diff --git a/data-safe/access-environment/access-environment-sandbox.md b/data-safe/access-environment/access-environment-sandbox.md index 15f01523..833a9dcf 100644 --- a/data-safe/access-environment/access-environment-sandbox.md +++ b/data-safe/access-environment/access-environment-sandbox.md @@ -100,7 +100,7 @@ Database Actions provides a way for you to run SQL commands on your database. Th - If a tenancy administrator provided you an Autonomous Database, obtain the password from that person. - If you are using an Oracle-provided environment, enter the database password provided to you. -4. Close the **SQL History** and **Warning** dialog boxes. +4. Close any open dialog boxes. 5. Review the interface. Here are the ways that you use Database Actions during the workshop: @@ -129,4 +129,4 @@ You may now **proceed to the next lab**. ## Acknowledgements - **Author** - Jody Glover, Consulting User Assistance Developer, Database Development -- **Last Updated By/Date** - Jody Glover, August 22, 2024 +- **Last Updated By/Date** - Jody Glover, October 16, 2024 diff --git a/data-safe/access-environment/images/dashboard-security-controls.png b/data-safe/access-environment/images/dashboard-security-controls.png index facedc89..3abd100c 100644 Binary files a/data-safe/access-environment/images/dashboard-security-controls.png and b/data-safe/access-environment/images/dashboard-security-controls.png differ diff --git a/data-safe/access-environment/images/feature-metrics-bottom-half.png b/data-safe/access-environment/images/feature-metrics-bottom-half.png index 3a53aa36..3c582f10 100644 Binary files a/data-safe/access-environment/images/feature-metrics-bottom-half.png and b/data-safe/access-environment/images/feature-metrics-bottom-half.png differ diff --git a/data-safe/access-environment/images/feature-metrics-top-half.png b/data-safe/access-environment/images/feature-metrics-top-half.png index a3d87a22..d728ecfb 100644 Binary files a/data-safe/access-environment/images/feature-metrics-top-half.png and b/data-safe/access-environment/images/feature-metrics-top-half.png differ diff --git a/data-safe/access-environment/images/target-databases-page-oci.png b/data-safe/access-environment/images/target-databases-page-oci.png index cb0c8b37..0965916b 100644 Binary files a/data-safe/access-environment/images/target-databases-page-oci.png and b/data-safe/access-environment/images/target-databases-page-oci.png differ diff --git a/data-safe/assess-database-configurations/assess-database-configurations.md b/data-safe/assess-database-configurations/assess-database-configurations.md index f7bc555f..fff9646a 100644 --- a/data-safe/assess-database-configurations/assess-database-configurations.md +++ b/data-safe/assess-database-configurations/assess-database-configurations.md @@ -95,13 +95,9 @@ This lab assumes you have: - Details include assessment name, OCID, compartment to which the assessment was saved, target database name, target database version, assessment date and time, schedule, name of the baseline assessment (if one is set), and whether the assessment complies with the baseline (Yes, No, or No baseline set). - ![Latest security assessment assessment information tab](images/latest-sa-assessment-information-tab.png "Latest security assessment assessment information tab") + ![Latest security assessment assessment information tab](images/latest-sa-assessment-information-tab2.png "Latest security assessment assessment information tab") -4. Rename the latest security assessment: Click the pencil icon to the right of **Name**, enter **SA_target-database** (replace **target-database** with the name of your target database), and click the **Save** icon. - - ![Rename latest security assessment](images/rename-latest-sa-assessment.png "Rename latest security assessment") - -5. Scroll down and view the **Assessment details** section. +6. Scroll down and view the **Assessment details** section. - This section shows you all the findings for each risk category. - Risks are color-coded to help you easily identify categories that have high risk findings (red). @@ -109,14 +105,14 @@ This lab assumes you have: ![Latest Security Assessment Assessment details section](images/latest-sa-assessment-details-section.png "Latest Security Assessment Assessment details section") -6. Under **Filters by risks** on the left, notice that you can select the risk levels that you want displayed. Also notice on the left that you can filter by references. +7. Under **Filters by risks** on the left, notice that you can select the risk levels that you want displayed. Also notice on the left that you can filter by references. ![Security Assessment filters](images/sa-filters.png "Security Assessment filters") 8. On the right, expand categories and review the findings. - - Each finding shows you the status (risk level), a summary of the finding, details about the finding, remarks to help you to mitigate the risk, and references - whether a finding is recommended by the Center for Internet Security (**CIS**), European Union's General Data Protection Regulation (**GDPR**), Security Technical Implementation Guide (**STIG**), and/or **Oracle best practices**. These references make it easy for you to identify the recommended security controls. - - In the example below, the **Transparent Data Encryption** finding has two references: **STIG** and **GDPR**. + - Each finding shows you the status (risk level), a summary of the finding, details about the finding, remarks to help you to mitigate the risk, and references - whether a finding is recommended by the Center for Internet Security (**CIS**), European Union's General Data Protection Regulation (**EU GDPR**), Security Technical Implementation Guide (**DISA STIG**), and/or **Oracle best practices**. These references make it easy for you to identify the recommended security controls. + - In the example below, the **Transparent Data Encryption** finding has three references: **Oracle Best Practices**, **DISA STIG**, and **GDPR**. ![Transparent Data Encryption finding](images/transparent-data-encryption-finding.png "Transparent Data Encryption finding") @@ -134,7 +130,7 @@ You can defer or change the risk level of a risk finding. In this task, defer th ![Update risk for finding panel](images/update-risk-for-finding.png "Update risk for finding panel") -3. Notice that the risk finding is recatorized in the **Assessment details** section. +3. Notice that the risk finding is recategorized in the **Assessment details** section. ![Deferred risk finding](images/deferred-risk-finding.png "Deferred risk finding") @@ -183,9 +179,9 @@ In this task, you issue a `GRANT` command on your target database so that later, The **Refresh now** panel is displayed. -3. In the **Save latest assessment** box, enter **My Security Assessment**, and then click **Refresh now**. Wait for the status to read as **SUCCEEDED**. +3. Leave the default name as is, and click **Refresh now**. Wait for the status to read as **SUCCEEDED**. - - This action updates the data in the latest security assessment for your target database and also saves a copy of the assessment (named My Security Assessment) to the Assessment History. + - This action updates the data in the latest security assessment for your target database and also saves a copy of the assessment to the Assessment History. - The refresh operation takes about one minute. ![Security Assessment Refresh now panel](images/sa-refresh-now-panel.png "Security Assessment Refresh now panel") @@ -194,7 +190,7 @@ In this task, you issue a `GRANT` command on your target database so that later, ![Security Assessment Assessed on right now](images/sa-assessed-on-right-now.png "Security Assessment assessed on right now") -5. Scroll down and expand **System Privileges Granted to Public**. +5. Scroll down and expand **System Privileges Granted to PUBLIC**. - This is a high risk finding. - In the **Details** section, you can see that the grant you made in the previous task is identified. @@ -229,4 +225,4 @@ You may now **proceed to the next lab**. ## Acknowledgements * **Author** - Jody Glover, Consulting User Assistance Developer, Database Development -* **Last Updated By/Date** - Jody Glover, August 22, 2024 +* **Last Updated By/Date** - Jody Glover, October 16, 2024 diff --git a/data-safe/assess-database-configurations/images/latest-sa-assessment-details-section.png b/data-safe/assess-database-configurations/images/latest-sa-assessment-details-section.png index 9d6ee660..8791ec67 100644 Binary files a/data-safe/assess-database-configurations/images/latest-sa-assessment-details-section.png and b/data-safe/assess-database-configurations/images/latest-sa-assessment-details-section.png differ diff --git a/data-safe/assess-database-configurations/images/latest-sa-assessment-information-tab2.png b/data-safe/assess-database-configurations/images/latest-sa-assessment-information-tab2.png new file mode 100644 index 00000000..987c792e Binary files /dev/null and b/data-safe/assess-database-configurations/images/latest-sa-assessment-information-tab2.png differ diff --git a/data-safe/assess-database-configurations/images/latest-sa-assessment-summary-tab.png b/data-safe/assess-database-configurations/images/latest-sa-assessment-summary-tab.png index 3193b11d..767665fb 100644 Binary files a/data-safe/assess-database-configurations/images/latest-sa-assessment-summary-tab.png and b/data-safe/assess-database-configurations/images/latest-sa-assessment-summary-tab.png differ diff --git a/data-safe/assess-database-configurations/images/sa-add-schedule-to-save-an-assessment.png b/data-safe/assess-database-configurations/images/sa-add-schedule-to-save-an-assessment.png index 82399eb8..17607b53 100644 Binary files a/data-safe/assess-database-configurations/images/sa-add-schedule-to-save-an-assessment.png and b/data-safe/assess-database-configurations/images/sa-add-schedule-to-save-an-assessment.png differ diff --git a/data-safe/assess-database-configurations/images/sa-assessed-on-right-now.png b/data-safe/assess-database-configurations/images/sa-assessed-on-right-now.png index 762e8506..47653916 100644 Binary files a/data-safe/assess-database-configurations/images/sa-assessed-on-right-now.png and b/data-safe/assess-database-configurations/images/sa-assessed-on-right-now.png differ diff --git a/data-safe/assess-database-configurations/images/sa-comparison-report-bottom3.png b/data-safe/assess-database-configurations/images/sa-comparison-report-bottom3.png index 7de9d729..c9f032d9 100644 Binary files a/data-safe/assess-database-configurations/images/sa-comparison-report-bottom3.png and b/data-safe/assess-database-configurations/images/sa-comparison-report-bottom3.png differ diff --git a/data-safe/assess-database-configurations/images/sa-refresh-now-panel.png b/data-safe/assess-database-configurations/images/sa-refresh-now-panel.png index 075c5d03..745e7c5f 100644 Binary files a/data-safe/assess-database-configurations/images/sa-refresh-now-panel.png and b/data-safe/assess-database-configurations/images/sa-refresh-now-panel.png differ diff --git a/data-safe/assess-database-configurations/images/sa-risk-summary-tab.png b/data-safe/assess-database-configurations/images/sa-risk-summary-tab.png index a40f9f7e..15f14181 100644 Binary files a/data-safe/assess-database-configurations/images/sa-risk-summary-tab.png and b/data-safe/assess-database-configurations/images/sa-risk-summary-tab.png differ diff --git a/data-safe/assess-database-configurations/images/sa-target-summary-tab.png b/data-safe/assess-database-configurations/images/sa-target-summary-tab.png index ace15254..8e82809b 100644 Binary files a/data-safe/assess-database-configurations/images/sa-target-summary-tab.png and b/data-safe/assess-database-configurations/images/sa-target-summary-tab.png differ diff --git a/data-safe/assess-database-configurations/images/sa_overview_charts.png b/data-safe/assess-database-configurations/images/sa_overview_charts.png index e131962c..10a1a5a6 100644 Binary files a/data-safe/assess-database-configurations/images/sa_overview_charts.png and b/data-safe/assess-database-configurations/images/sa_overview_charts.png differ diff --git a/data-safe/assess-database-configurations/images/system-privileges-granted-to-public.png b/data-safe/assess-database-configurations/images/system-privileges-granted-to-public.png index 539a1433..76b6a0da 100644 Binary files a/data-safe/assess-database-configurations/images/system-privileges-granted-to-public.png and b/data-safe/assess-database-configurations/images/system-privileges-granted-to-public.png differ diff --git a/data-safe/assess-database-configurations/images/top-5-common-controls.png b/data-safe/assess-database-configurations/images/top-5-common-controls.png index 57228376..01657c34 100644 Binary files a/data-safe/assess-database-configurations/images/top-5-common-controls.png and b/data-safe/assess-database-configurations/images/top-5-common-controls.png differ diff --git a/data-safe/assess-database-configurations/images/transparent-data-encryption-finding.png b/data-safe/assess-database-configurations/images/transparent-data-encryption-finding.png index 3abe6e5d..2816e295 100644 Binary files a/data-safe/assess-database-configurations/images/transparent-data-encryption-finding.png and b/data-safe/assess-database-configurations/images/transparent-data-encryption-finding.png differ diff --git a/data-safe/assess-database-configurations/images/ua-dashboard-charts1.png b/data-safe/assess-database-configurations/images/ua-dashboard-charts1.png new file mode 100644 index 00000000..d6b92e32 Binary files /dev/null and b/data-safe/assess-database-configurations/images/ua-dashboard-charts1.png differ diff --git a/data-safe/assess-database-configurations/images/ua-dashboard-charts2.png b/data-safe/assess-database-configurations/images/ua-dashboard-charts2.png new file mode 100644 index 00000000..f20e4a6e Binary files /dev/null and b/data-safe/assess-database-configurations/images/ua-dashboard-charts2.png differ diff --git a/data-safe/assess-database-configurations/images/update-risk-for-finding.png b/data-safe/assess-database-configurations/images/update-risk-for-finding.png index 24ab993e..5bba326d 100644 Binary files a/data-safe/assess-database-configurations/images/update-risk-for-finding.png and b/data-safe/assess-database-configurations/images/update-risk-for-finding.png differ diff --git a/data-safe/assess-database-configurations/images/users-with-unlimited-concurrent-sessions.png b/data-safe/assess-database-configurations/images/users-with-unlimited-concurrent-sessions.png index 6be957ed..cc85b107 100644 Binary files a/data-safe/assess-database-configurations/images/users-with-unlimited-concurrent-sessions.png and b/data-safe/assess-database-configurations/images/users-with-unlimited-concurrent-sessions.png differ diff --git a/data-safe/assess-database-users/assess-database-users.md b/data-safe/assess-database-users/assess-database-users.md index ab896150..35bce6ef 100644 --- a/data-safe/assess-database-users/assess-database-users.md +++ b/data-safe/assess-database-users/assess-database-users.md @@ -14,7 +14,6 @@ In this lab, you will: - View the overview page for User Assessment - Analyze users in the latest user assessment -- (Optional) Review the `ADMIN` user's audit records - Change users and entitlements on the target database - Refresh the latest user assessment - Compare the latest user assessment with the initial user assessment @@ -27,7 +26,6 @@ This lab assumes you have: - Obtained an Oracle Cloud account and signed in to the Oracle Cloud Infrastructure Console - Access to or prepared an environment for this workshop - Access to a registered target database -- (Optional) Started audit data collection for your target database in Oracle Data Safe. Audit data collection is required if you want to view users' audit records from within User Assessment. ### Assumptions @@ -85,7 +83,12 @@ The latest user assessment is the one that was automatically generated by Oracle ![Assessment Information tab](images/ua-assessment-information-tab.png "Assessment Information tab") -4. Scroll down and review the **User details** section. This table provides the following information about each user: + +4. Rename the latest user assessment: Click the pencil icon to the right of **Name**, enter **UA\_target-database\_LATEST** (replace **target-database** with the name of your target database), and click the **Save** icon. + + ![Rename latest user assessment](images/rename-latest-ua-assessment.png "Rename latest user assessment") + +5. Scroll down and review the **User details** section. This table provides the following information about each user: - User name - User type (for example, PRIVILEGED, SCHEMA) @@ -99,7 +102,7 @@ The latest user assessment is the one that was automatically generated by Oracle ![User Assessment latest assessment details](images/ua-latest-assessment-details.png "User Assessment latest assessment details") -5. In the **User name** column, click a user that is a **CRITICAL** potential risk, for example, **EVIL_RICH**. +6. In the **User name** column, click a user that is a **CRITICAL** potential risk, for example, **EVIL_RICH**. The **User details** panel shows the following information about the user: @@ -118,44 +121,22 @@ The latest user assessment is the one that was automatically generated by Oracle ![EVIL_RICH user details](images/ua-EVIL_RICH-user-details.png "EVIL_RICH user details") -6. Click **Close**. +7. Click **Close**. -7. To filter the report to show potentially critical risk users only, do the following: Click the **Overview** tab. In the **Potential user risk** chart, click the **Critical** section of the chart. A filter is automatically created. +8. To filter the report to show potentially critical risk users only, do the following: Click the **Overview** tab. In the **Potential user risk** chart, click the **Critical** section of the chart. A filter is automatically created. ![Critical risk users filter](images/ua-critical-risk-users-filter.png "Critical risk users filter") -8. To remove the filter, click the **X** next to the filter. - - -## Task 3 (Optional): Review the `ADMIN` user's audit records - -1. Identify the row in the table for the `ADMIN` user. In the **Audit records** column for the `ADMIN` user, click **View activity**. - - ![ADMIN user audit records](images/ua-admin-user-audit-records.png "ADMIN user audit records") +9. To remove the filter, click the **X** next to the filter. - The **All activity** report for the `ADMIN` user is displayed. -2. Examine the report. - - - The report is automatically filtered to show you audit records for the past one week, for the `ADMIN` user, and for your target database. - - At the top of the report, you can view totals for **Targets**, **DB users**, **Client hosts**, **DMLs**, **Privilege changes**, **DDLs**, **User/entitlement changes**, **Login failures**, **Login successes**, and **Total events**. - - The **Event** column in the table shows you the types of activities performed by the `ADMIN` user, for example, `GRANT`, `LOGON`, `CREATE USER`, and so on. - - At the bottom of the page, you can click the page numbers to view more audit records. - - ![All activity report for the ADMIN user top](images/ua-all-activity-top.png "All activity report for the ADMIN user bottom") - - ![All activity report for the ADMIN user bottom](images/ua-all-activity-bottom.png "All activity report for the ADMIN user bottom") - -3. Click the browser's back button to return to the latest user assessment. - - -## Task 4: Change users and entitlements on the target database +## Task 3: Change users and entitlements on the target database 1. Access the SQL worksheet in **Database Actions**. 2. Clear the worksheet and the **Script Output** tab. -3. On the SQL worksheet, enter the following commands. Substitute your own password for database-password. +3. On the SQL worksheet, enter the following commands. Substitute your own password for `database-password`. ``` DROP USER evil_rich; @@ -170,7 +151,7 @@ The latest user assessment is the one that was automatically generated by Oracle 5. On the **Script Output** tab at the bottom of the page, verify that the `EVIL_RICH` user is dropped, the `JOE_SMITH` user is created, and the grant is successful. -## Task 5: Refresh the latest user assessment +## Task 4: Refresh the latest user assessment 1. Return to the browser tab for Oracle Data Safe. You last left off viewing the latest user assessment. @@ -178,16 +159,17 @@ The latest user assessment is the one that was automatically generated by Oracle The **Refresh now** panel is displayed. -3. Keep the default name as is, and click **Refresh now**. Wait for the status of the latest user assessment to read as **SUCCEEDED**. Oracle Data Safe automatically saves a static copy of the assessment to the Assessment History. +3. Name the assessment **UA\_target-database\_2** (replace **target-database** with the name of your target database), and click **Refresh now**. Wait for the status of the latest user assessment to read as **SUCCEEDED**. Oracle Data Safe automatically saves a static copy of the assessment to the Assessment History. ![User Assessment Refresh Now panel](images/ua-refresh-now-panel.png "User Assessment Refresh Now panel") + 4. Review the refreshed latest assessment. -## Task 6: Compare the latest user assessment with the initial user assessment +## Task 5: Compare the latest user assessment with the initial user assessment -You can select a user assessment to compare with the latest user assessment. With this option, you don't need to set a baseline. This option is only available when you are viewing the latest user assessment. Note that you could have set a baseline and compared the latest assessment to it. +You can select a user assessment to compare with the latest user assessment. With this option, you don't need to set a baseline. This option is available only when you are viewing the latest user assessment. Note that you could have set a baseline and compared the latest assessment to it. 1. While viewing the latest user assessment, on the left under **Resources**, click **Compare assessments**. @@ -195,7 +177,7 @@ You can select a user assessment to compare with the latest user assessment. Wit 3. If your compartment isn't shown, click **Change compartment** and select your compartment. -4. From the **Select assessment** drop-down list, select the initial assessment for your target database (second one in the list). As soon as you select it, the comparison operation is started. +4. From the **Select assessment** drop-down list, select the initial assessment for your target database. As soon as you select it, the comparison operation is started. 5. Review the results. @@ -222,4 +204,4 @@ You may now **proceed to the next lab**. ## Acknowledgements * **Author** - Jody Glover, Consulting User Assistance Developer, Database Development -* **Last Updated By/Date** - Jody Glover, August 22, 2024 +* **Last Updated By/Date** - Jody Glover, October 16, 2024 diff --git a/data-safe/assess-database-users/images/rename-latest-ua-assessment.png b/data-safe/assess-database-users/images/rename-latest-ua-assessment.png new file mode 100644 index 00000000..54d078f1 Binary files /dev/null and b/data-safe/assess-database-users/images/rename-latest-ua-assessment.png differ diff --git a/data-safe/assess-database-users/images/ua-EVIL_RICH-user-details.png b/data-safe/assess-database-users/images/ua-EVIL_RICH-user-details.png index 5c882820..eb030593 100644 Binary files a/data-safe/assess-database-users/images/ua-EVIL_RICH-user-details.png and b/data-safe/assess-database-users/images/ua-EVIL_RICH-user-details.png differ diff --git a/data-safe/assess-database-users/images/ua-admin-user-audit-records.png b/data-safe/assess-database-users/images/ua-admin-user-audit-records.png index 7376d46e..549d0537 100644 Binary files a/data-safe/assess-database-users/images/ua-admin-user-audit-records.png and b/data-safe/assess-database-users/images/ua-admin-user-audit-records.png differ diff --git a/data-safe/assess-database-users/images/ua-assessment-history-for-target-database.png b/data-safe/assess-database-users/images/ua-assessment-history-for-target-database.png index 39be6554..40bba9f0 100644 Binary files a/data-safe/assess-database-users/images/ua-assessment-history-for-target-database.png and b/data-safe/assess-database-users/images/ua-assessment-history-for-target-database.png differ diff --git a/data-safe/assess-database-users/images/ua-assessment-information-tab.png b/data-safe/assess-database-users/images/ua-assessment-information-tab.png index 1ccee88d..15295733 100644 Binary files a/data-safe/assess-database-users/images/ua-assessment-information-tab.png and b/data-safe/assess-database-users/images/ua-assessment-information-tab.png differ diff --git a/data-safe/assess-database-users/images/ua-comparison-details-panel.png b/data-safe/assess-database-users/images/ua-comparison-details-panel.png index 6cad6f9c..153a24a6 100644 Binary files a/data-safe/assess-database-users/images/ua-comparison-details-panel.png and b/data-safe/assess-database-users/images/ua-comparison-details-panel.png differ diff --git a/data-safe/assess-database-users/images/ua-dashboard-charts1.png b/data-safe/assess-database-users/images/ua-dashboard-charts1.png index 6512f97a..12f93002 100644 Binary files a/data-safe/assess-database-users/images/ua-dashboard-charts1.png and b/data-safe/assess-database-users/images/ua-dashboard-charts1.png differ diff --git a/data-safe/assess-database-users/images/ua-dashboard-charts2.png b/data-safe/assess-database-users/images/ua-dashboard-charts2.png index 0a7dc6a3..17e68ce5 100644 Binary files a/data-safe/assess-database-users/images/ua-dashboard-charts2.png and b/data-safe/assess-database-users/images/ua-dashboard-charts2.png differ diff --git a/data-safe/assess-database-users/images/ua-latest-assessment-details.png b/data-safe/assess-database-users/images/ua-latest-assessment-details.png index 23dfc411..63bd1cdd 100644 Binary files a/data-safe/assess-database-users/images/ua-latest-assessment-details.png and b/data-safe/assess-database-users/images/ua-latest-assessment-details.png differ diff --git a/data-safe/assess-database-users/images/ua-latest-charts1.png b/data-safe/assess-database-users/images/ua-latest-charts1.png index fe40a99a..59b13f46 100644 Binary files a/data-safe/assess-database-users/images/ua-latest-charts1.png and b/data-safe/assess-database-users/images/ua-latest-charts1.png differ diff --git a/data-safe/assess-database-users/images/ua-latest-charts2.png b/data-safe/assess-database-users/images/ua-latest-charts2.png index de7efa6c..25c0a70e 100644 Binary files a/data-safe/assess-database-users/images/ua-latest-charts2.png and b/data-safe/assess-database-users/images/ua-latest-charts2.png differ diff --git a/data-safe/assess-database-users/images/ua-refresh-now-panel.png b/data-safe/assess-database-users/images/ua-refresh-now-panel.png index 4cce93bf..4a2868b4 100644 Binary files a/data-safe/assess-database-users/images/ua-refresh-now-panel.png and b/data-safe/assess-database-users/images/ua-refresh-now-panel.png differ diff --git a/data-safe/assess-database-users/images/ua-risk-summary-tab.png b/data-safe/assess-database-users/images/ua-risk-summary-tab.png index 6a29b250..35e74b50 100644 Binary files a/data-safe/assess-database-users/images/ua-risk-summary-tab.png and b/data-safe/assess-database-users/images/ua-risk-summary-tab.png differ diff --git a/data-safe/assess-database-users/images/ua-target-summary-tab.png b/data-safe/assess-database-users/images/ua-target-summary-tab.png index e068e652..adc65a82 100644 Binary files a/data-safe/assess-database-users/images/ua-target-summary-tab.png and b/data-safe/assess-database-users/images/ua-target-summary-tab.png differ diff --git a/data-safe/audit-database-activity/audit-database-activity-old.md b/data-safe/audit-database-activity/audit-database-activity-old.md new file mode 100644 index 00000000..d238546c --- /dev/null +++ b/data-safe/audit-database-activity/audit-database-activity-old.md @@ -0,0 +1,224 @@ +# Audit database activity + +## Introduction + +In this lab, you use the auditing wizard to enable alert and audit policies on your target database, start audit data collection in Oracle Data Safe, and configure the retention periods for your audit data. Audit resources for Oracle Data Safe (audit profiles, audit policies, and audit trails) are automatically created for all registered target databases. You then perform activity on your target database and review the alerts and audit events generated in Oracle Data Safe. + +Estimated Lab Time: 15 minutes + +### Objectives + +In this lab, you will: + +- Configure auditing and alerts for your target database +- Review the Activity Auditing dashboard and audit policy +- Perform activities on your target database to generate audit data +- Review alerts in Oracle Data Safe +- Review audit events in Oracle Data Safe + + +### Prerequisites + +This lab assumes you have: + +- Obtained an Oracle Cloud account +- Signed in to the Oracle Cloud Infrastructure Console +- Prepared your environment for this workshop +- Registered your target database with Oracle Data Safe + + +### Assumptions + +- Your data values may be different than those shown in the screenshots. +- Please ignore the dates for the data and database names. Screenshots are taken at various times and may differ between labs and within labs. + +## Task 1: Configure auditing and alerts for your target database + + +1. In the breadcrumb at the top of the page, click **Data Safe**. + +2. Under **Data Safe**, click **Activity auditing**. + +3. Click **Configure auditing and alerts** to start the Activity Auditing wizard. + +4. For **Alert policy**, do the following, and then click **Next**. + + a) Select your target database. The list of available alert policies is displayed. + + b) Select the **Failed logins by admin user** and **User creation/modification** alert policies to enable them. + + ![Activity Auditing wizard - Alert Policy](images/activity-auditing-wizard-alert-policy.png "Activity Auditing wizard - Alert Policy") + +5. For **Audit policy**, select the following audit policies to enable them, and then click **Next**. + + a) Select **Exclude Data Safe user activity**. + + b) Under **Basic auditing**, select **Critical database activity** and **Database schema changes**. + + c) Under **Admin activity auditing**, select **Admin user activity**. + + d) Under **Custom policies**, select **APP\_USER\_NOT\_APP\_SERVER**. + + ![Activity Auditing wizard - Audit Policy top](images/activity-auditing-wizard-audit-policy.png "Activity Auditing wizard - Audit Policy top") + + ![Activity Auditing wizard - Audit Policy bottom](images/activity-auditing-wizard-audit-policy2.png "Activity Auditing wizard - Audit Policy bottom") + +6. For **Audit trails**, do the following to start collecting audit data, and then click **Next**. + + a) Select **UNIFIED\_AUDIT\_TRAIL: NOT_STARTED**. + + b) For the start date, select the beginning of the month. + + ![Activity Auditing wizard - Audit trails](images/activity-auditing-wizard-audit-trails.png "Activity Auditing wizard - Audit Trails") + +7. For **Audit profile**, leave the default selections for retention period and paid usage as is (see below), and click **Next**. + + - Audit data online retention months = 12 + - Audit data offline retention months = 0 + - Paid usage = selected + + ![Activity Auditing wizard - Audit profile](images/activity-auditing-wizard-audit-profile.png "Activity Auditing wizard - Audit profile") + + - Each regional Oracle Data Safe service in a tenancy has global settings for paid usage, online retention period, and archive retention period. + - Global settings are applied to all target databases unless their audit profiles override them. + - All initial audit profile settings for your target database are inherited from the global settings for Oracle Data Safe. + - By default, paid usage is enabled for all target databases, the online retention period is set to the maximum value of 12 months, and the archive retention period is set to the minimum value of 0 months. Note that you cannot enable paid usage for a free trial account. + +8. For **Review and submit**, review the configuration, and click **Submit** if everything is correct. + + ![Activity Auditing wizard - Review and submit](images/activity-auditing-wizard-review-submit.png "Activity Auditing wizard - Review and submit") + +9. For **Audit configuration progress**, wait until the alert and audit policies are provisioned and the audit trail is started. + + ![Activity Auditing wizard - Audit configuration progress](images/activity-auditing-wizard-audit-configuration-progress.png "Activity Auditing wizard - Audit configuration progress") + + ![Activity Auditing wizard - Audit configuration progress errors](images/audit-configuration-progress-errors.png "Activity Auditing wizard - Audit configuration progress errors") + + +10. Click **Close**. + + +## Task 2: Review the Activity Auditing dashboard and audit policy + +By default, the Activity Auditing dashboard shows you a summary of audit events for the last one week for all target databases in the form of charts and tables. On the left under **List scope** and **Filters**, you can filter by compartment, time period, and target database. + +1. On the **Activity auditing** page, on the left under **Filters**, select your target database. + +2. Review the charts. + + - The **Audit trails** chart shows you the number of audit trails that are running, stopped, not started, and that need attention. + - The **Failed login activity** chart shows you the number of failed logins on your target database for the last one week. You may or may not have any failed logins, depending on how you have interacted in Database Actions so far. + - The **Admin activity** chart shows you the number of database schema changes, failed logins, audit setting changes, and entitlement changes on your target database for the last one week. + - The **All activity** chart shows you the total count of audit events on your target database for the specified time period. + + ![Activity auditing dashboard charts1](images/aa-dashboard-charts1.png "Activity auditing dashboard charts1") + + ![Activity auditing dashboard charts2](images/aa-dashboard-charts2.png "Activity auditing dashboard charts2") + + +3. Review the **Events summary** and **Targets summary** tabs. + + - Statistics include the number of target databases that have an audit event in each event category and the total number of events per category. Because you are viewing statistics for your target database only, the **Target databases** column shows ones. + - Audit events include the number of login failures, schema changes, entitlement changes, audit settings changes, all activity (all audit events), Database Vault all violations, and Database Vault policy changes. + + ![Events summary tab](images/events-summary-tab3.png "Events summary tab") + + ![Targets summary tab](images/targets-summary-tab3.png "Targets summary tab") + + + +## Task 3: Perform activities on your target database to generate audit data + +In this task, you perform activities on your target database in Database Actions to generate some audit data. First, purposely try to log in as the `ADMIN` user with incorrect passwords. Then, sign in and create a user account. + +1. Return to the SQL worksheet in Database Actions. + +2. Sign out of Database Actions. + + The **Sign-in** page is displayed. + +3. In the **Username** box, enter `ADMIN`. + +4. Do this twice: Enter an incorrect password, and then click **Sign in**. + + An **Invalid credentials** message is displayed. + + ![Invalid database password message](images/invalid-database-password.png "Invalid database password message") + +5. Enter the correct password, and click **Sign in**. + + If you are using a Sandbox environment, you can find the database password in the LiveLabs reservation. + +6. If needed, click the **SQL** tile. + +7. Clear the worksheet, and then paste the following SQL script. Replace `your-password` with a password of your choice. The password must be between 12 and 30 characters long and must include at least one uppercase letter, one lowercase letter, and one numeric character. It cannot contain your username or the double quote (") character. + + ``` + drop user MALFOY cascade; + create user MALFOY identified by your-password; + grant PDB_DBA to MALFOY; + ``` + + +8. On the toolbar, click the **Run Script** button and wait for the script to finish running. + +9. In the script output, verify that the `MALFOY` user was successfully dropped and then recreated. + +10. Return to the browser tab for Oracle Data Safe and wait a couple of minutes for Oracle Data Safe to produce the alerts. + + +## Task 4: Review alerts in Oracle Data Safe + +1. Under **Security center** on the left, click **Alerts**. + +2. Under **Filters** on the left, select your target database. + +3. Review the alerts dashboard. + + - The **Alerts summary** chart compares the number of critical, high, and medium alerts. + - The **Open alerts** chart shows that there are open alerts on the current day. + - The **Top 10 alert policies by volume** chart shows you the number of alerts for the alert policies you just configured. + - The **Alerts summary** tab shows the number of critical, high, and medium alerts along with target database counts. It also shows you the total number of alerts and target databases. + - The **Targets summary** tab shows the number of open, critical, high, and medium alerts. + + ![Alerts dashboard charts](images/alerts-dashboard-charts.png "Alerts dashboard charts") + ![Alerts summary tab](images/alerts-dashboard-alerts-summary-tab.png "Alerts summary tab") + ![Targets summary tab](images/alerts-dashboard-targets-summary-tab.png "Targets summary tab") + + +4. Under **Related resources**, click **Reports**. + +5. In the **Report name** column on the right, click the **All alerts** report and review it. + + - The report is automatically filtered to show you all alerts for all target databases in the selected compartment for the past one week. To create filters, you can use the **+ Another filter** button or the **SCIM query builder**. + - You can view several totals, including the total number of target databases; total number of open and closed alerts, and the total number of critical, high, medium, and low alerts. You can click the **Targets** total to view the list of target databases. You can click the other totals to toggle a filter on the list of alerts. + - At the bottom of the report, you can view the list of alerts. By default, the table shows you the alert name, alert status, alert severity, target databases on which the audited event occurred, when the alert was created, and the alert policy rule name. + - You have options to create a PDF or XLS report, create a custom report, schedule a custom report, open and close alerts, and specify which table columns you want displayed on the page. + + ![All alerts report1](images/all-alerts-report1.png "All alerts report1") + ![All alerts report2](images/all-alerts-report2.png "All alerts report2") + + +## Task 5: Review audit events in Oracle Data Safe + +1. On the left under **Security center**, click **Activity auditing**. + +2. From the **Target databases** drop-down list on the left, select your target database. + +3. On the **Events summary** tab, click one of the event categories, for example, **Login failures by admin** to view more detail. + + ![Login failures](images/login-failures.png "Login failures") + + + +You may now **proceed to the next lab**. + +## Learn More + +* [Activity Auditing Overview](https://www.oracle.com/pls/topic/lookup?ctx=en/cloud/paas/data-safe&id=UDSCS-GUID-A73D8630-E59F-44C3-B467-F8E13041A680) +* [View and Manage Audit Reports](https://www.oracle.com/pls/topic/lookup?ctx=en/cloud/paas/data-safe&id=UDSCS-GUID-364B6431-9861-4B42-B24D-103D5F43B44A) + +## Acknowledgements + +* **Author** - Jody Glover, Consulting User Assistance Developer, Database Development +* **Last Updated By/Date** - Jody Glover, October 8, 2024 diff --git a/data-safe/audit-database-activity/audit-database-activity.md b/data-safe/audit-database-activity/audit-database-activity.md index 3970926f..75eabeef 100644 --- a/data-safe/audit-database-activity/audit-database-activity.md +++ b/data-safe/audit-database-activity/audit-database-activity.md @@ -2,30 +2,21 @@ ## Introduction -In Oracle Data Safe, you can provision audit policies on your target databases and collect audit data into the Oracle Data Safe repository. There are basic, administrator, user, Oracle pre-defined, and custom audit policies, as well as audit policies designed to help your organization meet compliance standards. When you register a target database, Oracle Data Safe automatically creates an audit profile, audit policy, and audit trails relevant for the target database. +Audit resources for Oracle Data Safe (audit profiles, audit policies, and audit trails) are automatically created for all registered target databases. -Start by reviewing the global settings in Oracle Data Safe. Then, review the audit profile, audit trail(s), and audit policy that are automatically created for your target database. Start audit data collection on your target database and provision a few audit policies. Analyze the audit events and view reports. Create, download, and schedule a custom audit report. +In this lab, you use the auditing wizard to enable alert and audit policies on your target database, start audit data collection in Oracle Data Safe, and configure the retention periods for your audit data. You then perform activity on your target database and review the alerts and audit events generated in Oracle Data Safe. -Estimated Lab Time: 20 minutes +Estimated Lab Time: 10 minutes ### Objectives In this lab, you will: -- Review the global settings for Oracle Data Safe -- Review the audit profile for your target database -- Review the audit policy for your target database -- Review the audit trail(s) for your target database -- View the quantity of audit records available on your target database for the discovered audit trail(s) -- Start audit data collection -- Review the Activity Auditing dashboard -- Provision audit policies on your target database -- Analyze the audit events for your target database -- View the All activity report -- Create a custom audit report -- Generate and download a custom audit report as a PDF -- View the audit report history -- Schedule your custom audit report +- Configure auditing and alerts for your target database +- Perform activities on your target database to generate audit data +- Review alerts in Oracle Data Safe +- Review audit events in Oracle Data Safe + ### Prerequisites @@ -42,397 +33,152 @@ This lab assumes you have: - Your data values may be different than those shown in the screenshots. - Please ignore the dates for the data and database names. Screenshots are taken at various times and may differ between labs and within labs. -## Task 1: Review the global settings for Oracle Data Safe +## Task 1: Configure auditing and alerts for your target database 1. In the breadcrumb at the top of the page, click **Data Safe**. -2. Under **Data Safe**, click **Settings**. - -3. Review the global settings. - - - Each regional Oracle Data Safe service in a tenancy has global settings for paid usage, online retention period, and archive retention period. - - Global settings are applied to all target databases unless their audit profiles override them. - - By default, paid usage is enabled for all target databases, the online retention period is set to the maximum value of 12 months, and the archive retention period is set to the minimum value of 0 months. Note that you cannot enable paid usage for a free trial account. - - ![Global settings](images/global-settings.png "Global settings") - - -## Task 2: Review the audit profile for your target database - -1. In the breadcrumb at the top of the page, click **Data Safe**. - -2. Under **Security center** on the left, click **Activity auditing**. - -3. Under **Related resources**, click **Audit profiles**. - -4. From the **Compartment** drop-down list under **List scope**, make sure your compartment is selected. - -5. On the right, review the audit profile information about your target database, and then click your target database name to view more detail. - - ![Audit profiles page](images/audit-profiles-page.png "Audit profiles page") - -6. Review the details in the audit profile. - - - There are default settings for paid usage, online retention period, and offline retention period. - - All initial audit profile settings for your target database are inherited from the global settings for Oracle Data Safe, but you can modify them here as needed. - - ![Audit profile information page](images/audit-profile-details-page.png "Audit profile information page") - -## Task 3: Review the audit trail(s) for your target database - -1. In the breadcrumb at the top of the page, click **Activity auditing**. - -2. On the left under **Related resources**, click **Audit trails**. - -3. Under **List scope** on the left, make sure your compartment is selected. - -4. Under **Filters** on the left, select your target database. - -5. On the right, review the audit trail(s) for your target database. Oracle Data Safe discovers one audit trail for an Autonomous Database called `UNIFIED_AUDIT_TRAIL`. - - ![Audit trails page](images/audit-trails-page.png "Audit trails page") - -6. Click your target database name for one of the audit trails and review the information on the **Audit trail information** page. This is where you can manage audit data collection for the audit trail. Notice that the audit trail is currently inactive. - - ![Audit trail information page](images/audit-trail-details-page.png "Audit trail information page") - - -## Task 4: Review the audit policy for your target database - -1. In the breadcrumb at the top of the page, click **Activity auditing**. - -2. Under **Related resources**, click **Audit policies**. - -3. From the **Compartment** drop-down list on the left, make sure your compartment is selected. - -4. From the **Target databases** drop-down list on the left, select your target database. - -5. On the right, review the information provided for your target database's audit policy. Notice that only the **Additional policies** category has policies enabled, which is indicated by a green circle with a check mark. These are Oracle pre-defined policies that are enabled by default on an Autonomous Transaction Processing database. - - ![Audit policies page](images/audit-policies-page.png "Audit policies page") - -6. Click your target database name to view more detail on the **Audit policy information** page. Scroll down and review the list of audit policies available for your target database. - - - A grey circle means the audit policy is not yet provisioned on the target database. A green circle means the audit policy is provisioned. - - You can choose to provision and enable any number of audit policies on your target database and set filters on users and roles. - - ![Audit policies information page](images/audit-policies-details-page.png "Audit policies information page") - - -## Task 5: View the quantity of audit records available on your target database for the discovered audit trail(s) - -1. In the breadcrumb at the top of the page, click **Activity auditing**. - -2. On the left under **Related resources**, click **Audit profiles**. - -3. From the **Compartment** drop-down list on the left, make sure your compartment is selected. - -4. From the **Target databases** drop-down list on the left, select your target database. - -5. On the right, click the name of your target database. - -6. Scroll down to the **Compute audit volume** section, and click **Available on target database**. - - The **Compute available volume** dialog box is displayed. - -7. For the start date, click the calendar widget and select the current date at 00:00 UTC. You select the current date because your target database is brand new. - -8. Click **Compute** and wait for Oracle Data Safe to calculate the available audit volume. - -9. In the **Available in target batabase** column, view the number of audit records for `UNIFIED_AUDIT_TRAIL`. - - - In our case, the number of records in `UNIFIED_AUDIT_TRAIL` is small because your target database has just been provisioned. For an older target database, however, there are probably a large number of audit records. - - Oracle Data Safe splits up the numbers by month. These values help you to decide on a start date for the Oracle Data Safe audit trail. - - Don't worry if the number of audit records on your system is different than what is shown below. - - ![Available in target database column](images/available-in-target-database.png "Available in target database column") - - -## Task 6: Start audit data collection - -1. In the breadcrumb at the top of the page, click **Activity auditing**. - -2. On the left under **Related resources**, click **Audit trails**. - -3. From the **Compartment** drop-down list on the left, make sure your compartment is selected. - -4. From the **Target databases** drop-down list on the left, select your target database. - -5. On the right, click the name of your target database for `UNIFIED_AUDIT_TRAIL`. - - The **Audit trail information** page is displayed. - -6. Click **Start**. - - A **Start audit trail: UNIFIED\_AUDIT\_TRAIL** dialog box is displayed. - -7. Configure a start date based on the data in the **Compute audit volume** region of the audit profile that you viewed in task 5 (step 9). For example, if you have one month listed (Jan 2024), you can set the start date to the beginning of January. - - ![Start audit trail dialog box](images/start-audit-trail-dialog-box.png "Start audit trail dialog box") - -8. Click **Start**. Wait for **Collection state** to change from **STARTING** to **COLLECTING** and then to **IDLE**. It takes about one minute. - - ![Collection state IDLE](images/collection-state-idle.png "Collection state IDLE") - +2. Under **Data Safe**, click **Activity auditing**. -## Task 7: Review the Activity Auditing dashboard +3. Click **Configure auditing and alerts** to start the Activity Auditing wizard. +4. For **Alert policy**, do the following to enable alert policies, and then click **Next**. -1. In the breadcrumb at the top of the page, click **Activity auditing**. + a) Select your target database. The list of available alert policies is displayed. - By default, the Activity Auditing dashboard shows you a summary of audit events for the last one week for all target databases in the form of charts and tables. On the left under **List scope** and **Filters**, you can filter by compartment, time period, and target database. + b) Select the **Failed logins by admin user** and **User creation/modification** alert policies to enable them. -2. From the **Compartments** drop-down list on the left, make sure your compartment is selected. + ![Activity Auditing wizard - Alert Policy](images/activity-auditing-wizard-alert-policy.png "Activity Auditing wizard - Alert Policy") + +5. For **Audit policy**, select the following audit policies to enable them, and then click **Next**. -3. From the **Target databases** drop-down list on the left, select your target database. The dashboard is automatically updated to include audit event statistics for only your target database. + a) Select **Exclude Data Safe user activity**. + + b) Under **Basic auditing**, select **Critical database activity** and **Database schema changes**. + + c) Under **Admin activity auditing**, select **Admin user activity**. + + d) Under **Custom policies**, select **APP\_USER\_NOT\_APP\_SERVER**. -4. Review the charts. + ![Activity Auditing wizard - Audit Policy top](images/activity-auditing-wizard-audit-policy.png "Activity Auditing wizard - Audit Policy top") - - The **Failed login activity** chart shows you the number of failed logins on your target database for the last one week. You may or may not have any failed logins, depending on how you have interacted in Database Actions so far. - - The **Admin activity** chart shows you the number of database schema changes, logins, audit setting changes, and entitlement changes on your target database for the last one week. - - The **All activity** chart shows you the total count of audit events on your target database for the specified time period. + ![Activity Auditing wizard - Audit Policy bottom](images/activity-auditing-wizard-audit-policy2.png "Activity Auditing wizard - Audit Policy bottom") - ![Activity Auditing dashboard initial charts](images/activity-auditing-dashboard-charts-initial.png "Activity Auditing dashboard initial charts") +6. For **Audit trails**, do the following to start collecting audit data, and then click **Next**. -5. On the **Events summary** tab, review the statistics for audit event categories. + a) Select **UNIFIED\_AUDIT\_TRAIL: NOT_STARTED**. - Statistics include the number of target databases that have an audit event in each event category and the total number of events per category. Because you are viewing statistics for your target database only, the **Target databases** column shows ones. + b) For the start date, select the beginning of the month. - ![Activity Auditing dashboard Events summary tab](images/activity-auditing-events-summary-tab.png "Activity Auditing dashboard Events summary tab") + ![Activity Auditing wizard - Audit trails](images/activity-auditing-wizard-audit-trails.png "Activity Auditing wizard - Audit Trails") -4. Click the **Target summary** tab and review the various audit event counts per target database. +7. For **Audit profile**, leave the default selections for the retention periods and paid usage as is (see below), and click **Next**. - Audit events include the number of login failures, schema changes, entitlement changes, audit settings changes, all activity (all audit events), Database Vault violations, and Database Vault policy changes. + - Audit data online retention months = 12 + - Audit data offline retention months = 0 + - Paid usage = not selected - ![Activity Auditing dashboard Target summary tab](images/activity-auditing-dashboard-target-summary-tab.png "Activity Auditing dashboard Target summary tab") + ![Activity Auditing wizard - Audit profile](images/activity-auditing-wizard-audit-profile.png "Activity Auditing wizard - Audit profile") -## Task 8: Provision audit policies - -1. Under **Related resources**, click **Audit policies**. - -2. From the **Compartment** drop-down list on the left, make sure your compartment is selected. - -3. From the **Target databases** drop-down list on the left, select your target database. - -4. On the right, click the name of your target database. - -5. Review the custom audit policies that are provisioned on your target database. If the check box is not selected, it means that the policy is not yet enabled. For example, the following are custom audit policies provided with the sample data that you loaded into your target database: - - - `APP_USER_NOT_APP_SERVER` - - `EMPSEARCH_SELECT_USAGE_BY_PETE` - - `EMP_RECORD_CHANGES` - -6. Click **Update and provision**. - - The **Provision audit policies** panel is displayed. - -7. Select **Exclude Data Safe user activity**. - -8. Under **Basic auditing**, select **Database schema changes** and **Critical database activity**. - -9. Under **Admin activity auditing**, select **Admin user activity**. - -10. Under **Custom policies**, select **APP\_USER\_NOT\_APP\_SERVER**. + - Each regional Oracle Data Safe service in a tenancy has global settings for paid usage, online retention period, and archive retention period. + - Global settings are applied to all target databases unless their audit profiles override them. + - All initial audit profile settings for your target database are inherited from the global settings for Oracle Data Safe. + - By default, paid usage is not enabled for all target databases, the online retention period is set to the maximum value of 12 months, and the archive retention period is set to the minimum value of 0 months. Note that you cannot enable paid usage for a free trial account. -11. Click **Update and provision** to provision the selected policies on your target database. +8. For **Review and submit**, review the configuration, and click **Submit** if everything is correct. - ![Provision audit policies panel](images/provision-audit-policies-panel.png "Provision audit policies panel") + ![Activity Auditing wizard - Review and submit](images/activity-auditing-wizard-review-submit.png "Activity Auditing wizard - Review and submit") -12. Wait for the provisioning to finish, and then view the updated policy information on the page. Notice that the policies you enabled now have green circles. +9. For **Audit configuration progress**, wait until the alert and audit policies are provisioned and the audit trail is started. + + ![Activity Auditing wizard - Audit configuration progress](images/activity-auditing-wizard-audit-configuration-progress2.png "Activity Auditing wizard - Audit configuration progress") + - ![Enabled policies](images/enabled-policies.png "Enabled policies") +10. Click **Close**. -## Task 9: Analyze the audit events for your target database +## Task 2: Perform activities on your target database to generate audit data -1. In the breadcrumb at the top of the page, click **Activity auditing**. +In this task, you perform activities on your target database in Database Actions to generate some audit data. First, purposely try to log in as the `ADMIN` user with incorrect passwords. Then, sign in and create a user account. -2. From the **Target databases** drop-down list on the left, select your target database. +1. Return to the SQL worksheet in Database Actions. - The dashboard is automatically updated to include audit event statistics for your target database. Do you notice any difference in the numbers? +2. Sign out of Database Actions. - ![Activity Auditing dashboard charts after provisioning policies](images/activity-auditing-dashboard-charts-afterprovision.png "Activity Auditing dashboard charts after provisioning policies") - ![Activity Auditing dashboard table after provisioning policies](images/activity-auditing-dashboard-table-afterprovision.png "Activity Auditing dashboard table after provisioning policies") + The **Sign-in** page is displayed. -3. Notice that there are schema changes. To investigate, on the **Events summary** tab, click **Schema changes by admin** to view more detail. +3. In the **Username** box, enter `ADMIN`. -4. On the **Event category** page, review the following: +4. Do this twice: Enter an incorrect password, and then click **Sign in**. - - The filters set at the top of the page. There are two filters set on **Operation time**, setting the time period for the past one week. There is one filter set on **Target id**, setting the target database to your database. - - The total number of targets, database users, client hosts, `CREATE` statements, `ALTER` statements, and `DROP` statements - - The total number of events - - The individual audit events + An **Invalid credentials** message is displayed. - ![Schema changes by admin](images/schema-changes-by-admin-page.png "Schema changes by admin") + ![Invalid database password message](images/invalid-database-password.png "Invalid database password message") -5. Click the down arrow at the end of any row in the event table to view more detail about the event. When you click the down arrow, it changes to an up arrow. +5. Enter the correct password, and click **Sign in**. - ![Audit event table expander](images/audit-event-table-expander.png "Audit event table expander") + If you are using a Sandbox environment, you can find the database password in the LiveLabs reservation. -6. What was the SQL issued? +6. If needed, click the **SQL** tile. - Answer: Scroll down to the **SQL text** line item. Here you can choose to show the SQL or copy it. The SQL issued was as follows: +7. Clear the worksheet, and then paste the following SQL script. Replace `your-password` with a password of your choice. The password must be between 12 and 30 characters long and must include at least one uppercase letter, one lowercase letter, and one numeric character. It cannot contain your username or the double quote (") character. ``` - drop function HCM1.return_condition + drop user MALFOY cascade; + create user MALFOY identified by your-password; + grant PDB_DBA to MALFOY; ``` -## Task 10: View the All activity report - -By default, the All activity report shows audit events for the past one week for all target databases in the selected compartment(s). - -1. Under **Related resources**, click **Audit reports**. Oracle Data Safe has the following predefined audit reports: - - - All activity - - Admin activity - - User/entitlement changes - - Audit policy changes - - Login activity - - Data access - - Data modification - - Database schema changes - - Data Safe activity - - Database Vault activity - - Common user activity - - Database errors - - Data extraction activity - - Sensitive data activity - - SQL Firewall audited violations - -2. Make sure that your compartment is selected. Deselect **Include child compartments**. - -3. Click the **All activity** report to view it. - -4. View the filters set in the report. - - - By default, the report is filtered to show audit events for the past one week for all target databases in the selected compartment(s). - - You can create additional filters as needed. - -5. View the totals in the report. - - - You can click **Targets**, **DB users**, and **Client hosts** to view the list of targets, database users, and client hosts respectively. - - If you click **DMLs**, **Privilege changes**, **DDLs**, **User/entitlement changes**, **Login failures**, **Login successes**, or **Total events**, the audit events table is filtered accordingly. - -6. Scroll down and view the individual audit events. - -7. To view more detail for a particular audit event, click the down arrow to expand the row and show details for the particular event. For some details, you can copy their values to the clipboard. - - ![All activity report](images/all-activity-report.png "All activity report") - - -## Task 11: Create a custom audit report - -1. At the top of the **All activity** report, add the following two filters. To add a filter, click **+ Another filter**. When you are done setting the filter parameters, click **Apply**. - - - **Target = your-target-database-name** - - **Object owner = HCM1** - -2. Click **Manage columns**. In the **Manage columns** panel, select **Target**, **DB user**, **Event**, **Object**, **Operation time**, and **Unified audit policies** columns. Click **Apply changes**. - - The table displays the selected columns. Also notice that the totals are adjusted too. - ![All activity report](images/custom-audit-report3.png "All activity report") +8. On the toolbar, click the **Run Script** button and wait for the script to finish running. -3. Click **Create custom report**. +9. In the script output, verify that the `MALFOY` user was successfully dropped and then recreated. - The **Create custom report** dialog box is displayed. +10. Return to the browser tab for Oracle Data Safe and wait a couple of minutes for Oracle Data Safe to produce the alerts. -4. Enter the display name **All activity report on schema: HCM1 in target your-target-database-name**. Enter an optional description. Select your compartment, if needed. Click **Create custom report** and wait for the report to generate. - ![Create custom report dialog box](images/create-custom-report-dialog-box.png "Create custom report dialog box") +## Task 3: Review alerts in Oracle Data Safe -5. In the **Create custom report** dialog box, click the **click here** link to navigate to your custom report. +1. Under **Security center** on the left, click **Alerts**. - - If you need to modify your custom report, you can click **Save report** to save the changes. - - To view your custom report in the future, under **Related resources** for **Activity auditing**, click **Audit reports**. Click the **Custom reports** tab, and then click the name of your custom audit report. +2. Under **Filters** on the left, select your target database. +3. Review the alerts dashboard. -## Task 12: Generate and download a custom audit report as a PDF + - The **Alerts summary** chart compares the number of critical, high, and medium alerts. + - The **Open alerts** chart shows that there are open alerts on the current day. + - The **Top 10 alert policies by volume** chart shows you the number of alerts for the alert policies you just configured. + - The **Alerts summary** tab shows the number of critical, high, and medium alerts along with target database counts. It also shows you the total number of alerts and target databases. + - The **Targets summary** tab shows the number of open, critical, high, and medium alerts. -1. On the custom audit report page, click **Generate report**. + ![Alerts dashboard charts](images/alerts-dashboard-charts.png "Alerts dashboard charts") + ![Alerts summary tab](images/alerts-dashboard-alerts-summary-tab.png "Alerts summary tab") + ![Targets summary tab](images/alerts-dashboard-targets-summary-tab.png "Targets summary tab") - The **Generate report** dialog box is displayed. -2. Leave **PDF** selected. +4. Under **Related resources**, click **Reports**. -3. Enter the display name **All activity report on schema: HCM1 in target your-target-database-name**. +5. In the **Report name** column on the right, click the **All alerts** report and review it. -4. (Optional) Enter a description. + - The report is automatically filtered to show you all alerts for all target databases in the selected compartment for the past one week. To create filters, you can use the **+ Another filter** button or the **SCIM query builder**. + - You can view several totals, including the total number of target databases; total number of open and closed alerts, and the total number of critical, high, medium, and low alerts. You can click the **Targets** total to view the list of target databases. You can click the other totals to toggle a filter on the list of alerts. + - At the bottom of the report, you can view the list of alerts. By default, the table shows you the alert name, alert status, alert severity, target databases on which the audited event occurred, when the alert was created, and the alert policy rule name. + - You have options to create a PDF or XLS report, create a custom report, schedule a custom report, open and close alerts, and specify which table columns you want displayed on the page. -5. Make sure your compartment is selected. + ![All alerts report top](images/all-alerts-report-top.png "All alerts report top") + ![All alerts report bottom](images/all-alerts-report-bottom.png "All alerts report bottom") -6. Leave the other settings as is. -7. Click **Generate report** and wait until the PDF report is generated. A message is displayed stating that report generation is complete. +## Task 4: Review audit events in Oracle Data Safe - ![Generate PDF of custom audit report](images/generate-pdf-custom-audit-report.png "Generate PDF of custom audit report") +1. On the left under **Security center**, click **Activity auditing**. -8. Click the **here** link to download the report. - -9. If you are prompted to open or save the report, choose to save. - -10. To close the **Generate Report** dialog box, click **Close**. - -11. Open the PDF report and view it. - - ![All activity PDF report](images/all-activity-report-pdf.png "All activity PDF report") - -12. To close the PDF report, close the browser tab. - - -## Task 13: View the audit report history - -1. Under **Related resources**, click **Audit report history**. - -2. View the details for your custom report. On this page, you can click the name of a report to view its details and download the report as a PDF or XLS document (depending on how you originally generated it). Oracle Data Safe keeps the history of audit reports for up to three months. - - ![History for custom report](images/history-custom-report.png "History for custom report") - -3. In the **Name** column, click the name of your custom report to view its details. - - ![Custom report details](images/custom-report-details.png "Custom report details") - - -## Task 14: Schedule your custom audit report -Schedule your custom audit report to generate a PDF every Sunday at 11PM UTC. - -1. In the breadcrumb at the top of the page, select **Activity auditing**. - -2. Under **Related resources**, click **Audit reports**. - -3. On the right, click the **Custom reports** tab. - -4. In the **Report name** column in the table, click the name of your custom report. - - Your custom report is displayed. - -5. Click **Manage report schedule**. - - The **Manage report schedule** panel is displayed. - -6. Enter a schedule name, for example, **All activity HCM1 on your-database-name schedule**. - -7. Make sure that your compartment is selected. - -8. Leave **PDF** selected as the report format. - -9. For **Schedule frequency**, select **Weekly**. - -10. For **Every**, select **Sunday**. - -11. For **Time (in UTC)**, select **11 PM**. - -12. For **Events time span**, leave **Last days** and **7** as is so that only one weeks worth of data is displayed in the report. - - ![Manage Report Schedule panel](images/manage-report-schedule-panel.png "Manage report schedule panel") - -13. Click **Save schedule**. - - The panel closes and you are returned to your custom report. +2. From the **Target databases** drop-down list on the left, select your target database. -14. To view the schedule, under **Related resources**, click **Audit reports**. On the right, click the **Custom reports** tab. Notice that now there is a report schedule for your custom report. You can access the reports generated by the schedule on the **Audit report history** page. +3. On the **Events summary** tab, click one of the event categories, for example, **Login failures by admin** to view more detail. + + ![Login failures report - top](images/login-failures-top.png "Login failures report - top") + ![Login failures report - bottom](images/login-failures-bottom.png "Login failures report - bottom") - ![Custom report with schedule](images/custom-report-w-schedule.png "Custom report with schedule") You may now **proceed to the next lab**. @@ -444,4 +190,4 @@ You may now **proceed to the next lab**. ## Acknowledgements * **Author** - Jody Glover, Consulting User Assistance Developer, Database Development -* **Last Updated By/Date** - Jody Glover, May 16, 2024 +* **Last Updated By/Date** - Jody Glover, October 16, 2024 diff --git a/data-safe/audit-database-activity/images/aa-dashboard-charts1.png b/data-safe/audit-database-activity/images/aa-dashboard-charts1.png new file mode 100644 index 00000000..8ee8921e Binary files /dev/null and b/data-safe/audit-database-activity/images/aa-dashboard-charts1.png differ diff --git a/data-safe/audit-database-activity/images/aa-dashboard-charts2.png b/data-safe/audit-database-activity/images/aa-dashboard-charts2.png new file mode 100644 index 00000000..9f144841 Binary files /dev/null and b/data-safe/audit-database-activity/images/aa-dashboard-charts2.png differ diff --git a/data-safe/audit-database-activity/images/activity-auditing-wizard-alert-policy.png b/data-safe/audit-database-activity/images/activity-auditing-wizard-alert-policy.png new file mode 100644 index 00000000..cdb35361 Binary files /dev/null and b/data-safe/audit-database-activity/images/activity-auditing-wizard-alert-policy.png differ diff --git a/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-configuration-progress.png b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-configuration-progress.png new file mode 100644 index 00000000..c40fe89b Binary files /dev/null and b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-configuration-progress.png differ diff --git a/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-configuration-progress2.png b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-configuration-progress2.png new file mode 100644 index 00000000..8b6a3c0c Binary files /dev/null and b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-configuration-progress2.png differ diff --git a/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-policy.png b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-policy.png new file mode 100644 index 00000000..15430775 Binary files /dev/null and b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-policy.png differ diff --git a/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-policy2.png b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-policy2.png new file mode 100644 index 00000000..810ce07b Binary files /dev/null and b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-policy2.png differ diff --git a/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-profile.png b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-profile.png new file mode 100644 index 00000000..b18a44d9 Binary files /dev/null and b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-profile.png differ diff --git a/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-trails.png b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-trails.png new file mode 100644 index 00000000..6ea8fe9f Binary files /dev/null and b/data-safe/audit-database-activity/images/activity-auditing-wizard-audit-trails.png differ diff --git a/data-safe/audit-database-activity/images/activity-auditing-wizard-review-submit.png b/data-safe/audit-database-activity/images/activity-auditing-wizard-review-submit.png new file mode 100644 index 00000000..8f6538db Binary files /dev/null and b/data-safe/audit-database-activity/images/activity-auditing-wizard-review-submit.png differ diff --git a/data-safe/audit-database-activity/images/alerts-dashboard-alerts-summary-tab.png b/data-safe/audit-database-activity/images/alerts-dashboard-alerts-summary-tab.png new file mode 100644 index 00000000..ad05e3bb Binary files /dev/null and b/data-safe/audit-database-activity/images/alerts-dashboard-alerts-summary-tab.png differ diff --git a/data-safe/audit-database-activity/images/alerts-dashboard-alerts-targets-summary-tab.png b/data-safe/audit-database-activity/images/alerts-dashboard-alerts-targets-summary-tab.png new file mode 100644 index 00000000..bca4ad19 Binary files /dev/null and b/data-safe/audit-database-activity/images/alerts-dashboard-alerts-targets-summary-tab.png differ diff --git a/data-safe/audit-database-activity/images/alerts-dashboard-charts.png b/data-safe/audit-database-activity/images/alerts-dashboard-charts.png new file mode 100644 index 00000000..54f92925 Binary files /dev/null and b/data-safe/audit-database-activity/images/alerts-dashboard-charts.png differ diff --git a/data-safe/audit-database-activity/images/alerts-dashboard-targets-summary-tab.png b/data-safe/audit-database-activity/images/alerts-dashboard-targets-summary-tab.png new file mode 100644 index 00000000..1a4804db Binary files /dev/null and b/data-safe/audit-database-activity/images/alerts-dashboard-targets-summary-tab.png differ diff --git a/data-safe/audit-database-activity/images/all-alerts-report-bottom.png b/data-safe/audit-database-activity/images/all-alerts-report-bottom.png new file mode 100644 index 00000000..56ce35ef Binary files /dev/null and b/data-safe/audit-database-activity/images/all-alerts-report-bottom.png differ diff --git a/data-safe/audit-database-activity/images/all-alerts-report-top.png b/data-safe/audit-database-activity/images/all-alerts-report-top.png new file mode 100644 index 00000000..ce04e4a1 Binary files /dev/null and b/data-safe/audit-database-activity/images/all-alerts-report-top.png differ diff --git a/data-safe/audit-database-activity/images/all-alerts-report1.png b/data-safe/audit-database-activity/images/all-alerts-report1.png new file mode 100644 index 00000000..0fed87a7 Binary files /dev/null and b/data-safe/audit-database-activity/images/all-alerts-report1.png differ diff --git a/data-safe/audit-database-activity/images/all-alerts-report2.png b/data-safe/audit-database-activity/images/all-alerts-report2.png new file mode 100644 index 00000000..b7d1e0ac Binary files /dev/null and b/data-safe/audit-database-activity/images/all-alerts-report2.png differ diff --git a/data-safe/audit-database-activity/images/audit-configuration-progress-errors.png b/data-safe/audit-database-activity/images/audit-configuration-progress-errors.png new file mode 100644 index 00000000..ad02df15 Binary files /dev/null and b/data-safe/audit-database-activity/images/audit-configuration-progress-errors.png differ diff --git a/data-safe/audit-database-activity/images/audit-policy.png b/data-safe/audit-database-activity/images/audit-policy.png new file mode 100644 index 00000000..a0fbb8a6 Binary files /dev/null and b/data-safe/audit-database-activity/images/audit-policy.png differ diff --git a/data-safe/audit-database-activity/images/events-summary-tab3.png b/data-safe/audit-database-activity/images/events-summary-tab3.png new file mode 100644 index 00000000..dd6c3b8e Binary files /dev/null and b/data-safe/audit-database-activity/images/events-summary-tab3.png differ diff --git a/data-safe/audit-database-activity/images/invalid-database-password.png b/data-safe/audit-database-activity/images/invalid-database-password.png new file mode 100644 index 00000000..cf96088f Binary files /dev/null and b/data-safe/audit-database-activity/images/invalid-database-password.png differ diff --git a/data-safe/audit-database-activity/images/login-failures-bottom.png b/data-safe/audit-database-activity/images/login-failures-bottom.png new file mode 100644 index 00000000..f8dbe51c Binary files /dev/null and b/data-safe/audit-database-activity/images/login-failures-bottom.png differ diff --git a/data-safe/audit-database-activity/images/login-failures-top.png b/data-safe/audit-database-activity/images/login-failures-top.png new file mode 100644 index 00000000..4e27d547 Binary files /dev/null and b/data-safe/audit-database-activity/images/login-failures-top.png differ diff --git a/data-safe/audit-database-activity/images/login-failures.png b/data-safe/audit-database-activity/images/login-failures.png new file mode 100644 index 00000000..66b2b589 Binary files /dev/null and b/data-safe/audit-database-activity/images/login-failures.png differ diff --git a/data-safe/audit-database-activity/images/targets-summary-tab3.png b/data-safe/audit-database-activity/images/targets-summary-tab3.png new file mode 100644 index 00000000..36aaf6dd Binary files /dev/null and b/data-safe/audit-database-activity/images/targets-summary-tab3.png differ diff --git a/data-safe/discover-sensitive-data/discover-sensitive-data.md b/data-safe/discover-sensitive-data/discover-sensitive-data.md index 3fd13133..dd002889 100644 --- a/data-safe/discover-sensitive-data/discover-sensitive-data.md +++ b/data-safe/discover-sensitive-data/discover-sensitive-data.md @@ -202,4 +202,4 @@ You may now **proceed to the next lab**. ## Acknowledgements - **Author** - Jody Glover, Consulting User Assistance Developer, Database Development -- **Last Updated By/Date** - Jody Glover, August 21, 2024 +- **Last Updated By/Date** - Jody Glover, October 9, 2024 diff --git a/data-safe/generate-alerts/generate-alerts.md b/data-safe/generate-alerts/generate-alerts.md index 11bae842..e9d0defb 100644 --- a/data-safe/generate-alerts/generate-alerts.md +++ b/data-safe/generate-alerts/generate-alerts.md @@ -2,7 +2,7 @@ ## Introduction -An alert is a message that notifies you when a particular audit event happens on a target database. In Oracle Data Safe, you can provision alert policies on your target databases, view and manage alerts, view predefined alert reports, and create custom alert reports. +An alert is a message that notifies you when a particular audit event happens on a target database. In Oracle Data Safe, you can create and provision alert policies on your target databases, view and manage alerts, view predefined alert reports, and create custom alert reports. Start by reviewing the predefined alert policies in Oracle Data Safe, and then provision two of them. Using Database Actions, perform activity on your target database to cause alerts in Oracle Data Safe. Review the generated alerts and create a custom alerts report. Download the report as a PDF. @@ -42,8 +42,6 @@ This lab assumes you have: The **Alerts** page is displayed. The alerts dashboard does not have any data because you have not yet enabled any alert policies. - ![Alerts page without data](images/alerts-dashboard-no-data.png "Alerts page without data") - 2. Under **Related resources**, click **Alert policies**. 3. Review the list of available alert policies provided by Oracle Data Safe. They are as follows: @@ -62,8 +60,6 @@ This lab assumes you have: The **Alert policy details** page is displayed for the **User creation/modification** alert policy. - ![User creation modification alert policy details](images/user-creation-modification-alert-policy-details.png "User creation modification alert policy details") - 5. Next to **Policy applied on target databases**, click **View list** to view the target databases associated with the alert policy. The **Target-policy associations** page is displayed with the **Policy name** filter set to **User creation/modification**. @@ -81,26 +77,20 @@ This lab assumes you have: The **Apply and enable alert policy to target databases** panel is displayed. -3. Select **Selected targets only**. - -4. If needed, click **Change compartment** and select your compartment. - -5. From the drop-down list, select your target database. - -6. Select **Selected policies only**. +3. From the drop-down list, select your target database. -7. From the drop-down list, one at a time, select the **User creation/modification** and **Failed logins by admin user** alert policies. +4. From the drop-down list, one at a time, select the **User creation/modification** and **Failed logins by admin user** alert policies. -8. Click **Apply policy** and wait until a message states that you can close the panel. +5. Click **Apply policy** and wait until a message states that you can close the panel. ![Apply and enable alert policy to target databases panel](images/apply-and-enable-alert-policy-panel.png "Apply and enable alert policy to target databases panel") -9. Click **Close**. +6. Click **Close**. The two target-policy associations for your target database are listed on the page and are enabled. -10. Wait for the state to change to **Active** for both target-policy associations. If a target-policy association is not displayed, please set the **Policy name** filter to **All**. +7. Wait for the state to change to **Active** for both target-policy associations. If a target-policy association is not displayed, make sure the **Policy name** filter is set to **All**. ![Two target-policy associations for your target database](images/two-target-policy-associations-for-target.png "Two target-policy associations for your target database") @@ -169,7 +159,7 @@ In this task, you perform activities on your target database in Database Actions - The report is automatically filtered to show you all alerts for all target databases in the selected compartment for the past one week. To manually create custom filters, you can use the **SCIM query builder**. - You can view several totals, including the total number of target databases; total number of open and closed alerts, and the total number of critical, high, medium, and low alerts. You can click the **Targets** total to view the list of target databases. You can click the other totals to toggle a filter on the list of alerts. - - At the bottom of the report, you can view the list of alerts. By default, the table shows you the alert name, alert status, alert severity, target databases on which the audited event occurred, and when the alert was created. + - At the bottom of the report, you can view the list of alerts. By default, the table shows you the alert name, alert status, alert severity, target databases on which the audited event occurred, when the alert was created, and the alert policy rule name. - You have options to create a PDF or XLS report, create a custom report, schedule a custom report, open and close alerts, and specify which table columns you want displayed on the page. ![All alerts report](images/all-alerts-report.png "All alerts report") @@ -180,9 +170,9 @@ In this task, you perform activities on your target database in Database Actions 8. Click **+ Another filter**. Create the filter **Alert name = User creation/modification**, and click **Apply**. - Only alerts that pertain to User Creation/Modification are listed in the table. + Only alerts that pertain to User creation/modification are listed in the table. -9. Review the alerts generated for **User Creation/Modification**. +9. Review the alerts generated for **User creation/modification**. ![User Creation/Modification alerts](images/alerts-user-creation-modification.png "User Creation/Modification alerts") @@ -198,6 +188,7 @@ In this task, you perform activities on your target database in Database Actions - Alert severity - Alert status - Whether the alert is open or closed - Alert type - Currently all alert types are AUDITING + - Alert policy rule - Policy that generated the alert - User operation that generated the alert - Operation time and status diff --git a/data-safe/generate-alerts/images/alerts-dashboard-with-data.png b/data-safe/generate-alerts/images/alerts-dashboard-with-data.png index 446dc54d..7a37134d 100644 Binary files a/data-safe/generate-alerts/images/alerts-dashboard-with-data.png and b/data-safe/generate-alerts/images/alerts-dashboard-with-data.png differ diff --git a/data-safe/generate-alerts/images/alerts-reports.png b/data-safe/generate-alerts/images/alerts-reports.png index 4a3c40df..4ed36d15 100644 Binary files a/data-safe/generate-alerts/images/alerts-reports.png and b/data-safe/generate-alerts/images/alerts-reports.png differ diff --git a/data-safe/generate-alerts/images/apply-and-enable-alert-policy-panel.png b/data-safe/generate-alerts/images/apply-and-enable-alert-policy-panel.png index 883b300a..02fc59ee 100644 Binary files a/data-safe/generate-alerts/images/apply-and-enable-alert-policy-panel.png and b/data-safe/generate-alerts/images/apply-and-enable-alert-policy-panel.png differ diff --git a/data-safe/generate-alerts/images/targets-summary.png b/data-safe/generate-alerts/images/targets-summary.png index 4c13fc4c..27ea2c7b 100644 Binary files a/data-safe/generate-alerts/images/targets-summary.png and b/data-safe/generate-alerts/images/targets-summary.png differ diff --git a/data-safe/introduction/introduction-sandbox.md b/data-safe/introduction/introduction-sandbox.md index fb8a17ad..3b288802 100644 --- a/data-safe/introduction/introduction-sandbox.md +++ b/data-safe/introduction/introduction-sandbox.md @@ -1,6 +1,6 @@ # Introduction -This workshop is designed to help new users become familiar with the features of Oracle Data Safe. In the LiveLabs Sandbox environment, you learn how to audit database activity, generate alerts, assess the security of your database configurations and users, and discover and mask sensitive data. +This workshop is designed to help new users become familiar with the features of Oracle Data Safe. In the LiveLabs Sandbox environment, you learn how to audit database activity and generate alerts, assess the security of your database configurations and users, and discover and mask sensitive data. Estimated Workshop Time: 2 hours @@ -14,10 +14,9 @@ Watch a preview of "*Introduction to Oracle Data Safe (June 2022)*" [](youtube:U In this workshop, you learn how to perform the following tasks: -- Collect audit data from your target database and analyze database activity -- Generate alerts in Oracle Data Safe to inform you of database activity - Assess the security of your database configurations and database users using Oracle Data Safe - Discover and mask sensitive data on your target database using Oracle Data Safe +- Collect and monitor audit data in Oracle Data Safe to inform you of database activity You may now **proceed to the next lab**. diff --git a/data-safe/introduction/introduction.md b/data-safe/introduction/introduction.md index d4f91c25..13af7441 100644 --- a/data-safe/introduction/introduction.md +++ b/data-safe/introduction/introduction.md @@ -1,6 +1,6 @@ # Introduction -This workshop is designed to help new users become familiar with the features of Oracle Data Safe. You learn how to register a database with Oracle Data Safe, audit database activity, generate alerts, assess the security of your database configurations and users, and discover and mask sensitive data. +This workshop is designed to help new users become familiar with the features of Oracle Data Safe. You learn how to register a database with Oracle Data Safe, audit database activity and generate alerts, assess the security of your database configurations and users, and discover and mask sensitive data. You can do this workshop in your own tenancy or in an Oracle-provided environment, such as a LiveLabs sandbox. @@ -17,10 +17,9 @@ Watch a preview of "*Introduction to Oracle Data Safe (June 2022)*" [](youtube:U In this workshop, you learn how to perform the following tasks: - Register an Autonomous Database with Oracle Data Safe -- Collect audit data from your target database and analyze database activity -- Generate alerts in Oracle Data Safe to inform you of database activity - Assess the security of your database configurations and database users using Oracle Data Safe - Discover and mask sensitive data on your target database using Oracle Data Safe +- Collect and monitor audit data in Oracle Data Safe to inform you of database activity You may now **proceed to the next lab**. @@ -37,4 +36,4 @@ The following links provide more information about Oracle Data Safe: ## Acknowledgements * **Author** - Jody Glover, Consulting User Assistance Developer, Database Development -* **Last Updated By/Date** - Jody Glover, May 16, 2024 +* **Last Updated By/Date** - Jody Glover, October 9, 2024 diff --git a/data-safe/mask-sensitive-data/images/insertion-type-select.png b/data-safe/mask-sensitive-data/images/insertion-type-select.png index 1f0adebe..23af6b7e 100644 Binary files a/data-safe/mask-sensitive-data/images/insertion-type-select.png and b/data-safe/mask-sensitive-data/images/insertion-type-select.png differ diff --git a/data-safe/mask-sensitive-data/images/mask-sensitive-data-panel.png b/data-safe/mask-sensitive-data/images/mask-sensitive-data-panel.png index 30c400f8..2d599c16 100644 Binary files a/data-safe/mask-sensitive-data/images/mask-sensitive-data-panel.png and b/data-safe/mask-sensitive-data/images/mask-sensitive-data-panel.png differ diff --git a/data-safe/mask-sensitive-data/mask-sensitive-data.md b/data-safe/mask-sensitive-data/mask-sensitive-data.md index 8b7665b0..f8b4bbc2 100644 --- a/data-safe/mask-sensitive-data/mask-sensitive-data.md +++ b/data-safe/mask-sensitive-data/mask-sensitive-data.md @@ -255,7 +255,7 @@ Use the group masking feature to create a group named `ADDRESS` and apply the `S 2. Review the masking report. - - The **Masking report information** tab shows you the target database name, masking policy name (you can click a link to view it), the Oracle Cloud Identifier (OCID) for the masking report, the date and time when the data masking job started and finished, and the number of masked sensitive types, schemas, tables, columns, and values. You can click a link to view masking options. There is also a pie chart that shows you the masked value percentages for each sensitive type. You can click on a pie slice to drill down into the chart. + - The **Masking report information** tab shows you the target database name, masking policy name (you can click a link to view it), the Oracle Cloud Identifier (OCID) for the masking report, the date and time when the data masking job started and finished, and the number of masked sensitive types, schemas, tables, columns, and values. You can click a link to view masking options. There is also a bar chart that shows you the the number of masked columns for each of the top five sensitive types. - The **Masked columns** table lists each masked sensitive column and its respective schema, table, masking format, sensitive type, parent column, and total number of masked values. ![Masking report top](images/masking-report-top3.png "Masking report top") @@ -302,4 +302,4 @@ Use the group masking feature to create a group named `ADDRESS` and apply the `S ## Acknowledgements - **Author** - Jody Glover, Consulting User Assistance Developer, Database Development -- **Last Updated By/Date** - Jody Glover, August 22, 2024 +- **Last Updated By/Date** - Jody Glover, October 9, 2024 diff --git a/data-safe/sqlfw-deploy-sqlfw-policy/sqlfw-deploy-sqlfw-policy.md b/data-safe/sqlfw-deploy-sqlfw-policy/sqlfw-deploy-sqlfw-policy.md deleted file mode 100644 index 9e1d58db..00000000 --- a/data-safe/sqlfw-deploy-sqlfw-policy/sqlfw-deploy-sqlfw-policy.md +++ /dev/null @@ -1,287 +0,0 @@ -# Deploy a SQL Firewall policy in Data Safe - -## Introduction - -In this lab, you enable SQL Firewall in Data Safe and create a SQL collection by performing actions in the Glassfish application, which is connected to Oracle Database 23ai on host #2. After reviewing the workload capture, you create a SQL Firewall policy, and then deploy and enforce it. With SQL Firewall configured, you then peform actions in the Glassfish application to test SQL Firewall violations and block them. - -Estimated Lab Time: 10 minutes - -### Objectives - -In this lab, you will: - -- Enable SQL Firewall in Data Safe -- Create a SQL Collection in Data Safe -- Set the Glassfish application on host #1 to use Oracle Database 23ai on host #2 -- Perform activity in the Glassfish application on host #1 -- Review the workload capture in Data Safe -- Create, deploy, and enforce a SQL Firewall policy in Data Safe -- Test SQL violations -- Test context violations -- Block SQL violations -- Test blocking mode - - -### Prerequisites - -This lab assumes you have: - -- Obtained an Oracle Cloud account and signed in to the Oracle Cloud Infrastructure Console at `https://cloud.oracle.com` -- Prepared your environment -- Registered Oracle Database 23ai on a compute instance and granted the `SQL_Firewall` role to the Data Safe service account on Oracle Database 23ai. - - -## Task 1: Enable SQL Firewall in Data Safe - -1. Under **Security center** in Data Safe, click **SQL Firewall**. - -2. Click your target database, and then click **Enable**. - - The **Configuration details** page for your target database is displayed. - -3. Notice at the top that you have "Required privileges are not granted on target ocid1.datasafetargetdatabase.oc1.iad.amaa..." - -4. Click **Refresh**. - -5. Click **Enable**. - - -## Task 2: Create a SQL Collection in Data Safe - -1. Click **Create and start SQL collection**. - -2. Select the **EMPLOYEESEARCH_PROD** database user. - -3. Leave **User issued SQL commands** selected for the SQL collection level. - -4. Click **Create and start SQL collection**. - -5. Wait for status to change to **Collecting**. - - Now SQL Firewall is set to capture SQL statements issued by the `EMPLOYEESEARCH_PROD` database user in the Glassfish application. - - -## Task 3: Set the Glassfish application on host #1 to use Oracle Database 23ai on host #2 - -1. On the **Application information** tab, click the **Remote Desktop** link to access host #1 in a web browser. - -2. Open a terminal window on your desktop. By default, you are the OS user `oracle`. - -3. Change to the scripts directory. - - ```text - cd $DBSEC_LABS/sqlfw - ``` - -4. Run the following script to configure the Glassfish application to connect to Oracle Database 23ai on host #2. - - ```text - ./sqlfw_glassfish_start_db23c.sh - ``` - -5. In the Glassfish browser window on the right, click **Login**. Enter the username `hradmin` and the password `Oracle123`. - -6. In the top right hand corner, click **Welcome HR Administrator**. - - A page with session data shows you how the application is connected to the database. - -7. Scroll down and verify that **DB\_NAME** is set to **FREEPDB1** and **SERVER\_HOST** is set to **dbsec-lab**. - - - -## Task 4: Perform activity in the Glassfish application on host #1 - -1. In the Glassfish application, click **Search Employees**. - -2. Click **Search**. - -3. Change criteria and search again. Repeat 2-3 times. (need to document the actions here. It's important to note the 3 things you did here because you do the exact same actions later on.) - - -## Task 5: Review the workload capture in Data Safe - -1. Under **Security center**, click **SQL Firewall**. - -2. Under **Related resources**, click **SQL collections**. - -3. Click the database user **EMPLOYEESEARCH_PROD**. - - The **SQL collection details** page is displayed. - -4. Click the **SQL collection insights** tab. - -5. If needed, click **Refresh insights** button to refresh the page. - -6. Review the SQL statements captured by SQL Firewall. - - -## Task 6: Create, deploy, and enforce a SQL Firewall policy in Data Safe - -Generate and enable SQL Firewall policy with allow-list for HR Application user - -1. Click **Stop** to stop the SQL workload capture. - - Your SQL workload capture, which consists of allowed SQL statements. Collectively, these statements are referred to as the allow-list. - -2. Click **Generate firewall policy** to generate the SQL Firewall policy with the allow list. - - A firewall policy is created, but not yet enabled. The message at top of screen says: Deploy and enforce the SQL Firewall policy to enable SQL Firewall protection for the user EMPLOYEESEARCH_PROD. - -3. Scroll down and review the allow-list in the generated SQL Firewall policy. - - Notice that the generated policy remains inactive until you deployed it. You can generate a report of allowed SQL statements for offline review. - -4. Click **Deploy and enforce** to deploy the SQL Firewall policy for the `EMPLOYEESEARCH_PROD` user. - - The **Deploy SQL Firewall policy** dialog box is displayed. - -5. Select the following options: - - - Enforcement scope: **All (Session contexts and SQL statements)** - - Action on violations: **Observe (Allow) and log violations** - - Audit for violations: **Off**. - -6. Click **Deploy and enforce**. - -7. Notice that under **Enforcement information** on the **SQL Firewall policy information** tab, the status of the SQL Firewall policy changes to **Enabled**. - -## Task 7: Test SQL violations - -SQL violations represent SQL statements that are initiated on the target database, but are not included in the allowlist in the SQL Firewall policy. In this task, you use SQL Firewall to detect an insider threat of stolen credential access. - -1. Return to the Glassfish application on host #1. - -2. Sign in as `hradmin` with the password **Oracle123**. - -3. Perform the same actions that you did previous in task 3. - - - Click **Search Employees**. - - Click **Search**. - - Set a filter on **Paris**. - - Set a filter on **First Name = Victor**. - -4. Return to the **SQL Firewall** landing page in Data Safe. If you performed the exact same steps that you performed in task 3, there should not be any violations. - -5. Return to the Glassfish application and perform an action that is not part of the SQL collection. For example, - - - add an action here - -6. Return to Data Safe and notice that a violation is generated. - - -## Task 8: Test context violations - -Context violations represent session context (client IP address, OS program name, and OS username) from which SQL statements were initiated on the target database that are not included in the allowlist in the SQL Firewall policy. In this task, you use SQL Firewall to detect an insider threat that uses the SQL*Plus application, instead of the allowed Glassfish application, to gain access to the sensitive employee data. - -1. Return to the terminal window on your remote desktop (host #1). - -2. Change directories. - - ```text - cd ~/DBSecLab/livelabs/sqlfw/ - ``` - -3. Run the following script that uses SQL*Plus to query sensitive columns in the `EMPLOYEESEARCH_PROD.DEMO_HR_EMPLOYEES` table. - - ```text - ./sqlfw_select_sensitive_data.sh - ``` - -4. On the SQL Firewall landing page in Data Safe, review the charts. Notice that a context violation is raised because SQL*Plus is not in the allowed OS program allowlist. - - -## Task 9: Block SQL violations - -1. Under **Related resources**, click **SQL Firewall policies**. - -2. In the table, click the **EMPLOYEESEARCH_PROD** user. - -3. Click **Deploy and enforce**. - - The **Deploy SQL Firewall policy** dialog box is displayed. - -4. Select the following options: - - -Enforcement scope: **All (Session contexts and SQL statements)** - -Action on violations: **Block and log violations** - -Audit for violations: **On** - -5. Click **Deploy and enforce**. - - By blocking violations, users can no longer access data if there is a SQL violation or a context violation. Also, SQL Firewall can now block SQL injection attempts! - - -## Task 10: Test blocking mode - -In this task, you test a context violation and a SQL injection. - -1. Return to the terminal window on host #2. - -2. Rerun the following script. - - ```text - ./sqlfw_select_sensitive_data.sh - ``` - -3. Review the output. You should get a SQL Firewall violation. - - ```text - - ============================================================================== - Select sensitive employee data... - ============================================================================== - ERROR: - ORA-47605: SQL Firewall violation - - - ERROR: - ORA-01017: invalid username/password; logon denied - - - SP2-0306: Invalid option. - Usage: CONN[ECT] [{logon|/|proxy} [AS {SYSDBA|SYSOPER|SYSASM|SYSBACKUP|SYSDG|SYSKM|SYSRAC}] [edition=value]] - where ::= [/][@] - ::= [][/][@] - SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus - - ``` - -4. In the Glassfish application, search all employees again. - - All rows are returned as normal because, remember, you are allowed to query everything in the application. Are you?! - -5. Select the check box **Debug** to view the SQL query behind the form, and then click **Search**. - - The following SQL is returned: - - ```sql - select a.USERID, a.FIRSTNAME, a.LASTNAME, a.EMAIL, a.PHONEMOBILE, a.PHONEFIX, a.PHONEFAX, a.EMPTYPE, a.POSITION, a.ISMANAGER, a.MANAGERID, a.DEPARTMENT, a.CITY, a.STARTDATE, a.ENDDATE, a.ACTIVE, a.COSTCENTER, b.FIRSTNAME as MGR_FIRSTNAME, b.LASTNAME as MGR_LASTNAME, b.USERID as MGR_USERID from DEMO_HR_EMPLOYEES a left outer join DEMO_HR_EMPLOYEES b on a.MANAGERID = b.USERID where 1=1 order by a.LASTNAME, a.FIRSTNAME - ``` - - Now, based on this information, you can create a `UNION`-based SQL Injection query to display all the sensitive data that you want to extract directly from the form. Here, you use the query to extract `USER_ID`, `MEMBER_ID`, `PAYMENT_ACCT_NO`, and `ROUTING_NUMBER` from the `DEMO_HR_SUPPLEMENTAL_DATA` table. - -6. Copy the following SQL code and paste it into the **Position** box, and then select **Yes** under **Debug**. - - ```sql - ' UNION SELECT userid, ' ID: '|| member_id, 'SQLi', '1', '1', '1', '1', '1', '1', 0, 0, payment_acct_no, routing_number, sysdate, sysdate, '0', 1, '1', '1', 1 FROM demo_hr_supplemental_data -- - ``` - - Note: - Don't forget the single quote before the `UNION` keyword to close the SQL clause `LIKE`. - Don't forget the two hyphens at the end to disable the rest of the query. - -7. Click **Search**. - - You should get a SQL Firewall violation because the `UNION` query has not been added to the allowlist in the SQL Firewall policy. - - ```text - java.sql.SQLException: ORA-47605: SQL Firewall violation - ``` - -8. In Data Safe, review the violation report. - -9. Drilldown into the report to analyze the violations. From here, you can take appropriate action. - - -You may now proceed to the next lab. - diff --git a/data-safe/sqlfw-notifications/sqlfw-notifications.md b/data-safe/sqlfw-notifications/sqlfw-notifications.md deleted file mode 100644 index 47448b55..00000000 --- a/data-safe/sqlfw-notifications/sqlfw-notifications.md +++ /dev/null @@ -1,150 +0,0 @@ -# Get notified about SQL Firewall violations in Data Safe - -## Introduction - -In this lab you configure alerts and notifications in Data Safe to inform you when there is a SQL violation. - -Estimated Lab Time: 10 minutes - -### Objectives - -In this lab, you will: - -- Configure the SQL Firewall policy to audit for violations -- Start the audit trail for Oracle Database 23ai -- Associate the SQL Firewall violations alert policy with your target database -- Obtain the OCID for SQL Firewall violations -- Create a notification -- Test the alert and notification - - -### Prerequisites - -This lab assumes you have: - -- Obtained an Oracle Cloud account and signed in to the Oracle Cloud Infrastructure Console at `https://cloud.oracle.com` -- Prepared your environment -- Registered Oracle Database 23ai on a compute instance and granted the `SQL_Firewall` role to the Data Safe service account on Oracle Database 23ai -- Deployed a SQL Firewall policy in Data Safe - - -## Task 1: Configure the SQL Firewall policy to audit for violations - -1. In Data Safe, click the name of your SQL Firewall policy. - -2. Click **Deploy and enforce** to deploy the SQL Firewall policy for the `EMPLOYEESEARCH_PROD` user. - - The **Deploy SQL Firewall policy** dialog box is displayed. - -3. For **Audit for violations**, select **On**. After you select this option, a message is displayed **Ensure the audit trail for the target database db23c-hol-... is started." - -4. Click **Deploy and enforce**. - - -## Task 2: Start the audit trail for Oracle Database 23ai - -1. In the breadcrumb at the top of the page, click **Security center**. - -2. Click **Activity auditing**. - -3. Under **Related resources**, click **Audit trails**. - -4. Click your target database name. - -5. Click **Start**. - - The **Start audit trail: UNIFIED_AUDIT_TRAIL** dialog box is displayed. - -6. Set the start date to the beginning of the current month. - -7. Click **Start**. - -8. Wait for the status of the collection state to change from **STARTING** to **COLLECTING** to **IDLE**. It takes a minute. - - -## Task 3: Associate the SQL Firewall violations alert policy with your target database - -1. In the breadcrumb at the top of the page, click **Security center**. - -2. Click **Alerts**. - -3. Under **Related resources**, click **Target-policy associations**. - -4. Click **Apply policy**. - - The **Apply and enable alert policy to target databases** panel is displayed. - -5. Select **Selected targets only (up to 10)** and select your 23ai target. - -6. Select **Selected policies only** and select **SQL Firewall violations**. - -7. Click **Apply policy**. - -8. When ok, click **Close**. - - -## Task 4: Obtain the OCID for SQL Firewall violations - -1. Navigate to the list of predefined Data Safe alerts. - -2. Click **SQL Firewall violations**. - -3. Copy the OCID to the clipboard. Keep this handy because you need it in the next task. - - -## Task 5: Create a notification - -1. In breadcrumb at the top of the page, click **Target-policy associations**. - -2. Click the **Notifications** tab. - -3. Click **Create notification**. - - The **Create notification** panel is displayed. - -4. Click **Advanced event notificaiton**. - -5. For rule name, enter **SQLFWViolationAlert**. - -6. For event type, select **Alert Generated**. - -7. Click **+ Another condition**. - -8. For condition, select **Attribute**. - -9. For attribute name, select **policyId**. - -10. For attribute values, paste the OCID for SQL Firewall violations. You copied this OCID to the clipboard in the previous task. It should look similar to ocid1.datasafealertpolicy.oc1.iad...). Press **Enter**. - -11. For the topic name, enter **SQLFWViolationAlert**. - -12. For protocol, select **Email**. - -13. For subscription, enter your email address. - -14. Click **Create notification**. - - An event called **SQLFWViolationAlert** is added to the **Notifications** tab. - -15. In your email application, open the email from Oracle and then click the confirmation link to confirm your email address. - -16. (Optional) Click the name of the event on the **Notifications** tab. Notice that you are brought to the Events Service in Oracle Cloud Infrastructure. If you need to edit the event, you can click **Edit Rule**. Click the browser's back button to return to Data Safe. - - -## Task 6: Test the alert and notification - -1. Return to the terminal window on your remote desktop (host #1). - -2. In the terminal window, rerun the following script that uses SQL*Plus to query sensitive columns in the `EMPLOYEESEARCH_PROD.DEMO_HR_EMPLOYEES` table. - - ```text - ./sqlfw_select_sensitive_data.sh - ``` - -3. On the SQL Firewall landing page in Data Safe, verify that a context violation is raised because SQL*Plus is not in the allowed OS program allowlist. - -4. On the Alerts page in Data Safe, verify that an alert is generated. - -5. In your email application, verify that you received a notification. - - diff --git a/data-safe/workshops/freetier/manifest.json b/data-safe/workshops/freetier/manifest.json index e329ff87..d9a2457b 100644 --- a/data-safe/workshops/freetier/manifest.json +++ b/data-safe/workshops/freetier/manifest.json @@ -27,41 +27,35 @@ "type": "freetier" }, { - "title": "Lab 2: Audit database activity", - "description": "This lab shows you how to provision audit policies in Oracle Data Safe.", - "filename": "../../audit-database-activity/audit-database-activity.md", - "type": "freetier" - }, - { - "title": "Lab 3: Generate alerts", - "description": "This lab shows you how to provision alert policies in Oracle Data Safe.", - "filename": "../../generate-alerts/generate-alerts.md", - "type": "freetier" - }, - { - "title": "Lab 4: Assess database configurations", + "title": "Lab 2: Assess database configurations", "description": "This lab shows you how to assess database configurations in your Autonomous Database by using the Security Assessment feature in Oracle Data Safe.", "filename": "../../assess-database-configurations/assess-database-configurations.md", "type": "freetier" }, { - "title": "Lab 5: Assess database users", + "title": "Lab 3: Assess database users", "description": "This lab shows you how to assess database users in your Autonomous Database by using the User Assessment feature in Oracle Data Safe.", "filename": "../../assess-database-users/assess-database-users.md", "type": "freetier" }, { - "title": "Lab 6: Discover sensitive data", + "title": "Lab 4: Discover sensitive data", "description": "This lab shows you how to discover sensitive data on your target database by using the Data Discovery feature in Oracle Data Safe.", "filename": "../../discover-sensitive-data/discover-sensitive-data.md", "type": "freetier" }, { - "title": "Lab 7: Mask sensitive data", + "title": "Lab 5: Mask sensitive data", "description": "This lab shows you how to mask sensitive data on your target database by using the Data Masking feature in Oracle Data Safe.", "filename": "../../mask-sensitive-data/mask-sensitive-data.md", "type": "freetier" }, + { + "title": "Lab 6: Audit database activity", + "description": "This lab shows you how to provision audit and alert policies in Oracle Data Safe.", + "filename": "../../audit-database-activity/audit-database-activity.md", + "type": "freetier" + }, { "title": "Need Help?", "description": "Solutions to Common Problems and Directions for Receiving Live Help", diff --git a/data-safe/workshops/livelabs/manifest.json b/data-safe/workshops/livelabs/manifest.json index 5db9d247..ad5afdc5 100644 --- a/data-safe/workshops/livelabs/manifest.json +++ b/data-safe/workshops/livelabs/manifest.json @@ -15,41 +15,35 @@ "type": "livelabs" }, { - "title": "Lab 2: Audit database activity", - "description": "This lab shows you how to provision audit policies in Oracle Data Safe.", - "filename": "../../audit-database-activity/audit-database-activity.md", - "type": "livelabs" - }, - { - "title": "Lab 3: Generate alerts", - "description": "This lab shows you how to provision alert policies in Oracle Data Safe.", - "filename": "../../generate-alerts/generate-alerts.md", - "type": "livelabs" - }, - { - "title": "Lab 4: Assess database configurations", + "title": "Lab 2: Assess database configurations", "description": "This lab shows you how to assess database configurations in your Autonomous Database by using the Security Assessment feature in Oracle Data Safe.", "filename": "../../assess-database-configurations/assess-database-configurations.md", "type": "livelabs" }, { - "title": "Lab 5: Assess database users", + "title": "Lab 3: Assess database users", "description": "This lab shows you how to assess database users in your Autonomous Database by using the User Assessment feature in Oracle Data Safe.", "filename": "../../assess-database-users/assess-database-users.md", "type": "livelabs" }, { - "title": "Lab 6: Discover sensitive data", + "title": "Lab 4: Discover sensitive data", "description": "This lab shows you how to discover sensitive data on your target database by using the Data Discovery feature in Oracle Data Safe.", "filename": "../../discover-sensitive-data/discover-sensitive-data.md", "type": "livelabs" }, { - "title": "Lab 7: Mask sensitive data", + "title": "Lab 5: Mask sensitive data", "description": "This lab shows you how to mask sensitive data on your target database by using the Data Masking feature in Oracle Data Safe.", "filename": "../../mask-sensitive-data/mask-sensitive-data.md", "type": "livelabs" }, + { + "title": "Lab 6: Audit database activity", + "description": "This lab shows you how to provision audit policies and alerts in Oracle Data Safe.", + "filename": "../../audit-database-activity/audit-database-activity.md", + "type": "livelabs" + }, { "title": "Need Help?", "description": "Solutions to Common Problems and Directions for Receiving Live Help",