Title and Copyright Information
Preface
- Audience
- Documentation Accessibility
- Diversity and Inclusion
- Related Documents
- Conventions
- Translation
Quick Reference for Common Tasks
- About this Quick Reference
- Targets
- User Accounts and Access Rights
- Email Notifications
- Status and Job Monitoring
- Audit Policies (for Oracle Databases)
- Database Firewall Policies
- Reports
- Entitlements
- Alerts
1 Changes in Oracle Audit Vault and Database Firewall Release 20
2 Introducing Oracle Audit Vault and Database Firewall
- 2.1 Downloading the Latest Version of This Manual
- 2.2 Learning About Oracle Audit Vault and Database Firewall
- 2.3 The Auditor's Role
- 2.4 Understanding Targets
- 2.5 Understanding Firewall Policies
- 2.6 Understanding Audit Policies and Audit Data Collection
- 2.7 Requirements for Collecting Audit Data from Targets
  - 2.7.1 Requirements for Oracle Database
    - 2.7.1.1 Ensuring That Auditing Is Enabled in the Target Database
    - 2.7.1.2 Using Recommended Audit Settings in the Target Database
  - 2.7.2 Requirements for SQL Server, Sybase ASE, and IBM DB2 Databases
- 2.8 Configuring Alerts and Notifications
- 2.9 Generating Reports
- 2.10 Creating Users and Managing Access
- 2.11 Logging in and Understanding the Audit Vault Server Console UI
3 Managing Targets
- 3.1 About Managing Targets
- 3.2 Viewing and Changing Settings for a Target
- 3.3 Creating and Modifying Target Groups
  - 3.3.1 About Target Groups
  - 3.3.2 Creating and Modifying Target Groups
- 3.4 Managing Compliance for Target Databases
- 3.5 Setting Access Rights for Targets and Groups
4 Managing Access and Other Settings
- 4.1 Managing User Accounts and Access
- 4.2 Creating Templates and Distribution Lists for Email Notifications
- 4.3 Creating Alert Syslog Templates
- 4.4 Viewing Monitoring Point and Audit Trail Status
  - 4.4.1 Viewing Monitoring Point Status
  - 4.4.2 Viewing Audit Trail Status
- 4.5 Monitoring Jobs
5 Managing Global Sets/Data Discovery
- 5.1 Global Sets - Oracle AVDF 20.10 and later
- 5.2 Data Discovery - Oracle AVDF 20.9
6 Creating Audit Policies for Oracle Databases
- 6.1 About Audit Policies
- 6.2 General Steps for Creating Audit Policies for Oracle Databases
- 6.3 Retrieving and Modifying Audit Policies from an Oracle Database
- 6.4 Provisioning Unified Audit Policies
- 6.5 Provisioning Traditional Audit Policies
- 6.6 Viewing Unified Audit Policies
7 Database Firewall Policies
- 7.1 About Database Firewall Policies
- 7.2 About Database Firewall Deployment Modes and Policies
- 7.3 Types of Database Firewall Policies
- 7.4 Developing a Database Firewall Policy
- 7.5 Creating a New Database Firewall Policy
- 7.6 Configuring the Created Database Firewall Policy
- 7.7 Publishing and Deploying Firewall Policies
- 7.8 Exporting and Importing Database Firewall Policies
- 7.9 Copying a Database Firewall Policy
- 7.10 Editing a Database Firewall Policy
- 7.11 Database Firewall Policy for Capturing Return Row Count
- 7.12 Configuring Firewall Policy for SQL Statements
- 7.13 Blocking SQL and Creating Substitute Statements
- 7.14 SQL Statement Encrypted with Oracle Native Network Encryption
8 Reports
- 8.1 About the Reports in Audit Vault and Database Firewall
- 8.2 Activity Reports
- 8.3 Summary Reports
- 8.4 Compliance Reports
- 8.5 Assessment Reports
- 8.6 AVDF System Reports
- 8.7 Customizing Reports
- 8.8 Creating Non-Interactive Report Templates
- 8.9 Creating and Uploading Your Own Custom Reports
- 8.10 Scheduling and Generating PDF or XLS Reports
- 8.11 Annotating and Attesting Reports
- 8.12 Downloading a Report in HTML or CSV Format
- 8.13 Related Event Data Appendices
9 Managing Entitlements
- 9.1 Managing and Viewing Entitlement Data
- 9.2 Working With Entitlement Snapshots and Labels
- 9.3 Generating Entitlement Reports
- 9.4 Entitlement Report Descriptions
10 Creating Alerts
- 10.1 About Alerts
  - 10.1.1 Overview
  - 10.1.2 Defining Useful Alerts
- 10.2 Creating Alerts and Writing Alert Conditions
- 10.3 Monitoring Alerts
- 10.4 Responding to an Alert
- 10.5 Creating Custom Alert Status Values
- 10.6 Forwarding Alerts to Syslog
A Troubleshooting Oracle Audit Vault and Database Firewall for Auditors
- A.1 Server Error 500 When Logging Into UI as avauditor
- A.2 Database Firewall Monitored Activity Report - Error Bad Gateway
- A.3 Is the Audit Vault 20.X EVENT_LOG column RECORD_ID Generated Sequentially or Randomly
- A.4 There is No Option to Filter All Activity Report Using Timestamp/Time
- A.5 Issue with Data Population in All Activity by Privileged Users Report in AVDF 20.4 Installation
- A.6 How to Purge Alert Queue and Alert Store
B Oracle Audit Vault and Database Firewall Database Schemas
- B.1 About Oracle Audit Vault and Database Firewall Schemas
- B.2 Metadata for Activity Reports
- B.3 Data for Event Reports
- B.4 Data for Alert Reports
- B.5 Data for Entitlement Reports
- B.6 Data for SPA Reports
- B.7 Data for Database Firewall Reports
C Data Warehouse Partition
D Audit Record Fields
E Oracle Database Audit Events
- E.1 About the Oracle Database Audit Events
- E.2 Account Management Events
- E.3 Application Management Events
- E.4 Audit Command Events
- E.5 Data Access Events
- E.6 Database Vault Events
  - E.6.1 Database Vault Events in Oracle Database 11g
  - E.6.2 Database Vault Events in Oracle Database 12c
- E.7 Exception Events
- E.8 Invalid Record Events
- E.9 Object Management Events
- E.10 Peer Association Events
- E.11 Role and Privilege Management Events
- E.12 Service and Application Utilization Events
- E.13 System Management Events
- E.14 Unknown or Uncategorized Events
- E.15 User Session Events
F AIX Audit Events
G Sybase ASE Audit Events
- G.1 About the Sybase ASE Audit Events
- G.2 Account Management Events
- G.3 Application Management Events
- G.4 Audit Command Events
- G.5 Data Access Events
- G.6 Exception Events
- G.7 Invalid Record Events
- G.8 Object Management Events
- G.9 Peer Association Events
- G.10 Role and Privilege Management Events
- G.11 Service and Application Utilization Events
- G.12 System Management Events
- G.13 Unknown or Uncategorized Events
- G.14 User Session Events
H Microsoft SQL Server SQL Trace Audit Events
- H.1 About the Microsoft SQL Server Audit Events
- H.2 Account Management Events
- H.3 Application Management Events
- H.4 Audit Command Events
- H.5 Data Access Events
- H.6 Exception Events
- H.7 Invalid Record Events
- H.8 Object Management Events
- H.9 Peer Association Events
- H.10 Role and Privilege Management Events
- H.11 Service and Application Utilization Events
- H.12 System Management Events
- H.13 Unknown or Uncategorized Events
- H.14 User Session Events
- H.15 Target Type Values for SQL Trace Audit Events
- H.16 Possible Target Types Values Associated With Certain SQL Trace Audit Events
I Microsoft SQL Server SQL Audit and Event Log Events
- I.1 SQL Audit Events
- I.2 Event Log Events
- I.3 Target Type Values for SQL Audit and Event Log Events
- I.4 Possible Target Types Values Associated With SQL Audit and Event Log Events
J IBM DB2 Audit Events
- J.1 About the IBM DB2 for LUW Audit Events
- J.2 Account Management Events
- J.3 Application Management Events
- J.4 Audit Command Events
- J.5 Context Events
- J.6 Data Access Events
- J.7 Exception Events
- J.8 Execution Event
- J.9 Invalid Record Events
- J.10 Object Management Events
- J.11 Peer Association Events
- J.12 Role and Privilege Management Events
- J.13 Service and Application Utilization Events
- J.14 System Administration Events
- J.15 System Management Events
- J.16 Unknown or Uncategorized Events
- J.17 User Session Events
- J.18 Possible Target Type Values for IBM DB2 Audit Events
K MySQL Audit Events
L Solaris Operating System Audit Events
M Microsoft Windows Operating System Audit Events
N Linux Operating System Audit Events
O Oracle ACFS Audit Events
P Active Directory Audit Events
- P.1 About Active Directory Audit Events
- P.2 Directory Service Audit Trail Events
- P.3 Security Audit Trail Events