The DBMS must employ automated mechanisms to alert security personnel of inappropriate or unusual activities with security implications.

From Oracle Database 12c Security Technical Implementation Guide

Part of SRG-APP-000237-DB-000158

Associated with: CCI-001274

SV-76269r1_rule The DBMS must employ automated mechanisms to alert security personnel of inappropriate or unusual activities with security implications.

Vulnerability discussion

Applications will typically utilize logging mechanisms for maintaining a historical log of activity that occurs within the application. This information can then be used for diagnostic purposes, forensics purposes, or other purposes relevant to ensuring the availability and integrity of the application.While it is important to log events identified as being critical and relevant to security, it is equally important to notify the appropriate personnel in a timely manner, so they are able to respond to events as they occur.Solutions that include a manual notification procedure do not offer the reliability and speed of an automated notification solution. Applications must employ automated mechanisms to alert security personnel of inappropriate or unusual activities that have security implications. If this capability is not built directly into the application, the application must be able to integrate with existing security infrastructure that provides this capability.Database management systems that do not automatically alert security personnel of unusual activities run the risk of security incidents going unnoticed for long periods of time. This can allow security breaches to be ongoing and more serious.

Check content

Check DBMS settings to determine whether security personnel are alerted automatically when unusual or security-related activities (threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01A) are detected on the database. If security personnel are not automatically alerted, this is a finding.

Fix text

Configure database to automatically alert security personnel of inappropriate or unusual activities with security implications. Oracle provides this capability with the Audit Vault. Install and configure Oracle Audit Vault if it is available. If Audit Vault is not available, implement custom code or deploy a third-party product to satisfy this requirement.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer