Detections
Analytics
DG0030-ORACLE11 - Audit trail data should be retained for one year.
Information
Without preservation, a complete discovery of an attack or suspicious activity may not be determined. DBMS audit data also contributes to the complete investigation of unauthorized activity and needs to be included in audit retention plans and procedures.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Develop, document and implement an audit retention policy and procedures.It is recommended that the most recent thirty days of audit logs remain available online.
After thirty days, the audit logs may be maintained offline.
Online maintenance provides for a more timely capability and inclination to investigate suspicious activity.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip
Item Details
Audit Name: DISA STIG Oracle 11 Instance v9r1 Database
References: CAT|II, Rule-ID|SV-24368r1_rule, STIG-ID|DG0030-ORACLE11, Vuln-ID|V-2507
Plugin: OracleDB
Control ID: 5b9f9c8eb6ff42226b84c4b60ec7911cf9123b809aaf639bd505355029a77ac8