Detections
Analytics
DG0161-ORACLE11 - An automated tool that monitors audit data and immediately reports suspicious activity should be employed for the DBMS.
Information
Audit logs only capture information on suspicious events. Without an automated monitoring and alerting tool, malicious activity may go undetected and without response until compromise of the database or data is severe.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Develop or procure, document and implement an automated, continuous on-line monitoring and audit trail creation capability for the DBMS is deployed with the capability to immediately alert personnel of any unusual or inappropriate activity with potential IA implications, and with a user-configurable capability to automatically disable the system if serious IA violations are detected.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip
Item Details
Audit Name: DISA STIG Oracle 11 Installation v9r1 Windows
References: CAT|II, Rule-ID|SV-24815r1_rule, STIG-ID|DG0161-ORACLE11, Vuln-ID|V-15103
Plugin: Windows
Control ID: 7b2df542b48f78266a48fb1bf7f70818e1e05d0c588de42fc097f6a502d3054c