Oracle Database

Version: Oracle Database version 12c and later.

Oracle Database Service is just one of the Oracle offerings that provide Oracle Database. Users can create databases on DB systems, which are either bare-metal servers or virtual machines with block volumes.

Netsurion Open XDR integrates with the Oracle database, enables users to view critical information related to activities performed in the Oracle database. This information is represented in the form of a flex report, alert and graphical/ pictorial representation (dashboard).

Flex reports contain a detailed overview of activities like login/ logout, login failed, SQL syntax errors, procedure related activities, oracle database data access activities (INSERT, DELETE, etc.).

Alerts are provided as soon as any critical event occurs in the oracle database. Such as login failed or user login from a new IP address or system, etc.

Top activities performed in the oracle database to unauthorized user access (failed) are viewed on the Netsurion dashboard from visual representation/ overview.

Once events are received into Netsurion, Reports, Knowledge Objects, Categories and Dashboards are configured into Netsurion.

Netsurion Open XDR monitors all the oracle database events and can be categorized as below.

  • Security – Login failed, SQL access rule violation, user login from new system/ IP address.
  • Compliance – Data access activities, user access management activities, and login success/fail.
  • Operation – Login success/failure, SQL syntax errors, procedure management activities.

Once the Oracle database is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards, and reports are configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Oracle database failed logon has been detected This alert is triggered, in the event of any failed or unauthorized login attempt to Oracle database.
Security Oracle database syntax error and access rule violation has been detected This alert is triggered when an invalid SQL syntax execution occurs, or access rule violation happens in oracle database.
Security Oracle Database user login from a new IP address has been detected This alert is based on user behavior i.e. login pattern. If the user logs in through a new IP address after a defined learning period, an event/ alert is generated for the same.
Security Oracle Database user login from a new system has been detected This alert is based on user behavior i.e. login pattern. If the user logs in through a new system after a defined learning period, an event/ alert is generated for the same.

Reports

Type Name Description
Security Oracle DB user login failure activities This report captures all the failed oracle database login attempts. It includes event timestamp, client login name, client program name, client IP address, etc.
Security Oracle database syntax error and access rule violation detection This report includes invalid SQL syntax or SQL access rule violation related events. The report includes event timestamp, User name, SQL error code, SQL text, etc.
Operations Oracle DB user login success activities This report captures all the events related to successful oracle database login. The report includes the login time, username, tool/ software used for login, source Ip address, etc.
Operations Oracle database procedure management activities Procedure management events includes activities related to Oracle database ‘Procedures’. The action types are ALTER PROCEDURE, CREATE PROCEDURE and DROP PROCEDURE. This report includes event timestamp, action name, Object name on which action was performed, SQL text entered, etc.
Compliance Oracle DB data access activities Data access events, track audited Data Manipulation language (DML) activities, for example, all SELECT, INSERT, UPDATE, or DROP SQL statements. This report includes the event timestamp, client program name, object name on which action was performed, etc.
Compliance Oracle database user account management activities User account management includes Oracle database user account creation, deletion, modification, etc. This report includes, event timestamp, client program name, the action performed, SQL text entered, etc.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.x and later, and Oracle database v12c and later.

Download Integration Guide and How-to Guide for configuration instructions and more information.