Audit Vault Frequently Asked Questions

Frequently Asked Questions

Answers

1. What is Oracle Audit Vault?

Oracle Audit Vault automates the audit collection and analysis process, turning audit data into a key security resource to help address today's top business challenges around compliance and insider threats. Oracle Audit Vault helps organizations enforce the trust-but-verify security principle and is part of Oracle's overall defense-in-depth security strategy that includes other components such as Oracle Database Vault for controlling access, Oracle Advanced Security for Transparent Data Encryption, and Oracle Identity Management for user management. The latest release of Oracle Audit Vault provides the ability to automate the database audit process with new report scheduling, notification, attestation, and archiving capabilities that can help organizations lower the cost of complying with internal and external data privacy and protection mandates. Oracle Audit Vault now includes new Entitlement reports with up-to-date snapshots of Oracle Database users, privileges, and profiles, which allow auditors to track changes to database access. It also includes new compliance reports to specifically help address Sarbanes-Oxley (SOX) Act, the Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry (PCI) Data Security Standard (DSS) regulatory requirements for database activity monitoring and audit.

Oracle Audit Vault further reduces operational costs of database auditing by automating the cleanup of audit trail data from supported Oracle and non-Oracle databases once that audit data has been securely consolidated in the Oracle Audit Vault repository. To further help organizations streamline the database activity monitoring and audit process, and respond quickly to security and regulatory exceptions, Oracle Audit Vault now supports email of alerts as well as an automated interface to BMC Remedy IT Service Management Suite, a leading solution for ITIL-aligned service management processes. Audit Vault provides automated cleanup of audit trail data after it has been securely stored in the Audit Vault repository.

2. What features are available in Oracle Audit Vault?

Oracle Audit Vault transparently collects and consolidates audit data, providing valuable insight into who did what to which data when – including privileged users who have direct access to the database. With Oracle Audit Vault reports, alert notifications, and centralized audit policy management, the risks from internal threat and the cost of compliance are greatly reduced.

Feature	10.2.2	10.2.3	10.2.3.2
Collect Oracle Database audit logs
SQL Server, IBM DB2 LUW, Sybase ASE
Out-of-the-box Reports
Alerts
Documented warehouse schema
Policy Manager for Oracle databases
Audit trail Clean-Up		Oracle only	SQL Server, DB2
Compliance reports (PCI, HIPAA, …..)
Entitlement reports (users, privileges, ...)
Reports Archive, PDF, Customization
Reports Scheduling, Attestation, Notification
Alerts Email and Remedy Integration

3. Who is the target market for Oracle Audit Vault?

Oracle Audit Vault is a cross vertical product, appealing to any organization with data security, data privacy, and regulatory compliance challenges such as Sarbanes-Oxley (SOX) or Payment Card Industry Data Security Standard (DSS). Specific industries with governance requirements will likely have strong interest in Audit Vault and be likely first adopters, including financial services, insurance, healthcare, pharmaceuticals, retail, energy, and government. In addition, customers who are increasingly concerned with insider threats and monitoring DBA or privileged user activity, especially with outsourced administration will be interested in Audit Vault.

4. What are the key benefits of Oracle Audit Vault?

Oracle Audit Vault addresses today's compliance and insider threat challenges by helping:

Transparent Collection and Consolidation of Audit Data
Simplify Compliance Reporting with out of the box reports for SOX, PCI, and HIPAA
Detect Threats Early with email and BMC Remedy Integration
Provide a Secure and Scalable Repository
Lower Cost and Complexity of Compliance with Audit Policies

5. How does Oracle Audit Vault simplify compliance reporting?

Using Oracle Audit Vault, audit data is consolidated from across the enterprise, enabling internal/external IT Auditors, and IT security officers to utilize built-in reports and obtain an enterprise wide view of user access and activity. Audit Vault provides specific reports in the area of SOX, PCI, and HIPAA that can be further customized by database and object level filtering. In addition the new Entitlement reports provides Oracle database users, roles, and their privileges information which internal and external auditor’s alike use to review access controls to the data. Reports relating to privileged user access, account management activity, role management activity, data access activity, and failed login attempts are included with Oracle Audit Vault. The drill-down capability provides full visibility into the details of the what, where, when, and who of the audit events. The flexibility of Audit Vault Reports also allows you to create customized reports to meet your business needs.

6. How does Oracle Audit Vault detect threats early?

Oracle Audit Vault continuously monitors inbound audit data, generating alerts based on IT policies, providing a proactive early warning for potential problems. Examples of alerts that can be defined include privileged user changes, schema modifications, and sensitive application data access. Audit Vault provides an Alert report to view who and what violated security policies as well as integration to email to notify the security team of compliance violations and BMC Remedy to track and record analysis of the violations and alerts.

7. How does Oracle Audit Vault provide security and scalability?

Oracle Audit Vault provides a secure audit warehouse environment designed for the storage, protection and analysis of large amounts of audit data. Oracle Audit Vault implements separation of duty to strictly control access and prevent tampering of audit data by utilizing Oracle Database Vault. To protect audit data being sent over the network, Audit Vault includes the Advanced Security Option to encrypt network traffic. Oracle Audit Vault leverages all the scaling features of Oracle database including Oracle Partitioning and database compression to enhance manageability and performance, enabling audit data to be physically partitioned based on business requirements.

Oracle Audit Vault can optionally be deployed with Oracle Real Application Clusters (RAC) for additional scalability and Oracle Data Guard for disaster recovery.

8. Does Oracle Audit Vault support non-Oracle databases and applications?

Oracle understands that audit data collected from non-Oracle databases is a critical requirement for some customers. Oracle Audit Vault 10.2.3.2 supports SQL Server 2003, 2005 and 2008, Sybase ASE 12.5.4 though 15.0.x, and IBM DB2 8.2 through 9.5.

9. Many customers are looking to follow the COSO/COBIT framework for their compliance auditing requirements. How does Oracle Audit Vault help them?

Oracle Audit Vault meets COBIT objectives such as the ability to monitor and report activities such as changes in audit policy, successful and failed logons, alerting for failed logons, tracking of user privileges and general system security via event logs. For example, the table below lists the COBIT objectives for auditing/monitoring database activity.

COBIT Section	Description	Audit Vault Report
DS 5.3	Identity Management	User Entitlement Reports Database Logon
DS 5.4	User Account Management	User Privilege Change Activity Report Attestation
DS 5.5	Security Testing, Surveillance and Monitoring	Audit Vault Policy Manager Report Attestation
DS 5.7	Protection of Security Technology	User Entitlement Reports
DS 11.6	Security Requirements for Data	Financial Related Data Modifications
AC 2	Source Data Collection and Entry	Program Changes
DS 9.3	Configuration Integrity Review – Audit Audit Vault	Policy Manger, User Entitlements, Program Changes

10. How does Oracle Audit Vault help with PCI compliance?

The Payment Card Industry (major credit card companies) has developed the Data Security Standard (DSS) as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing card payments must be PCI compliant or they risk losing the ability to process credit card payments. Based on Security Audit Procedures v 1.1, Requirement 10: Track and monitor all access to network resources and cardholder data, Oracle Audit Vault helps organizations to address each of these requirements. PCI DSS details security procedures, specifying that organizations must

“implement automated audit trails for all system components,”
“secure audit trails so they cannot be altered,”
“limit viewing of audit trails to those with a job-related need,”
“protect audit trail files from unauthorized modifications,” and
“retain audit trail history for at least one year, with a minimum of three months available online.”

DSS Req	Regulation Description	Audit Vault Value Add
2.2.3	Configure system security parameters to prevent misuse.	Oracle Audit Vault consolidates audit data from across databases and reports on changes.
10.1	Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user.	Oracle Audit Vault reports all privileged user activity
10.2	Implement automated audit trails for all system components	Oracle Audit Vault automates the collection and secures the audit trail
10.3	Record User identification, type of event, Date and time, Success or failure indication, Origination of event, and Identity or name of affected data, system component, or resource	Oracle Audit Vault utilizes native database auditing to capture the who, what, and where of database activity
10.6	Review logs for all system components at least daily	Oracle Audit Vault provides out of the box reports for easy viewing
10.7	Retain audit trail history for at least one year, with a minimum of three months online availability.	Oracle Audit Vault provides automatic deletion of audit data when the business need is met

For more information on how Oracle products support PCI, please go to http://www.oracle.com/technology/deploy/security/database-security/oracle-pci.html

11. How does Oracle Audit Vault fit into Oracle’s compliance framework/GRC solution/strategy?

Oracle Audit Vault is part of Oracle’s Governance, Risk, and Compliance (GRC) platform and serves as an audit repository and audit analysis tool for database monitoring. Oracle Audit Vault serves as the backbone of secure audit, one of the five principle areas identified in the Oracle GRC platform.

12. What should a customer audit in a database to help meet compliance regulations?

In most enterprise environments, auditing of basic activities such as failed and successful logins, privileged user activity, database schema changes, and user policy changes will be required by IT auditors. In Oracle Database 11g, standard database auditing is turned on by default and security audit policies are turned on to start your database monitoring. Many internal and external audits are verifying that monitoring is being done in these areas.

· Accounts, Roles & Permissions

Do you have visibility of GRANT and REVOKE activities?

Failed Logins

Do you have visibility of failed logins and other exception activities?

· Privileged User Activity

Do you have visibility of user’s activities?

· Access to Sensitive Data

Can you have visibility into what information is being queried (SELECTs)?

Schema Changes

Are you aware of CREATE, DROP and ALTER Commands that are occurring on identified Tables / Columns?

· Data Changes

Do you have visibility into Insert, Update, Merge, Delete commands?

For more information on Oracle Database Auditing, go to http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#BCGIDBFI

13. How prevalent is database auditing?

Database Auditing is commonly used in more regulated industries such as Financial Services, Health Care, Energy, and Public sector. Some customers do heavy auditing, while some mainly audit the privileged user activities. After Oracle released fine-grain auditing (FGA) in Oracle9i, many customers started to use that to audit access to sensitive data. More companies have now started to audit database activity to meet requirements for SOX, HIPAA, and to protect PII data.

According to the IOUG survey results in a report entitled: Enterprise Data Insecurity: Are Organizations Prepared for the Threat From Within? – The 2008 IOUG Data Security Report, “Seven out of 10 respondents reported using native database auditing to monitor database activity.”

14. How are customers addressing the auditing problem today?

To meet the requirements from auditors, most customers are using homegrown scripts to collect analyze audit data. Besides running into the well-known challenges of using manual methods and scripts, they have difficulty in collecting the audit data from multiple systems, scaling up, securing the audit data, analyzing it for alerts and other irregularities, creating reports to meet individual requirements from the auditors, and in being able to collect the audit settings centrally. Since archival and management of audit data has become a mandatory requirement for many compliance regulations, it requires a scalable, secure, and flexible product that meets the requirements not just for this quarter, but for years to come.

15. What kind of reports does Oracle Audit Vault provide out of the box?

Oracle Audit Vault provides powerful built-in reports to monitor a wide range of activity including privileged user activity and changes to database structures. The reports provide visibility into activities and provide detailed information on who, what, when and where. The Audit Vault reports have an easy-to-use interface with the ability to create customized reports and charts and graphs. Report columns can be re-ordered as well as removed. Rules can be put in place to automatically highlight specific rows so that report users can quickly spot suspicious or unauthorized activity. Out-of-the-box reports include information on database account management, roles and privileges, object management, and login failures. Reports include audit information from Oracle, Microsoft SQL Server. IBM DB2, and Sybase ASE databases, providing a holistic picture of activity across the enterprise.

The latest release of Oracle Audit Vault provides exciting new Entitlement reports to provide Oracle database user, privileges and roles as well as compare the changes to those users between two time periods. Oracle Audit Vault provides numerous compliance reports categorized into areas of PCI, SOX, and HIPAA.

To find a complete list of Audit Vault Reports, please take a look at the Audit Vault Auditor's Guide, which can be found at http://www.oracle.com/technology/documentation/auditvault.html

16. Can you customize reports based on my needs?

Oracle Audit Vault provides an easy-to-use out of the box reports with the ability to create customized reports based on your business requirements and colorful charts and graphs as well. Report columns can be re-ordered as well as removed. Rules can be put in place to automatically highlight specific rows so that report users can quickly spot suspicious or unauthorized activity. Once you have defined the report the way you like it, the report definition is saved in the Customized Reports view for you to access each time you log into Audit Vault Console.

17. Can you automatically schedule reports to run?

The latest release of Audit Vault, 10.2.3.2, provides the ability to schedule reports to run on a periodic basis. After the report has completed, an automatic email can be sent with the attached PDF report or a URL directly back into Audit Vault to review and attest the database activity. Additionally, all Audit Vault reports may be run on demand to browse current activity, which means you view the most recent audit trail data that has been collected by Audit Vault.

18. How extensive is audit data collection for Oracle and the other supported non-Oracle database?

Oracle Audit Vault reporting is based on the audit events generated by the Oracle, Microsoft SQL Server, IBM DB2, and Sybase ASE databases. Most of the Audit Vault reports are generic except for the Database Vault report, which displays the audit trail records generated by Oracle Database Vault, and the Before/After Values compliance report that is specific to audit data collected by the Audit Vault Redo Collector. For more information on the Audit Vault reports please take a look at the Oracle Audit Vault Auditor’s Guide.

Please go here to find the Oracle Audit Vault Documentation: http://www.oracle.com/technology/software/products/auditvault/index.html

19. If Microsoft SQL Server, IBM DB2, Sybase ASE and Oracle audit trail records are different, how are reports/alerts consolidated?

Microsoft SQL Server, IBM DB2, Sybase, and Oracle database audit events are very similar so they have been categorized by Audit Vault to show a consolidated report of database activity. For a complete list of Oracle, Microsoft SQL Server, IBM DB2, and Sybase audit events, take a look at the Oracle Audit Vault Auditor’s Guide.

Audit Vault alerts work the same for SQL Server, IBM DB2, Sybase, audit trail as they do for Oracle audit trail data.

20. How does Oracle Audit Vault transparently collect and consolidate Audit Data?

Oracle Audit Vault leverages native database auditing that creates audit trail data on the Oracle, SQL Server, IBM DB2, and Sybase database sources. A Collection Agent continuously extracts the audit data from the source and sends it to Oracle Audit Vault.

For Oracle databases, Audit Vault supports the collection of before/after data values from the redo stream by leverage Streams and LogMiner.

21. What kind of audit events do Oracle, SQL Server, IBM DB2, and Sybase databases support?

Oracle Database is highly flexible in auditing in which you can base auditing on individual actions, such as the type of sql statement executed, or on combinations of factors that can include the user name, application, time, and so on. You can audit both successful and failed activities. To use auditing, you enable it, and in most cases you then create audit settings. For more information on Oracle database auditing, please take a look at the Oracle Database Security Guide documentation at http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#BCGIDBFI.

Auditing an instance of SQL Server or a SQL Server database involves tracking and logging events that occur on the system. You can use several methods of auditing for SQL Server. Audit Vault supports SQL Server 2003, 2005, and 2008 C2 auditing, server side trace files, and windows event viewer. For specific information on SQL Server auditing, please check with your SQL Server documentation and support.

IBM DB2 audit the database events based on categories of activity. DB2 first writes the audit data to a binary file and Audit Vault provide an extraction utility to create a text file where the Audit Vault agent reads the audit trail and sends it over to the Audit Vault Server.

Sybase ASE writes the audit data to database tables. The Audit Vault agent then connects to the Sybase ASE database to read the audit trail records and sends them to the Audit Vault server.

For more information on how to configure the Audit Vault Collection agent for Oracle, SQL Server, IBM DB2, and Sybase, take a look at the Audit Vault Administration Guide at http://www.oracle.com/technology/documentation/auditvault.html. The Audit Vault Auditor’s Guide, which can also be found in the Audit Vault Documentation library, contains the audit events collected for each database.

22. What platforms does Oracle Audit Vault server run on?

Oracle Audit Vault consists of two components; the Audit Vault server contains the secure audit warehouse and specific Audit Vault packages and the Audit Vault collection agent that manages the collection of audit data from sources.

The Oracle Audit Vault server is generally available for the Linux X86/X64 platform (RedHat Enterprise Linux AS 3, 4, 5, Enterprise Linux 4,5, & SuSE SLES9 & SuSE SLES10), Solaris Sparc (64 bit), HP-Itanium, and AIX5L (64 bit).

For the latest information on supported Oracle Audit Vault platforms, review the certification matrix on the Oracle MetaLink Web site: http://metalink.oracle.com

If you do not have a current Oracle Support Services contract, then you can access the same information at: http://www.oracle.com/technology/support/metalink/content.html

23. What platforms does the Oracle Audit Vault Collection Agent support?

The Oracle Vault Collection Agent is generally available for the Linux x86/x64, Solaris SPARC 64-bit, HP-UX PA-RISC (64-bit), HP-Itanium, AIX5L Based Systems (64-bit), and Windows (32-bit/64-bit).

For the latest information on supported Oracle Audit Vault platforms, review the certification matrix on the Oracle MetaLink Web site. The Oracle MetaLink Web site is available at: http://metalink.oracle.com

If you do not have a current Oracle Support Services contract, then you can access the same information at: http://www.oracle.com/technology/support/metalink/content.html

24. Will an organization need to purchase an agent for each type of database and/or each instance?

The Oracle Audit Vault Collection agent contains all functionality to configure and manage Oracle, Microsoft SQL Server. IBM DB2, and Sybase databases and there is no need to install a specific type of agent. In general as a best practice, you should install an agent on each host that contains database that will be supported by Audit Vault to collect audit data. For more information on Audit Vault Best Practices to deploy the Server and Collection Agent, please visit OTN at http://www.oracle.com/technology/products/audit-vault/index.html to find Oracle Audit Vault white papers, data sheets, and other materials.

25. Can Oracle Audit Vault centrally manage audit policies on Microsoft SQL Server, IBM DB2, or Sybase?

Oracle Audit Vault only manages policies for the Oracle databases. Customers must use their best practices for managing Microsoft SQL Server, IBM DB2, and Sybase auditing. For specific information for your database type, please consult your database Support organization or documentation. Support for managing additional non-Oracle audit sources is planned for a future release.

26. How does Oracle Audit Vault differ from Oracle Database Vault?

Oracle Database Vault is a security option for Oracle Database Enterprise Edition that provides strong access controls inside the database to prevent access to application data from privileged users, including the DBA.

Oracle Audit Vault monitors the enterprise-wide database activity, helping address compliance and insider threat challenges by collecting and consolidating audit data from multiple databases. Oracle Audit Vault helps enforce the trust-but-verify security principle and is part of Oracle's overall defense-in-depth security strategy.

Oracle Database Vault controls the “Who, What, When, Where and How” of the database activity, while Oracle Audit Vault tells you about the “Who, What, When, Where and How” of the database activity.

27. What kind of Oracle Database monitoring does Audit Vault provide?

The Oracle Database provides highly flexible auditing for monitoring specific activities, such as the type of SQL statement executed, or on combinations of factors that can include the user name, application, time, and so on. You can audit both successful and failed activities. To use auditing, you enable it, and in most cases you then create audit settings. For more information on Oracle database auditing, please take a look at the Oracle Database Security Guide documentation at http://download.oracle.com/docs/cd/E11882_01/network.112/e10574/auditing.htm#BCGIDBFI.

Audit Vault utilizes the high-fidelity auditing capabilities of the Oracle Database to monitor the “Who, What, When, Where and How” of the database activity.

28. Where should customers write their Oracle audit trail?

The Oracle database auditing facility supports flexible locations and formats to record the audit trail. You can write the audit trail to database tables, OS files in a flat file or XML format, and the syslog (UNIX). From a performance perspective, it requires less resource to write the audit trail to an OS file. The XML format provides the ability to include SQL text and bind variables as part of the audit trail. From a security perspective, the OS files can only be accessed by the Oracle database owner where syslog can only be written to by the root user and provides separation of duty from the DBA. To lock down the database audit tables, you can install Database Vault and put a protective realm around them.

Oracle database parameters dictate where the audit trail record is written and the additional inclusion of SQL text/bind variables content.

o audit_trail : defines where the audit trail is located. If the value appends ‘extended’, it will also include SQL text and bind variables.

o audit_trail_dest: defines where the OS audit trail is written for this database.

o audit_sys_operations: defines if all sysdba/sysoper activity is recorded in an audit trail

For more details on these database parameters, please see the Oracle database documentation at http://download.oracle.com/docs/cd/E11882_01/network.112/e10574/auditing.htm#BCGIDBFI.

29. What versions of the Oracle Database does Oracle Audit Vault support?

Oracle Audit Vault consolidates audit data from Oracle Database9i Release 2 and later releases including Oracle Database 10g, and Oracle Database 11g.

30. What Oracle database editions are supported by Oracle Audit Vault?

Oracle Audit Vault supports Standard, SE1, and Enterprise editions of the Oracle database.

31. Does Audit Vault require GLOBAL_NAMES=TRUE for the target database?

The GLOBAL_NAMES=TRUE parameter is required only if REDO collector is configured at the target database. The REDO collector uses Streams technology, and Streams requires GLOBAL_NAMES to be set to TRUE.

Please take a look at the Oracle Audit Vault Administrator Guide for streams related DB parameter settings.

32. What kind of auditing can be collected from SQL Server?

For a list of audit events supported by Oracle Audit Vault please see the Audit Vault Auditor’s Guide Documentation at http://www.oracle.com/technology/documentation/auditvault.html.

33. What kind of performance overhead is there for turning on auditing on SQL Server?

Please refer to SQL Server documentation for information on auditing overhead.

34. Are there different options for SQL Server auditing like writing to database, OS file, system log, etc. and if so what do we recommend?

There are several levels of auditing for SQL Server, depending on government or standards requirements for your installation. You can record server audit action group’s per-instance, and either database audit action groups or database audit actions per database. The audit event will occur every time that the auditable action is encountered. Audit Vault supports SQL Server 2003, 2005, and 2008 C2 auditing, server side trace files, and windows event viewer. For specific information on SQL Server auditing, please check with SQL Server documentation and support.

35. What kind of auditing can be collected from IBM DB2?

The DB2 UDB auditing facility allows a DBA to maintain an audit trail for a series of predefined database events. It is capable of logging database events such as authorization checking, database object maintenance, security maintenance, system administration, and user validation. The table below lists the different types of database events that can be audited and describes when an audit record is generated.

Event type	Description
Audit	Generates records when audit settings are changed or when the audit log is accessed
Authorization checking	Generates records during authorization checking of attempts to access or manipulate DB2 objects or functions
Object maintenance	Generates records when creating or dropping data objects
Security maintenance	Generates records when granting or revoking object or database privileges
System administration	Generates records when operations requiring `SYSADM`, `SYSMAINT`, or `SYSCTRL` authority are performed
User validation	Generates records when authenticating users or retrieving system security information
Operation context	Generates records to show the operation context when a database operation is performed

For more information on IBM DB2 auditing, please check with your IBM® DB2® Universal Database™ for Linux®, UNIX®, and Windows® (DB2 UDB) documentation.

For a list of audit events supported by Oracle Audit Vault please see the Audit Vault Auditor’s Guide Documentation at http://www.oracle.com/technology/documentation/auditvault.html.

36. What kind of performance overhead is there for turning on auditing on IBM DB2?

Please refer to IBM® DB2® Universal Database™ for Linux®, UNIX®, and Windows® (DB2 UDB) documentation for information on auditing overhead.

37. Are there different options for IBM DB2 auditing like writing to database, OS file, system log, etc. and if so what do we recommend?

The IBM DB2 audit facility operates at the instance level servicing all databases in the instance. When the facility is started, generated audit records are written into a buffer area and then flushed to disk into an audit file. Once the auditing period is over, the audit file can be converted from its raw format into a readable text file.

Oracle Audit Vault only supports the extraction of the audit records from IBM DB2 from the readable text file. For more information on how Audit Vault converts the audit file to a text file, please take a look at the Audit Vault Administration Guide at http://www.oracle.com/technology/documentation/auditvault.html.

38. What kind of auditing can be collected from Sybase ASE?

The Sybase ASE audit record can log the database event, the date and time, the user responsible for it, and the success or failure of the event. Among the events that can be audited are logins and logouts, server boots, use of data access commands, attempts to access particular objects, and a particular user’s actions.

You can establish auditing for events such as:

· Server-wide, security-relevant events

· Creating, deleting, and modifying database objects

· All actions by a particular user or all actions by users with a particular role active

· Granting or revoking database access

· Importing or exporting data

· Logins and logouts

The type of auditing option you specify include:

· Global options apply to commands that affect the entire server, such as booting the server, disk commands, and allowing ad hoc, user-defined audit records.

· Database-specific options apply to a database. Examples include altering a database, bulk copy of data into a database, granting or revoking access to objects in a database, and creating objects in a database.

· Object-specific options apply to a specific object. Examples include selecting, inserting, updating, or deleting rows of a particular table or view and the execution of a particular trigger or procedure.

· User-specific options apply to a specific user or system role. Examples include accesses by a particular user to any table or view or all actions performed when a particular system role, such as sa_role, is active.

For more information on Sybase ASE auditing, please refer to the Sybase documentation.

For a list of audit events supported by Oracle Audit Vault please see the Audit Vault Auditor’s Guide Documentation at http://www.oracle.com/technology/documentation/auditvault.html

39. What kind of performance overhead is there for turning on auditing on Sybase ASE?

Please refer to Sybase ASE documentation for information on auditing overhead.

40. Are there different options for Sybase ASE auditing like writing to database, OS file, system log, etc. and if so what do we recommend?

The Sybase ASE audit system consists of:

· The sybsecurity database, which contains global auditing options and the audit trail

· The in-memory audit queue, to which audit records are sent before they are written to the audit trail

· Configuration parameters for managing auditing

· System procedures for managing auditing

For more information on Sybase ASE auditing, please refer to the Sybase documentation.

41. Where do I go to find best practices on how to deploy Audit Vault in my environment?

Oracle Audit Vault white papers, data sheets, and other materials can be found on OTN at http://www.oracle.com/technology/products/audit-vault/index.html. The Oracle Audit Vault Best Practices paper contains how to deploy Audit Vault, suggested basic database audit settings, and how to protect the audit trail.

42. Is there Oracle Audit Vault training available?

Oracle University has created a formal class for Oracle Audit Vault. If you are interested in taking the class, please call 1.800.529.0165 or contact your local Oracle University sales Representative.

In addition, Viewlets and Audit Vault Best Practices are available on the Oracle Technology Network along with additional collateral at the Audit Vault launch pad.

43. Where do I go to learn more?

Visit http://www.oracle.com/goto/auditvault for white papers, data sheets, and other materials or contact an Oracle representative near you--http://www.oracle.com/corporate/contact/index.html.

44. Is there an external forum on Oracle Audit Vault?

Yes. The Oracle Audit Vault forum is found on OTN under the Database category. Please visit http://forums.oracle.com/forums/forum.jspa?forumID=391 for discussions and questions on Oracle Audit Vault.

Overview

How Audit Vault Helps Customers Meet Compliance with Database Monitoring

Audit Vault Reports

Audit Vault Technical Information – General

Audit Vault Technical Information - Oracle

Audit Vault Technical Information – Microsoft SQL Server

Audit Vault Technical Information – IBM DB2 UDB

Audit Vault Technical Information – Sybase ASE

For More Information

Answers

1. What is Oracle Audit Vault?

2. What features are available in Oracle Audit Vault?

3. Who is the target market for Oracle Audit Vault?

4. What are the key benefits of Oracle Audit Vault?

5. How does Oracle Audit Vault simplify compliance reporting?

6. How does Oracle Audit Vault detect threats early?

7. How does Oracle Audit Vault provide security and scalability?

8. Does Oracle Audit Vault support non-Oracle databases and applications?

9. Many customers are looking to follow the COSO/COBIT framework for their compliance auditing requirements. How does Oracle Audit Vault help them?

10. How does Oracle Audit Vault help with PCI compliance?

11. How does Oracle Audit Vault fit into Oracle’s compliance framework/GRC solution/strategy?

12. What should a customer audit in a database to help meet compliance regulations?

13. How prevalent is database auditing?

14. How are customers addressing the auditing problem today?

15. What kind of reports does Oracle Audit Vault provide out of the box?

16. Can you customize reports based on my needs?

17. Can you automatically schedule reports to run?

18. How extensive is audit data collection for Oracle and the other supported non-Oracle database?

19. If Microsoft SQL Server, IBM DB2, Sybase ASE and Oracle audit trail records are different, how are reports/alerts consolidated?

20. How does Oracle Audit Vault transparently collect and consolidate Audit Data?

21. What kind of audit events do Oracle, SQL Server, IBM DB2, and Sybase databases support?

22. What platforms does Oracle Audit Vault server run on?

23. What platforms does the Oracle Audit Vault Collection Agent support?

24. Will an organization need to purchase an agent for each type of database and/or each instance?

25. Can Oracle Audit Vault centrally manage audit policies on Microsoft SQL Server, IBM DB2, or Sybase?

26. How does Oracle Audit Vault differ from Oracle Database Vault?

27. What kind of Oracle Database monitoring does Audit Vault provide?

28. Where should customers write their Oracle audit trail?

29. What versions of the Oracle Database does Oracle Audit Vault support?

30. What Oracle database editions are supported by Oracle Audit Vault?

31. Does Audit Vault require GLOBAL_NAMES=TRUE for the target database?

32. What kind of auditing can be collected from SQL Server?

33. What kind of performance overhead is there for turning on auditing on SQL Server?

34. Are there different options for SQL Server auditing like writing to database, OS file, system log, etc. and if so what do we recommend?

35. What kind of auditing can be collected from IBM DB2?

36. What kind of performance overhead is there for turning on auditing on IBM DB2?

37. Are there different options for IBM DB2 auditing like writing to database, OS file, system log, etc. and if so what do we recommend?

38. What kind of auditing can be collected from Sybase ASE?

39. What kind of performance overhead is there for turning on auditing on Sybase ASE?

40. Are there different options for Sybase ASE auditing like writing to database, OS file, system log, etc. and if so what do we recommend?

41. Where do I go to find best practices on how to deploy Audit Vault in my environment?

42. Is there Oracle Audit Vault training available?

43. Where do I go to learn more?

44. Is there an external forum on Oracle Audit Vault?