Oracle October 2011 CPU - Oracle Database Impact
Thursday, November 3, 2:00pm - 3:00pm EDT

Every quarter, Oracle releases a Critical Patch Update (CPU) that fixes a number of security vulnerabilities in the Oracle Database. This quarterly educational session will focus on the October 2011 CPU and the impact on the Oracle Database. The topics will include:

• A review of the security vulnerabilities fixed in this CPU,
• An analysis of the required CPU patches,
• A discussion of patching including CPUs vs. PSUs.

Example vulnerabilities will be demonstrated in order to show how easy it is exploit many of the fixed security bugs.

Click here to register for the Oracle Database webinar.

We have updated our free Oracle Database Listener Security Check tool that analyzes security of the Oracle Database TNS Listener to identify potential security issues.  The tool performs four basic checks for the Database Listener in a simple and user friendly way - (1) is a listener password set, (2) is ADMIN_RESTRICTIONS set, (3) is logging enabled, and (4) is LOCAL_OS_AUTHENTICATION enabled for Oracle 10g.  It is a single executable that can be run from any Windows XP/2000 PC, requires no Oracle client install, and can be run from a USB key.

The following enhancements are in the new version -

• Fully compatible with Oracle 10g (10.1 and 10.2)
• New Oracle Applications 11i check for database and FNDFS listeners
• New enumeration of all instances for a listener
• Saves history of servers and ports for easy access

The AppSentry Listener Security Check Tool is available for download at -

AppSentry Listener Security Check Tool

We have updated our free Oracle Database Listener Security Check tool that analyzes security of the Oracle Database TNS Listener to identify potential security issues.

Two new features have been added from upcoming changes to our AppSentry security auditing tool -

• Checks all the entries in a tnsnames.ora file for four security configuration issues in the database listener

• Generate TNS entries and JDBC connect strings (6 different ways) for enumerated SIDs

The AppSentry Listener Security Check Tool is available for download at -

AppSentry Listener Security Check Tool

For those of you not familiar with COLLABORATE or have not previously attended, the Oracle Applications Users Group (OAUG) and Independent Oracle Users Group (IOUG) have teamed together to host a user-driven event with exceptional content.  COLLABORATE11 is Sunday, April 10, 2011 through Thursday, April 14, 2011 in Orlando.  This year there will be over 1,000 technical sessions covering virtually every Oracle product.

For IOUG attendess, the reception on Sunday evening from 5-7pm has the theme "IOUG Operation Classified: Security Hackfest".  This event will pit your skills at securing and hacking the latest Oracle database and competition with your fellow attendees.

To help support the event, Integrigy has updated our highly regarded "Oracle Database Security Quick Reference" to included the latest security information for Oracle 11gR2. 

Note: This event is only open to IOUG attendees.

References:

Integrigy Oracle Database Security Quick Reference

Integrigy Oracle E-Business Suite Security Quick Reference

Here is a brief analysis of the pre-release announcement for the upcoming April 2011 Oracle Critical Patch Update (CPU) -

• Overall, 47 Oracle security vulnerabilities (non-Solaris bugs) are fixed in this CPU, which is an average number and well within the range of previous CPUs (Jan-11=43, Oct-10=50, Jul-10=38, Apr-10=31, Jan-10=24, Oct-09=38, Jul-09=30, Apr-09=43, Jan-09=41, Oct-08=36, Jul-08=45, Apr-08=41, Jan-08=26, Oct-07=51, Jul-07=45, Apr-07=36, Jan-07=51, Oct-06=101, Jul-06=62, Apr-06=34, Jan-06=80).  These numbers have been normalized for Oracle products and excludes any Sun products.
• The Oracle product and vulnerability mix appears to be similar to previous CPUs.  All CPU supported Oracle Database and Oracle E-Business Suite versions are included.  The list of supported versions is getting very short and should be carefully reviewed to determine if version upgrades are required prior to applying the CPU security patches -
  • • • Database = 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, 11.2.0.2 for major platforms
      • Application Server = 10.1.2.3.0, 10.1.3.5.0, 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0
      • E-Business Suite = 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3
• As anticipated by Integrigy, this is the first CPU available for Oracle Database 11.2.0.2.
• For the Oracle E-Business, as of the April 2011 there is no CPU support for all versions prior to 11.5.10.2 and 12.0.0 - 12.0.5.  11.5.10.2 requires the "Minimum Baseline for Extended Support" as specified in Metalink Note ID 883202.1.
• The highlight of this CPU is 6 of 9 Oracle Application Server/Fusion Middleware security vulnerabilities are remotely exploitable without authentication with the highest CVSSv2 score being 10.0.  The vulnerabilities are in Oracle Help, Oracle HTTP Server, Oracle JRockit, Oracle Outside In Technology, Oracle Security Service, Oracle WebLogic Server, Portal, and Single Sign On components.
• Integrigy will be presenting more information on this CPU in the following webinars: (1) Oracle April 2011 CPU E-Business Suite Impact Webinar Thursday, April 28, 2pm ET and (2) Oracle April 2011 CPU Oracle Database Impact Webinar Thursday, May 5, 2pm ET.

Oracle Database

• There are 6 database vulnerabilities and 2 are remotely exploitable without authentication.
• Since at least one database vulnerability has a CVSS 2.0 metric of 6.5 (important to high for a database vulnerability), this is a fairly important CPU.
• The components fixed by this CPU are not the usual suspects and several will not be implemented in many environments.  It will be interesting to see what the actual vulnerabilities are in these components: Application Service Level Management, Database Vault, Network Foundation, Oracle Help, Oracle Security Service, Oracle Warehouse Builder, and UIX.  If the Network Foundation bug is a denial of service and most of the other components are not implemented in an environment, this could be one of the first CPUs to be classified as low risk for some Oracle databases.

Oracle Fusion Middleware

• There are 9 new Oracle Fusion Middleware vulnerabilities, 6 of which are remotely exploitable without authentication with the highest CVSS score being 10.0.
• Of critical importance will be the fixes in the Oracle HTTP Server and Oracle Web Logic Server.  All Oracle Fusion Middleware implementations should carefully review this CPU to determine the exact impact to your environment.

Oracle E-Business Suite 11i and R12

• There are 4 new Oracle E-Business Suite 11i and R12 vulnerabilities, two of which are remotely exploitable without authentication.
• The vulnerabilities are Oracle Application Object Library (AOL), Applications Install, and Web ADI.  It is not clear if the AOL vulnerabilities can be exploited externally in DMZ implementations.

Planning Impact

• We anticipate the criticality of this quarter's CPU will be in-line with previous CPUs.  The only exception may the significant number of Oracle Fusion Middleware remotely exploitable vulnerabilities, especially any in the Oracle HTTP Server.  For specific databases based on configuration and installed options, this may be a lower than average risk CPU.
• As with all previous CPUs, this quarter's security patches should be deemed critical and you should adhere to the established procedures and timing used for previous CPUs.
• Oracle E-Business Suite customers with externally facing implementations should carefully review the remotely exploitable vulnerabilities in Application Object Library to determine if these pages are blocked by the URL firewall.  If any of the vulnerable web pages are externally accessible, customers should look to immediately patch these environments.

Upcoming Integrigy CPU Webinars

Oracle April 2011 CPU E-Business Suite Impact
Thursday, April 28, 2pm ET

Oracle April 2011 CPU Oracle Database Impact
Thursday, May 5, 2pm ET

Oracle April 2011 CPU - Oracle Database Impact
Thursday, May 5, 2:00pm - 3:00pm EDT

Every quarter, Oracle releases a Critical Patch Update (CPU) that fixes a number of security vulnerabilities in the Oracle Database. This quarterly educational session will focus on the April 2011 CPU and the impact on the Oracle Database. The topics will include:

• A review of the security vulnerabilities fixed in this CPU,
• An analysis of the required CPU patches,
• A discussion of patching including CPUs vs. PSUs.

Example vulnerabilities will be demonstrated in order to show how easy it is exploit many of the fixed security bugs.

Click here to register for the Oracle Database webinar.

Knowing which person, not just which database account, has been a challenge for database logging and auditing when working with enterprise software applications such as the Oracle E-Business Suite, SAP, PeopleSoft, and OBIEE.  Knowing which application user did what and when is now much easier because of adoption of standard Oracle functionality.

Standard functionality of Oracle database is the CLIENT_IDENTIFER attribute.  The CLIENT_IDENTIFIER is a predefined attribute of the built-in application context namespace, USERENV, and can be used to capture the application user name.

CLIENT IDENTIFIER is set using the DBMS_SESSION.SET_IDENTIFIER procedure to store the application username.  The CLIENT IDENTIFIER attribute is one the same as V$SESSION.CLIENT_IDENTIFIER.  Once set, you can query V$SESSION or select sys_context('userenv','client_identifier') from dual.

The table below offers examples of how CLIENT_IDENTIFIER is now being used by the Oracle E-Business Suite, SAP, and PeopleSoft. If you are running one of these software packages, Integrigy highly recommends that you incorporate the information that the CLIENT_IDENTIFIER provides into your logging and auditing solution.

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing

A database link is a one-way connection between two databases.  Starting with Oracle version 11.2.0.3, database session information now reports additional information for those sessions involving database links.  As often database links are created between databases of different security profiles; it is important to log session activity that includes the details of the database link.

DBLINK_INFO returns the source of a database link.  Specifically, it returns a string of the form –

SOURCE_GLOBAL_NAME=dblink_src_global_name

DBLINK_NAME=dblink_name

SOURCE_AUDIT_SESSIONID=dblink_src_audit_sessionid

where:

• dblink_src_global_name is the unique global name of the source database
• dblink_name is the name of the database link on the source database
• dblink_src_audit_sessionid is the audit session ID of the session on the source database that initiated the connection to the remote database using dblink_name

You can verify DBLINK_INFO –

• Oracle 12c provides a DBLINK_INFO column in SYS.UNIFIED_AUDIT_TRAIL.
• SELECT SYS_CONTEXT('USERENV','DBLINK_INFO') FROM DUAL

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing

Tracking when database users last logged in is a common security and compliance requirement – for example to reconcile users and identify stale users. With Oracle 12c this analysis can now be done through standard functionality. New with Oracle12c, the SYS.DBA_USERS has a new column: last_login. 

select username, account_status, common, last_login

from sys.dba_users

order by last_login asc;

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing

In Oracle 12c, a new database auditing foundation has been introduced.  Oracle Unified Auditing changes the fundamental auditing functionality of the database.  In previous releases of Oracle, there were separate audit trails for each individual component.  Unified Auditing consolidates all auditing into a single repository and view.  This provides a two-fold simplification: audit data can now be found in a single location, and all audit data is in a single format.  Oracle 12c Unified Auditing supports –

• Standard database auditing
• SYS operations auditing (AUDIT_SYS_OPERATIONS)
• Fine Grained Audit (FGA)
• Data Pump
• Oracle RMAN
• Oracle Label Security (OLS)
• Database Vault (DV)
• Real Application Security (RAS)
• SQL*Loader Direct Load

Unified Auditing comes standard with Oracle Enterprise Edition; no additional license is required.  It is installed by default, but not fully enabled by default.  There are two modes of operation to allow for a transition from pre-12c auditing –

• Mixed Mode– default 12c option.  All pre-12c log and audit functionality and configurations work as before.  New Unified Auditing functionality is also available.  Log data is available in both the traditional locations as well as a new view SYS.UNIFIED_AUDIT_TRAIL.  Also, log data continues to be written in clear text when Syslog is used. 
• Full Mode or PURE mode– enabled only by stopping the database and relinking the Oracle kernel.  Once enabled, pre-12c log and audit configurations are ignored, and audit data is saved using the Oracle SecureFiles, which is a proprietary file format.  Because of this, Syslog is not supported.  All audit data can be found in the view SYS.UNIFIED_AUDIT_TRAIL.

Figure 1 – Auditing Pre-Oracle 12c

Figure 2 – Oracle 12c Unified Auditing – Mixed Mode

Figure 3 – Oracle 12c Unified Auditing – Pure Mode

Figure 4 – Oracle 12c Unified Audit

If you have questions, please contact us at mailto:info@integrigy.com

Reference

For more information on Unified Auditing can be found here:

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
• 12c Unified Auditing, Oracle Database Security Guide 12c Release 1 (12.1) http://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG1023
• Predefined Unified Audit Policies, Oracle Database Security Guide 12c Release 1 (12.1) http://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG356

Continuing our blog series on Oracle 12 Unified Auditing, how do you know what mode of Unified Auditing that you are using? Use the following SQL –

SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing';

The result will be TRUE or FALSE.  If TRUE, the database is using PURE Unified Auditing.  If FALSE, the database is using Mixed Mode, which is the Oracle 12c default.  Remember that V$OPTION shows what database options are installed, and V$PARAMETER shows the startup parameters for the options which have been installed.  Unified Auditing is enabled by being installed and not by being configured in V$PARAMETER.

Unified Auditing is configured through policies.  If Oracle 12c tenant databases (PDBs) are being used, these polices can be applied to common objects in all PDBs or to individual PDBs.  The table below show the policies installed and/or enabled by default –

To query what policies have been defined you may use –

SELECT * FROM SYS.AUDIT_UNIFIED_POLICIES

To query what polices have been enabled you may use –

SELECT * FROM SYS.AUDIT_UNIFIED_ENABLED_POLICIES

If you have questions, please contact us at mailto:info@integrigy.com

Reference

For more information on Unified Auditing can be found here:

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
• 12c Unified Auditing, Oracle Database Security Guide 12c Release 1 (12.1) http://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG1023
• Predefined Unified Audit Policies, Oracle Database Security Guide 12c Release 1 (12.1) http://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG356

Continuing our blog series on Oracle 12 Unified Auditing is a discussion of Pure  Mode. Mixed mode is intended by Oracle to introduce Unified Auditing and provide a transition from the traditional Oracle database auditing.  Migrating to PURE Unified Auditing requires the database be stopped, the Oracle binary linked to uniaud_on, and then restarted.  This operation can be reversed if auditing needs to be changed back to Mixed Mode. 

When changing from Mixed to pure Unified Audit, two key changes occur.  The first is the audit trails are no longer written to their traditional pre-12c audit locations.  Auditing is consolidated into the Unified Audit views and stored using Oracle SecureFiles.  Oracle Secured Files use a proprietary format which means that Unified Audit logs cannot be viewed using editors such vi and may preclude or affect the use of third party logging solutions such as Splunk or HP ArcSight.  As such, Syslog auditing is not possible with Pure Unified Audit.

The second change is that the traditional audit configurations are no longer used.  For example, traditional auditing is largely driven by the AUDIT_TRAIL initialization parameter.  With pure Unified Audit, the initialization parameter AUDIT_TRAIL is ignored.

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
• Oracle Securefile format http://www.oracle.com/technetwork/database/features/secure-files/securefiles-160920.html
• Pure vs.  Mixed Unified Audit impact on audit configurations, see table G-1 http://docs.oracle.com/database/121/DBSEG/audit_changes.htm#DBSEG341
• “How To Enable The New Unified Auditing In 12c?” Note ID 1567006.1, Oracle Corporation, 23 August 2013, https://support.oracle.com/rs?type=doc&id=1567006.1

Next in our blog series on Oracle 12 Unified Auditing is a discussion of Mixed Mode. Mixed Mode is the default auditing mode for Oracle 12c.  Oracle describes Mixed Mode auditing as a means of becoming familiar with Unified Auditing prior to migrating to Pure Unified Auditing.  Mixed Mode allows for all traditional, pre-12c log and audit functionality to co-exist with Unified Auditing.  More importantly, Mixed Mode will support any current Syslog-based logging solution.

Mixed mode auditing provides the following key capabilities –

• All existing (pre-12c) auditing initialization configurations and parameters are used such as AUDIT_TRAIL, AUDIT_FILE_DEST, AUDIT_SYS_OPERATIONS, and AUDIT_SYSLOG_LEVEL
• The format of the audit records remains the same as in Oracle Database 11g Release 2
• Writes mandatory audit records to the traditional audit trails
• If the AUDIT_SYS_OPERATIONS initialization parameter is set to TRUE, writes audit records only to the traditional audit trails

With Mixed Mode, audit data can be found both in the traditional locations as well as in SYS.UNIFIED_AUDIT_TRAIL.  This is because the Unified Auditing Policy ORA_SECURECONFIG is enabled by default.  ORA_SECURECONFIG audits the same default audit settings from Oracle Database Release 11g.  Integrigy recommends to either periodically purge Unified Auditing data or disable the policy.  To disable ORA_SECURECONFIG policy follow the instructions in Oracle Support Note Doc ID 1624051.1.

The following table shows the definition of the default policy ORA_SECURECONFIG.  Note the column ‘Common’ that shows that the policy is defined for all PDBs (tenant) databases.

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
• Oracle Database Security Guide 12c Release 1    http://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG493
• Why Mixed Mode is generating log data and how to disable it refer to “The UNIFIED_AUDIT_TRAIL is Getting Populated even if Unified Auditing was not explicitly enabled in 12c” Note ID 1624051.1, Oracle Corporation, 28 March 2014, https://support.oracle.com/rs?type=doc&id=1624051.1

What is Oracle 12c Unified Auditing? The short answer is the view UNIFED_AUDIT_TRAIL. This view consolidates all logging and auditing information into a single source. Regardless of using either Mixed Mode or Pure Unified Auditing, the SYS.UNIFIED_AUDIT_TRAIL can be used. 

The key column in SYS.UNIFIED_AUDIT_TRAIL is AUDIT_TYPE.  This column shows from which Oracle component the log data originated -

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
• For a full description of each column in the view see the  Oracle Database Reference 12c Release 1 (12.1) http://docs.oracle.com/database/121/REFRN/refrn29162.htm#REFRN29162

Certainly from an auditing and logging perspective, one of the best new features delivered by Oracle 12c is mandatory auditing of the administrative users such as SYSDBA.  This can be described as ‘always on auditing’.  By default, the following audit related activities are now mandatorily audited -

• CREATE AUDIT POLICY
• ALTER AUDIT POLICY
• DROP AUDIT POLICY
• AUDIT
• NOAUDIT
• EXECUTE of the DBMS_FGA PL/SQL package
• EXECUTE of the DBMS_AUDIT_MGMT PL/SQL package
• All configuration changes that are made to Oracle Database Vault
• ALTER TABLE attempts on the AUDSYS audit trail table (this table cannot be altered)
• Top level statements by administrative users SYS, SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, and SYSKM, until the database opens.  When the database opens, Oracle Database audits these users using the audit configurations in the system.

The audit activity resulting from mandatory auditing can be found in SYS.UNIFIED_AUDIT_TRAIL. 

Note when the database is not writable (such as during database mounting), if the database is closed, or if it is read-only, then Oracle writes the audit records to external files in the $ORACLE_BASE/audit/$ORACLE_SID directory. 

Note: Activity and be found in SYS.UNIFIED_AUDIT_TRAIL when in pure mode and to the traditional audit trails in mixed mode.

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
• Oracle Database Security Guide
  12c Release 1 Guide: http://docs.oracle.com/database/121/DBSEG/audit_admin.htm#DBSEG361

Most clients do not fully take advantage of their database's auditing and logging features. For databases such as Oracle these features are sophisticated and are able to satisfy most organization’s compliance and security requirements.

This guide presents Integrigy’s framework for database auditing and logging.  This framework is a direct result of Integrigy’s consulting experience and will be equally useful to both those wanting to improve their capabilities as well as those just starting to implement logging and auditing.  Our goal is to provide a clear explanation of the native auditing and logging features available, present an approach and strategy for using these features and a straight-forward configuration steps to implement the approach.

Integrigy’s framework is also specifically designed to help clients meet compliance and security standards such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI), FISMA, and HIPAA.  The foundation of the framework is PCI DSS requirement 10.2.

Attachment	Size
Integrigy Guide to Database Auditing and Logging.pdf	866.82 KB

For Oracle database customers the Oracle Audit Vault can protect the following:

• SQL statements logs – Data Manipulation Language (DML) statement auditing such as when users are attempting to query the database or modify data, using SELECT, INSERT, UPDATE, or DELETE.
• Database Schema Objects changes – Data Definition Language (DDL) statement auditing such as when users create or modify database structures such as tables or views.
• Database Privileges and Changes – Auditing can be defined for the granting of system privileges, such as SELECT ANY TABLE.  With this kind of auditing, Oracle Audit Vault records SQL statements that require the audited privilege to succeed.
• Fine-grained audit logs – Fine Grained Auditing activities stored in SYS.FGA_LOG$ such as whether an IP address from outside the corporate network is being used or if specific table columns are being modified.  For example, when the HR.SALARY table is SELECTED using direct database connection (not from the application), a condition could be to log the details of result sets where the PROPOSED_SALARY column is greater than $500,000 USD.
• Redo log data – Database redo log file data.  The redo log files store all changes that occur in the database.  Every instance of an Oracle database has an associated redo log to protect the database in case of an instance failure.  In Oracle Audit Vault, the capture rule specifies DML and DDL changes that should be checked when Oracle Database scans the database redo log.

The Audit Vault also supports –

• Database Vault – Database Vault settings stored in DVSYS.AUDIT_TRAIL$ such as Realm audit, factor audit and Rule Audit. 
• System and SYS– Core changes to the database by privileged users such as DBAs as recorded by AUDIT_SYS_OPERATIONS.
• Stored Procedure Auditing– Monitor any changes made to PL/SQL and stored procedures.  Standard reports are provided to stored procedure operations, deleted and created procedures as well as modification history.

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Guide to Oracle Audit Vault Integrigy Guide to Oracle Audit Vault
• Presentation “Developing Value with Oracle Audit Vault Developing Value with Oracle Audit Vault

The Oracle Audit Vault is installed on a server, and collector agents are installed on the hosts running the source databases.  These collector agents communicate with the audit vault server. 

If the collection agents are not active, no audit data is lost, as long as the source database continues to collect the audit data.  When the collection agent is restarted, it will capture the audit data that the source database had collected during the time the collection agent was inactive.

There are three types of agent collectors for Oracle databases.  There are other collectors for third-party database vendors such as SAP Sybase, Microsoft SQL-Server, and IBM DB2.

 *Note if using Oracle 12c; the assumption is that Mixed Mode Unified Auditing is being used

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Guide to Oracle Audit Vault Integrigy Guide to Oracle Audit Vault
• Presentation “Developing Value with Oracle Audit Vault Developing Value with Oracle Audit Vault

The Oracle Audit Vault uses Plug-Ins to define data sources.  The following table summarizes several of the important facts about the Oracle Audit Vault database plug for Oracle databases –

If you have questions, please contact us at mailto:info@integrigy.com

Reference

• Integrigy Guide to Oracle Audit Vault Integrigy Guide to Oracle Audit Vault
• Presentation “Developing Value with Oracle Audit Vault Developing Value with Oracle Audit Vault

The auditing and logging capabilities within the Oracle Database are sophisticated and able to satisfy most organizations' security and compliance requirements. However, the auditing and logging setup and usage of the data can be complex and error-prone. These slides from an Integrigy educational webinar outline the auditing and logging capabilities available at different layers of the application and provides recommendations how to configure auditing and logging to capture critical application and security events.

Attachment	Size
Integrigy Logging and Auditing Oracle Database.pdf	723.22 KB