle Audit Vault provide out of the box?
- Can you customize reports based on my needs?
- Can you automatically schedule reports to run?
- How extensive is audit data collection for Oracle and the other supported non-Oracle database?
- If SQL Server, IBM DB2, Sybase and Oracle audit trail records are different, how are reports/alerts consolidated?
Audit Vault Technical Information – General
- How does Oracle Audit Vault transparently collect and consolidate Audit Data?
- What kind of audit events do Oracle, SQL Server, IBM DB2, and Sybase databases support?
- What platforms does Oracle Audit Vault server run on?
- What platforms does the Oracle Audit Vault Collection Agent support?
- Will an organization need to purchase an agent for each type of database and/or each instance?
- Can Oracle Audit Vault centrally manage audit policies on SQL Server, IBM DB2, or Sybase?
- How does Oracle Audit Vault differ from Oracle Database Vault?
Audit Vault Technical Information - Oracle
- What kind of Oracle Database monitoring does Audit Vault provide?
- Where should customers write their Oracle audit trail?
- What versions of the Oracle Database does Oracle Audit Vault support?
- What Oracle database editions does Oracle Audit Vault support?
- Does Audit Vault require GLOBAL_NAMES=TRUE for the target database?
Audit Vault Technical Information – Microsoft SQL Server
- What kind of auditing can be collected from SQL Server?
- What kind of performance overhead is there for turning on auditing on SQL Server?
- Are there different options for SQL Server auditing like writing to database, OS file, system log, etc. and if so what do we recommend?
Audit Vault Technical Information – IBM DB2 UDB
- What kind of auditing can be collected from IBM DB2?
- What kind of performance overhead is there for turning on auditing on IBM DB2?
- Are there different options for IBM DB2 auditing like writing to database, OS file, system log, etc. and if so what do we recommend?
Audit Vault Technical Information – Sybase ASE
- What kind of auditing can be collected from Sybase ASE?
- What kind of performance overhead is there for turning on auditing on Sybase ASE?
- Are there different options for Sybase ASE auditing like writing to database, OS file, system log, etc. and if so what do we recommend?
For More Information
- Where to I go to find best practices on how to deploy Audit Vault in my environment?
- Is there Oracle Audit Vault training available?
- Where do I go to learn more?
- Is there an external forum on Oracle Audit Vault?
Answers
1. What is Oracle Audit Vault?
Oracle Audit Vault automates the audit collection and analysis process, turning audit data into a key security resource to help address today's top business challenges around compliance and insider threats. Oracle Audit Vault helps organizations enforce the trust-but-verify security principle and is part of Oracle's overall defense-in-depth security strategy that includes other components such as Oracle Database Vault for controlling access, Oracle Advanced Security for Transparent Data Encryption, and Oracle Identity Management for user management. The latest release of Oracle Audit Vault provides the ability to automate the database audit process with new report scheduling, notification, attestation, and archiving capabilities that can help organizations lower the cost of complying with internal and external data privacy and protection mandates. Oracle Audit Vault now includes new Entitlement reports with up-to-date snapshots of Oracle Database users, privileges, and profiles, which allow auditors to track changes to database access. It also includes new compliance reports to specifically help address Sarbanes-Oxley (SOX) Act, the Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry (PCI) Data Security Standard (DSS) regulatory requirements for database activity monitoring and audit.
Oracle Audit Vault further reduces operational costs of database auditing by automating the cleanup of audit trail data from supported Oracle and non-Oracle databases once that audit data has been securely consolidated in the Oracle Audit Vault repository. To further help organizations streamline the database activity monitoring and audit process, and respond quickly to security and regulatory exceptions, Oracle Audit Vault now supports email of alerts as well as an automated interface to BMC Remedy IT Service Management Suite, a leading solution for ITIL-aligned service management processes. Audit Vault provides automated cleanup of audit trail data after it has been securely stored in the Audit Vault repository.
2. What features are available in Oracle Audit Vault?
Oracle Audit Vault transparently collects and consolidates audit data, providing valuable insight into who did what to which data when – including privileged users who have direct access to the database. With Oracle Audit Vault reports, alert notifications, and centralized audit policy management, the risks from internal threat and the cost of compliance are greatly reduced.
Feature | 10.2.2 | 10.2.3 | 10.2.3.2 |
Collect Oracle Database audit logs | |||
SQL Server, IBM DB2 LUW, Sybase ASE | |||
Out-of-the-box Reports | |||
Alerts | |||
Documented warehouse schema | |||
Policy Manager for Oracle databases | |||
Audit trail Clean-Up | Oracle only | SQL Server, DB2 | |
Compliance reports (PCI, HIPAA, …..) | |||
Entitlement reports (users, privileges, ...) | |||
Reports Archive, PDF, Customization | |||
Reports Scheduling, Attestation, Notification | |||
Alerts Email and Remedy Integration |
3. Who is the target market for Oracle Audit Vault?
Oracle Audit Vault is a cross vertical product, appealing to any organization with data security, data privacy, and regulatory compliance challenges such as Sarbanes-Oxley (SOX) or Payment Card Industry Data Security Standard (DSS). Specific industries with governance requirements will likely have strong interest in Audit Vault and be likely first adopters, including financial services, insurance, healthcare, pharmaceuticals, retail, energy, and government. In addition, customers who are increasingly concerned with insider threats and monitoring DBA or privileged user activity, especially with outsourced administration will be interested in Audit Vault.
4. What are the key benefits of Oracle Audit Vault?
Oracle Audit Vault addresses today's compliance and insider threat challenges by helping:
- Transparent Collection and Consolidation of Audit Data
- Simplify Compliance Reporting with out of the box reports for SOX, PCI, and HIPAA
- Detect Threats Early with email and BMC Remedy Integration
- Provide a Secure and Scalable Repository
- Lower Cost and Complexity of Compliance with Audit Policies
5. How does Oracle Audit Vault simplify compliance reporting?
Using Oracle Audit Vault, audit data is consolidated from across the enterprise, enabling internal/external IT Auditors, and IT security officers to utilize built-in reports and obtain an enterprise wide view of user access and activity. Audit Vault provides specific reports in the area of SOX, PCI, and HIPAA that can be further customized by database and object level filtering. In addition the new Entitlement reports provides Oracle database users, roles, and their privileges information which internal and external auditor’s alike use to review access controls to the data. Reports relating to privileged user access, account management activity, role management activity, data access activity, and failed login attempts are included with Oracle Audit Vault. The drill-down capability provides full visibility into the details of the what, where, when, and who of the audit events. The flexibility of Audit Vault Reports also allows you to create customized reports to meet your business needs.
6. How does Oracle Audit Vault detect threats early?
Oracle Audit Vault continuously monitors inbound audit data, generating alerts based on IT policies, providing a proactive early warning for potential problems. Examples of alerts that can be defined include privileged user changes, schema modifications, and sensitive application data access. Audit Vault provides an Alert report to view who and what violated security policies as well as integration to email to notify the security team of compliance violations and BMC Remedy to track and record analysis of the violations and alerts.
7. How does Oracle Audit Vault provide security and scalability?
Oracle Audit Vault provides a secure audit warehouse environment designed for the storage, protection and analysis of large amounts of audit data. Oracle Audit Vault implements separation of duty to strictly control access and prevent tampering of audit data by utilizing Oracle Database Vault. To protect audit data being sent over the network, Audit Vault includes the Advanced Security Option to encrypt network traffic. Oracle Audit Vault leverages all the scaling features of Oracle database including Oracle Partitioning and database compression to enhance manageability and performance, enabling audit data to be physically partitioned based on business requirements.
Oracle Audit Vault can optionally be deployed with Oracle Real Application Clusters (RAC) for additional scalability and Oracle Data Guard for disaster recovery.
8. Does Oracle Audit Vault support non-Oracle databases and applications?
Oracle Audit Vault 10.2.3.1 supports Oracle Database Versions 9.2 through 11.2, SQL Server 2003, 2005 & 2008, Sybase ASE 12.5.4 and 15.0, and IBM DB2 LUW 8.2 and 9.5.
Audit Vault extracts audit records produced by the database's native audit facility so no special certification is required by the application since it is transparent. Any packaged application such as Oracle E-Business Suite, PSFT, Siebel, and SAP work seamlessly with Audit Vault to collect the native audit records.
E-Business Suite suggests that auditing and monitoring of privileged users, user sessions, database links, and database changes is a key element in monitoring and securing your applications. Please see Metalink Note 189367.1. Audit Vault supports all versions of E-Business Suite that sit on top of Oracle database versions 9.2.x forward.
In addition, the Oracle database column, client_identifier, can be used to pass the end application user to the native audit record. E-Business Suite updates client_identifier automatically starting with version 12 of the appplication, PeopleTools starting with 8.50, and SAP kernal version starting with 7.10. The client_identifier value can be used in the Audit Vault reports to view the application user, OS user, and database connection user information for forensic analysis.
9. Many customers are looking to follow the COSO/COBIT framework for their compliance auditing requirements. How does Oracle Audit Vault help them?
Oracle Audit Vault meets COBIT objectives such as the ability to monitor and report activities such as changes in audit policy, successful and failed logons, alerting for failed logons, tracking of user privileges and general system security via event logs. For example, the table below lists the COBIT objectives for auditing/monitoring database activity.
COBIT Section | Description | Audit Vault Report |
DS 5.3 | Identity Management | User Entitlement Reports Database Logon |
DS 5.4 | User Account Management | User Privilege Change Activity Report Attestation |
DS 5.5 | Security Testing, Surveillance and Monitoring | Audit Vault Policy Manager Report Attestation |
DS 5.7 | Protection of Security Technology | User Entitlement Reports |
DS 11.6 | Security Requirements for Data | Financial Related Data Modifications |
AC 2 | Source Data Collection and Entry | Program Changes |
DS 9.3 | Configuration Integrity Review – Audit Audit Vault | Policy Manger, User Entitlements, Program Changes |
10. How does Oracle Audit Vault help with PCI compliance?
The Payment Card Industry (major credit card companies) has developed the Data Security Standard (DSS) as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing card payments must be PCI compliant or they risk losing the ability to process credit card payments. Based on Security Audit Procedures v 1.1, Requirement 10: Track and monitor all access to network resources and cardholder data, Oracle Audit Vault helps organizations to address each of these requirements. PCI DSS details security procedures, specifying that organizations must
- “implement automated audit trails for all system components,”
- “secure audit trails so they cannot be altered,”
- “limit viewing of audit trails to those with a job-related need,”
- “protect audit trail files from unauthorized modifications,” and
- “retain audit trail history for at least one year, with a minimum of three months available online.”
DSS Req | Regulation Description | Audit Vault Value Add |
2.2.3 | Configure system security parameters to prevent misuse. | Oracle Audit Vault consolidates audit data from across databases and reports on changes. |
10.1 | Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user. | Oracle Audit Vault reports all privileged user activity |
10.2 | Implement automated audit trails for all system components | Oracle Audit Vault automates the collection and secures the audit trail |
10.3 | Record User identification, type of event, Date and time, Success or failure indication, Origination of event, and Identity or name of affected data, system component, or resource | Oracle Audit Vault utilizes native database auditing to capture the who, what, and where of database activity |
10.6 | Review logs for all system components at least daily | Oracle Audit Vault provides out of the box reports for easy viewing |
10.7 | Retain audit trail history for at least one year, with a minimum of three months online availability. | Oracle Audit Vault provides automatic deletion of audit data when the business need is met |
For more information on how Oracle products support PCI, please go to...
11. How does Oracle Audit Vault fit into Oracle’s compliance framework/GRC solution/strategy?
Oracle Audit Vault is part of Oracle’s Governance, Risk, and Compliance (GRC) platform and serves as an audit repository and audit analysis tool for database monitoring. Oracle Audit Vault serves as the backbone of secure audit, one of the five principle areas identified in the Oracle GRC platform.
12. What should a customer audit in a database to help meet compliance regulations?
In most enterprise environments, auditing of basic activities such as failed and successful logins, privileged user activity, database schema changes, and user policy changes will be required by IT auditors. In Oracle Database 11g, standard database auditing is turned on by default and security audit policies are turned on to start your database monitoring. Many internal and external audits are verifying that monitoring is being done in these areas.
· Accounts, Roles & Permissions
Do you have visibility of GRANT and REVOKE activities?
Failed Logins
Do you have visibility of failed logins and other exception activities?
· Privileged User Activity
Do you have visibility of user’s activities?
· Access to Sensitive Data
Can you have visibility into what information is being queried (SELECTs)?
Schema Changes
Are you aware of CREATE, DROP and ALTER Commands that are occurring on identified Tables / Columns?
· Data Changes
Do you have visibility into Insert, Update, Merge, Delete commands?
For more information on Oracle Database Auditing, go to http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#BCGIDBFI
13. How prevalent is database auditing?
Database Auditing is commonly used in more regulated industries such as Financial Services, Health Care, Energy, and Public sector. Some customers do heavy auditing, while some mainly audit the privileged user activities. After Oracle released fine-grain auditing (FGA) in Oracle9i, many customers started to use that to audit access to sensitive data. More companies have now started to audit database activity to meet requirements for SOX, HIPAA, and to protect PII data.
According to the IOUG survey results in a report entitled:
14. How are customers addressing the auditing problem today?
To meet the requirements from auditors, most customers are using homegrown scripts to collect analyze audit data. Besides running into the well-known challenges of using manual methods and scripts, they have difficulty in collecting the audit data from multiple systems, scaling up, securing the audit data, analyzing it for alerts and other irregularities, creating reports to meet individual requirements from the auditors, and in being able to collect the audit settings centrally. Since archival and management of audit data has become a mandatory requirement for many compliance regulations, it requires a scalable, secure, and flexible product that meets the requirements not just for this quarter, but for years to come.
15. What kind of reports does Oracle Audit Vault provide out of the box?
Oracle Audit Vault provides powerful built-in reports to monitor a wide range of activity including privileged user activity and changes to database structures. The reports provide visibility into activities and provide detailed information on who, what, when and where. The Audit Vault reports have an easy-to-use interface with the ability to create customized reports and charts and graphs. Report columns can be re-ordered as well as removed. Rules can be put in place to automatically highlight specific rows so that report users can quickly spot suspicious or unauthorized activity. Out-of-the-box reports include information on database account management, roles and privileges, object management, and login failures. Reports include audit information from Oracle, Microsoft SQL Server. IBM DB2, and Sybase ASE databases, providing a holistic picture of activity across the enterprise.
The latest release of Oracle Audit Vault provides exciting new Entitlement reports to provide Oracle database user, privileges and roles as well as compare the changes to those users between two time periods. Oracle Audit Vault provides numerous compliance reports categorized into areas of PCI, SOX, and HIPAA.
To find a complete list of Audit Vault Reports, please take a look at the Audit Vault Auditor's Guide.
16. Can you customize reports based on my needs?
Oracle Audit Vault provides an easy-to-use out of the box reports with the ability to create customized reports based on your business requirements and colorful charts and graphs as well. Report columns can be re-ordered as well as removed. Rules can be put in place to automatically highlight specific rows so that report users can quickly spot suspicious or unauthorized activity. Once you have defined the report the way you like it, the report definition is saved in the Customized Reports view for you to access each time you log into Audit Vault Console.
17. Can you automatically schedule reports to run?
The latest release of Audit Vault, 10.2.3.2, provides the ability to schedule reports to run on a periodic basis. After the report has completed, an automatic email can be sent with the attached PDF report or a URL directly back into Audit Vault to review and attest the database activity. Additionally, all Audit Vault reports may be run on demand to browse current activity, which means you view the most recent audit trail data that has been collected by Audit Vault.
18. How extensive is audit data collection for Oracle and the other supported non-Oracle database?
Oracle Audit Vault reporting is based on the audit events generated by the Oracle, Microsoft SQL Server, IBM DB2, and Sybase ASE databases. Most of the Audit Vault reports are generic except for the Database Vault report, which displays the audit trail records generated by Oracle Database Vault, and the Before/After Values compliance report that is specific to audit data collected by the Audit Vault Redo Collector. For more information on the Audit Vault reports please take a look at the Oracle Audit Vault Auditor’s Guide.
Please go here to find the Oracle Audit Vault Documentation: http://www.oracle.com/technology/software/products/auditvault/index.html
19. If Microsoft SQL Server, IBM DB2, Sybase ASE and Oracle audit trail records are different, how are reports/alerts consolidated?
Microsoft SQL Server, IBM DB2, Sybase, and Oracle database audit events are very similar so they have been categorized by Audit Vault to show a consolidated report of database activity. For a complete list of Oracle, Microsoft SQL Server, IBM DB2, and Sybase audit events, take a look at the Oracle Audit Vault Auditor’s Guide.
Audit Vault alerts work the same for SQL Server, IBM DB2, Sybase, audit trail as they do for Oracle audit trail data.
20. How does Oracle Audit Vault transparently collect and consolidate Audit Data?
Oracle Audit Vault leverages native database auditing that creates audit trail data on the Oracle, SQL Server, IBM DB2, and Sybase database sources. A Collection Agent continuously extracts the audit data from the source and sends it to Oracle Audit Vault.
For Oracle databases, Audit Vault supports the collection of before/after data values from the redo stream by leverage Streams and LogMiner.
21. What kind of audit events do Oracle, SQL Server, IBM DB2, and Sybase databases support?
Oracle Database is highly flexible in auditing in which you can base auditing on individual actions, such as the type of sql statement executed, or on combinations of factors that can include the user name, application, time, and so on. You can audit both successful and failed activities. To use auditing, you enable it, and in most cases you then create audit settings. For more information on Oracle database auditing, please take a look at the Oracle Database Security Guide documentation at http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#BCGIDBFI.
Auditing an instance of SQL Server or a SQL Server database involves tracking and logging events that occur on the system. You can use several methods of auditing for SQL Server. Audit Vault supports SQL Server 2003, 2005, and 2008 C2 auditing, server side trace files, and windows event viewer. For specific information on SQL Server auditing, please check with your SQL Server documentation and support.
IBM DB2 audit the database events based on categories of activity. DB2 first writes the audit data to a binary file and Audit Vault provide an extraction utility to create a text file where the Audit Vault agent reads the audit trail and sends it over to the Audit Vault Server.
Sybase ASE writes the audit data to database tables. The Audit Vault agent then connects to the Sybase ASE database to read the audit trail records and sends them to the Audit Vault server.
For more information on how to configure the Audit Vault Collection agent for Oracle, SQL Server, IBM DB2, and Sybase, take a look at the Audit Vault Administration Guide at http://www.oracle.com/technology/documentation/auditvault.html. The Audit Vault Auditor’s Guide, which can also be found in the Audit Vault Documentation library, contains the audit events collected for each database.
22. What platforms does Oracle Audit Vault server run on?
Oracle Audit Vault consists of two components; the Audit Vault server contains the secure audit warehouse and specific Audit Vault packages and the Audit Vault collection agent that manages the collection of audit data from sources.
The Oracle Audit Vault server is generally available for the Linux X86/X64 platform (RedHat Enterprise Linux AS 3, 4, 5, Enterprise Linux 4,5, & SuSE SLES9 & SuSE SLES10), Solaris Sparc (64 bit), HP-Itanium, and AIX5L (64 bit).
For the latest information on supported Oracle Audit Vault platforms, review the certification matrix on the My Oracle Support Web site: http://metalink.oracle.com
23. What platforms does the Oracle Audit Vault Collection Agent support?
Oracle Audit Vault consists of two components; the Audit Vault server contains the secure audit warehouse and specific Audit Vault packages and the Audit Vault collection agent that manages the collection of audit data from sources.
The Oracle Vault Collection Agent is generally available for the Linux x86/x64, Solaris SPARC 64-bit, HP-UX PA-RISC (64-bit), HP-Itanium, AIX5L Based Systems (64-bit), and Windows (32-bit/64-bit).
For the latest information on supported Oracle Audit Vault platforms, review the certification matrix on the My Oracle Support Web site. The My Oracle Support Web site is available at: http://metalink.oracle.com
24. Will an organization need to purchase an agent for each type of database and/or each instance?
The Oracle Audit Vault Collection agent contains all functionality to configure and manage Oracle, Microsoft SQL Server. IBM DB2, and Sybase databases and there is no need to install a specific type of agent. In general as a best practice, you should install an agent on each host that contains database that will be supported by Audit Vault to collect audit data. For more information on Audit Vault Best Practices to deploy the Server and Collection Agent, please visit OTN to find Oracle Audit Vault white papers, data sheets, and other materials.
25. Can Oracle Audit Vault centrally manage audit policies on Microsoft SQL Server, IBM DB2, or Sybase?
Oracle Audit Vault only manages policies for the Oracle databases. Customers must use their best practices for managing Microsoft SQL Server, IBM DB2, and Sybase auditing. For specific information for your database type, please consult your database Support organization or documentation. Support for managing additional non-Oracle audit sources is planned for a future release.
26. How does Oracle Audit Vault differ from Oracle Database Vault?
Oracle Database Vault is a security option for Oracle Database Enterprise Edition that provides strong access controls inside the database to prevent access to application data from privileged users, including the DBA.
Oracle Audit Vault monitors the enterprise-wide database activity, helping address compliance and insider threat challenges by collecting and consolidating audit data from multiple databases. Oracle Audit Vault helps enforce the trust-but-verify security principle and is part of Oracle's overall defense-in-depth security strategy.
Oracle Database Vault controls the “Who, What, When, Where and How” of the database activity, while Oracle Audit Vault tells you about the “Who, What, When, Where and How” of the database activity.
27. What kind of Oracle Database monitoring does Audit Vault provide?
The Oracle Database provides highly flexible auditing for monitoring specific activities, such as the type of SQL statement executed, or on combinations of factors that can include the user name, application, time, and so on. You can audit both successful and failed activities. To use auditing, you enable it, and in most cases you then create audit settings. For more information on Oracle database auditing, please take a look at the Oracle Database Security Guide documentation at http://download.oracle.com/docs/cd/E11882_01/network.112/e10574/auditing.htm#BCGIDBFI.
Audit Vault utilizes the high-fidelity auditing capabilities of the Oracle Database to monitor the “Who, What, When, Where and How” of the database activity.
28. Where should customers write their Oracle audit trail?
The Oracle database auditing facility supports flexible locations and formats to record the audit trail. You can write the audit trail to database tables, OS files in a flat file or XML format, and the syslog (UNIX). From a performance perspective, it requires less resource to write the audit trail to an OS file. The XML format provides the ability to include SQL text and bind variables as part of the audit trail. From a security perspective, the OS files can only be accessed by the Oracle database owner where syslog can only be written to by the root user and provides separation of duty from the DBA. To lock down the database audit tables, you can install Database Vault and put a protective realm around them.
Oracle database parameters dictate where the audit trail record is written and the additional inclusion of SQL text/bind variables content.
o audit_trail : defines where the audit trail is located. If the value appends ‘extended’, it will also include SQL text and bind variables.
o audit_trail_dest: defines where the OS audit trail is written for this database.
o audit_sys_operations: defines if all sysdba/sysoper activity is recorded in an audit trail
For more details on these database parameters, please see the Oracle database documentation at http://download.oracle.com/docs/cd/E11882_01/network.112/e10574/auditing.htm#BCGIDBFI.
29. What versions of the Oracle Database does Oracle Audit Vault support?
Oracle Audit Vault consolidates audit data from Oracle Database9i Release 2 and later releases including Oracle Database 10g, and Oracle Database 11g.
30. What Oracle database editions are supported by Oracle Audit Vault?
Oracle Audit Vault supports Standard, SE1, and
31. Does Audit Vault require GLOBAL_NAMES=TRUE for the target database?
The GLOBAL_NAMES=TRUE parameter is required only if REDO collector is configured at the target database. The REDO collector uses Streams technology, and Streams requires GLOBAL_NAMES to be set to TRUE.
Please take a look at the Oracle Audit Vault Administrator Guide for streams related DB parameter settings.
32. What kind of auditing can be collected from SQL Server?
Auditing an instance of SQL Server or a SQL Server database involves tracking and logging events that occur on the system. You can use several methods of auditing for SQL Server. Audit Vault supports SQL Server 2003, 2005, and 2008 C2 auditing, server side trace files, and windows event viewer. For specific information on SQL Server auditing, please check with SQL Server documentation and support.
For a list of audit events supported by Oracle Audit Vault please see the Audit Vault Auditor’s Guide Documentation.
33. What kind of performance overhead is there for turning on auditing on SQL Server?
Please refer to SQL Server documentation for information on auditing overhead.
34. Are there different options for SQL Server auditing like writing to database, OS file, system log, etc. and if so what do we recommend?
There are several levels of auditing for SQL Server, depending on government or standards requirements for your installation. You can record server audit action group’s per-instance, and either database audit action groups or database audit actions per database. The audit event will occur every time that the auditable action is encountered. Audit Vault supports SQL Server 2003, 2005, and 2008 C2 auditing, server side trace files, and windows event viewer. For specific information on SQL Server auditing, please check with SQL Server documentation and support.
35. What kind of auditing can be collected from IBM DB2?
The DB2 UDB auditing facility allows a DBA to maintain an audit trail for a series of predefined database events. It is capable of logging database events such as authorization checking, database object maintenance, security maintenance, system administration, and user validation. The table below lists the different types of database events that can be audited and describes when an audit record is generated.
Event type | Description |
Audit | Generates records when audit settings are changed or when the audit log is accessed |
Authorization checking | Generates records during authorization checking of attempts to access or manipulate DB2 objects or functions |
Object maintenance | Generates records when creating or dropping data objects |
Security maintenance | Generates records when granting or revoking object or database privileges |
System administration | Generates records when operations requiring |
User validation | Generates records when authenticating users or retrieving system security information |
Operation context | Generates records to show the operation context when a database operation is performed |
For more information on IBM DB2 auditing, please check with your IBM® DB2® Universal Database™ for Linux®, UNIX®, and Windows® (DB2 UDB) documentation.
For a list of audit events supported by Oracle Audit Vault please see the Audit Vault Auditor’s Guide Documentation.
36. What kind of performance overhead is there for turning on auditing on IBM DB2?
Please refer to IBM® DB2® Universal Database™ for Linux®, UNIX®, and Windows® (DB2 UDB) documentation for information on auditing overhead.
37. Are there different options for IBM DB2 auditing like writing to database, OS file, system log, etc. and if so what do we recommend?
The IBM DB2 audit facility operates at the instance level servicing all databases in the instance. When the facility is started, generated audit records are written into a buffer area and then flushed to disk into an audit file. Once the auditing period is over, the audit file can be converted from its raw format into a readable text file.
Oracle Audit Vault only supports the extraction of the audit records from IBM DB2 from the readable text file. For more information on how Audit Vault converts the audit file to a text file, please take a look at the Audit Vault Administration Guide at http://www.oracle.com/technology/documentation/auditvault.html.
38. What kind of auditing can be collected from Sybase ASE?
The Sybase ASE audit record can log the database event, the date and time, the user responsible for it, and the success or failure of the event. Among the events that can be audited are logins and logouts, server boots, use of data access commands, attempts to access particular objects, and a particular user’s actions.
You can establish auditing for events such as:
- Server-wide, security-relevant events
- Creating, deleting, and modifying database objects
- All actions by a particular user or all actions by users with a particular role active
- Granting or revoking database access
- Importing or exporting data
- Logins and logouts
The type of auditing option you specify include:
- Global options apply to commands that affect the entire server, such as booting the server, disk commands, and allowing ad hoc, user-defined audit records.
- Database-specific options apply to a database. Examples include altering a database, bulk copy of data into a database, granting or revoking access to objects in a database, and creating objects in a database.
- Object-specific options apply to a specific object. Examples include selecting, inserting, updating, or deleting rows of a particular table or view and the execution of a particular trigger or procedure.
- User-specific options apply to a specific user or system role. Examples include accesses by a particular user to any table or view or all actions performed when a particular system role, such as sa_role, is active.
For more information on Sybase ASE auditing, please refer to the Sybase documentation.
For a list of audit events supported by Oracle Audit Vault please see the Audit Vault Auditor’s Guide Documentation.
39. What kind of performance overhead is there for turning on auditing on Sybase ASE?
Please refer to Sybase ASE documentation for information on auditing overhead.
40. Are there different options for Sybase ASE auditing like writing to database, OS file, system log, etc. and if so what do we recommend?
The Sybase ASE audit system consists of:
· The sybsecurity database, which contains global auditing options and the audit trail
· The in-memory audit queue, to which audit records are sent before they are written to the audit trail
· Configuration parameters for managing auditing
· System procedures for managing auditing
For more information on Sybase ASE auditing, please refer to the Sybase documentation.
41. Where do I go to find best practices on how to deploy Audit Vault in my environment?
Oracle Audit Vault white papers, data sheets, and other materials can be found on OTN. The Oracle Audit Vault Best Practices paper contains how to deploy Audit Vault, suggested basic database audit settings, and how to protect the audit trail.
42. Is there Oracle Audit Vault training available?
In addition, Viewlets and Audit Vault Best Practices are available on the Oracle Technology Network along with additional collateral at the Audit Vault homepage.
43. Where do I go to learn more?
Visit http://www.oracle.com/goto/auditvault for white papers, data sheets, and other materials or contact an Oracle representative near you--http://www.oracle.com/corporate/contact/index.html.
44. Is there an external forum on Oracle Audit Vault?
Yes. The Oracle Audit Vault forum is found on OTN under the Database category. Please visit http://forums.oracle.com/forums/forum.jspa?forumID=391 for discussions and questions on Oracle Audit Vault.
Printer View