DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented.

Information

Audit record collection may quickly overwhelm storage resources and an auditor's ability to review it in a productive manner. Automated tools can provide the means to manage the audit data collected as well as present it to an auditor in an efficient way.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop, document and implement database or host system procedures to report audit trail data in a form usable to detect unauthorized access to or usage of DBMS privileges, procedures or data.

You may also want to consider procuring a third-party auditing tool like Oracle Audit Vault with support for Oracle and other DBMS products within your environment.

NOTE: Audit data may contain sensitive information. The use of a single repository for audit data should be protected at the highest level based on the sensitivity of the databases being audited.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24670r1_rule, STIG-ID|DG0083-ORACLE11, Vuln-ID|V-15102

Plugin: Unix

Control ID: 3bf86c6bbbab75801ed32d06a6e682476ec07078bf3dc5014e02824daac8e3ee