Translate lab documentation to English
Some checks failed
Repo Quality / structure (push) Has been cancelled
Terraform Validate / validate (push) Has been cancelled

This commit is contained in:
Rodrigo Pace
2026-05-08 14:50:52 -03:00
parent cde150b705
commit 52bf971b8b
33 changed files with 939 additions and 702 deletions

View File

@@ -1,50 +1,50 @@
# 07 - Audit Evidence With Data Safe
## Objetivo
## Objective
Demonstrar como transformar acessos a dados sensiveis em evidencias para auditoria usando Unified Audit e OCI Data Safe.
Show how to turn access to sensitive data into audit evidence using Unified Audit and OCI Data Safe.
## O Que Este Lab Mostra
## What This Lab Shows
Antes dos controles, uma tabela de pagamentos pode ser consultada sem uma trilha de evidencia facil de apresentar ao cliente. Depois, Deep Data Security restringe os dados por persona e Unified Audit/Data Safe ajudam a mostrar quem acessou o que.
Before the controls are applied, a payments table can be queried without a clear evidence trail for the customer. Afterward, Oracle Deep Data Security restricts data by persona and Unified Audit/Data Safe help show who accessed what.
## Personas
- `payment_operator`: operador de pagamentos.
- `payment_operator`: payment operations user.
- `auditor`: auditor.
- `dds_audit_analyst`: conta tecnica para analise.
- `dds_audit_analyst`: technical analysis account.
## Onde Executar Os Comandos
## Where To Run The Commands
Execute os comandos SQL a partir da raiz do repositorio:
Run SQL commands from the repository root:
```powershell
cd C:\Users\rodrigo\Documents\Codex\oracle-deep-data-security-lab
```
Conecte no banco com SQLcl ou SQL*Plus:
Connect to the database with SQLcl or SQL*Plus:
```bash
sql "<connect_string>"
```
A parte de Data Safe deve ser executada no Console OCI, no servico Oracle Data Safe.
The Data Safe portion must be performed in the OCI Console under Oracle Data Safe.
## Passo A Passo - Antes, Ambiente Vulneravel
## Step By Step - Before, Vulnerable Environment
1. Acesse o banco:
1. Connect to the database:
```bash
sql "<connect_string>"
```
2. Limpe o cenario:
2. Reset the scenario:
```sql
@scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
```
3. Crie tabela sensivel, dados e personas:
3. Create the sensitive table, data, and personas:
```sql
@scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
@@ -52,7 +52,7 @@ A parte de Data Safe deve ser executada no Console OCI, no servico Oracle Data S
@scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
```
4. Execute uma consulta ampla de pagamentos:
4. Run a broad payments query:
```sql
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
@@ -60,45 +60,45 @@ A parte de Data Safe deve ser executada no Console OCI, no servico Oracle Data S
ORDER BY payment_id;
```
Resultado esperado antes: `CARD_TOKEN` e outros dados sensiveis podem aparecer para quem tiver acesso amplo, e a evidencia nao esta organizada para auditoria.
Expected result before protection: `CARD_TOKEN` and other sensitive data may appear for users with broad access, and the evidence is not organized for audit review.
## Passo A Passo - Depois, Com Deep Data Security E Auditoria
## Step By Step - After, With Deep Data Security And Auditing
1. Aplique os data grants:
1. Apply the data grants:
```sql
@scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
```
2. Crie as politicas de Unified Audit:
2. Create the Unified Audit policies:
```sql
@scenarios/07-audit-evidence-data-safe/sql/04_audit_policies.sql
```
3. Gere atividade e consulte a trilha de auditoria local:
3. Generate activity and review the local audit trail:
```sql
@scenarios/07-audit-evidence-data-safe/sql/05_generate_activity.sql
```
4. No Console OCI, acesse Oracle Data Safe e execute:
4. In the OCI Console, open Oracle Data Safe and perform:
```text
Security Center > Data Safe
Target Databases > Register Target Database
Activity Auditing > Start Audit Trail
Activity Auditing > Reports ou Events
Activity Auditing > Reports or Events
```
Resultado esperado depois:
Expected result after protection:
- `payment_operator` ve dados operacionais do Brasil, sem `CARD_TOKEN`.
- `auditor` ve dados necessarios para revisao.
- `UNIFIED_AUDIT_TRAIL` registra acesso a `DDS_AUDIT_PAYMENTS`.
- Data Safe apresenta eventos, relatorios e evidencias para o cliente.
- `payment_operator` sees Brazil operational payment fields without `CARD_TOKEN`.
- `auditor` sees the data required for review.
- `UNIFIED_AUDIT_TRAIL` records access to `DDS_AUDIT_PAYMENTS`.
- Data Safe presents events, reports, and evidence for the customer.
## Execucao Automatizada Opcional
## Optional Automated Execution
Windows:
@@ -112,7 +112,7 @@ Linux/macOS:
./scripts/run-scenario.sh 07-audit-evidence-data-safe "<connect_string>"
```
## Detalhes Da Demo
## Demo Details
Veja o passo a passo completo, evidencias e referencias oficiais em [RUNBOOK.md](RUNBOOK.md).
See the complete walkthrough, evidence, and official references in [RUNBOOK.md](RUNBOOK.md).

View File

@@ -1,31 +1,31 @@
# Runbook - 07 Audit Evidence With Data Safe
## Objetivo
## Objective
Demonstrar como transformar acesso a dados sensiveis em evidencia auditavel usando Unified Audit e OCI Data Safe.
Show how to turn access to sensitive data into auditable evidence using Unified Audit and OCI Data Safe.
## Valor De Seguranca
## Security Value
- Mostra que prevencao precisa vir acompanhada de evidencia.
- Ajuda CISO, auditoria e compliance a acompanhar acesso a dados sensiveis.
- Demonstra como Data Safe complementa Deep Data Security com activity auditing e relatorios.
- Shows that prevention should be paired with evidence.
- Helps CISO, audit, and compliance teams monitor access to sensitive data.
- Demonstrates how Data Safe complements Oracle Deep Data Security with activity auditing and reporting.
## Pre-Requisitos
## Prerequisites
- Banco Oracle compativel com Unified Audit.
- OCI Data Safe habilitado na tenancy.
- Target database registrado ou pronto para registro no Data Safe.
- Permissoes para configurar Activity Auditing.
- Oracle Database compatible with Unified Audit.
- OCI Data Safe enabled in the tenancy.
- Target database registered, or ready to be registered, in Data Safe.
- Permissions to configure Activity Auditing.
## Antes - Ambiente Vulneravel
## Before - Vulnerable Environment
1. Limpe o cenario:
1. Reset the scenario:
```sql
@scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
```
2. Crie tabela sensivel, dados e personas, sem auditoria customizada e sem data grants:
2. Create the sensitive table, data, and personas without custom auditing or data grants:
```sql
@scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
@@ -33,7 +33,7 @@ Demonstrar como transformar acesso a dados sensiveis em evidencia auditavel usan
@scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
```
3. Execute uma consulta ampla em pagamentos:
3. Run a broad payments query:
```sql
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
@@ -41,57 +41,57 @@ Demonstrar como transformar acesso a dados sensiveis em evidencia auditavel usan
ORDER BY payment_id;
```
## Resultado Esperado Antes
## Expected Result Before
- `CARD_TOKEN` pode ser consultado por quem tiver acesso amplo.
- A equipe pode ter dificuldade para provar rapidamente quem acessou a tabela e quando.
- Nao ha pacote claro de evidencia para auditoria.
- `CARD_TOKEN` can be queried by users with broad access.
- The team may struggle to quickly prove who accessed the table and when.
- There is no clear evidence package for audit.
## Depois - Aplicando Deep Data Security E Auditoria
## After - Applying Deep Data Security And Auditing
1. Aplique data grants:
1. Apply the data grants:
```sql
@scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
```
2. Crie politicas de Unified Audit:
2. Create Unified Audit policies:
```sql
@scenarios/07-audit-evidence-data-safe/sql/04_audit_policies.sql
```
3. Gere atividade e consulte a trilha local:
3. Generate activity and query the local audit trail:
```sql
@scenarios/07-audit-evidence-data-safe/sql/05_generate_activity.sql
```
4. No OCI Data Safe:
4. In OCI Data Safe:
```text
Register Target Database
Configure Activity Auditing
Start audit trail collection for UNIFIED_AUDIT_TRAIL
Review Activity Auditing dashboard
Generate or export audit report
Review the Activity Auditing dashboard
Generate or export an audit report
```
## Resultado Esperado Depois
## Expected Result After
- `payment_operator` ve campos operacionais do Brasil, sem `card_token`.
- `auditor` ve dados necessarios para revisao.
- `UNIFIED_AUDIT_TRAIL` registra acesso a `DDS_AUDIT_PAYMENTS`.
- Data Safe coleta e apresenta os eventos em dashboards e relatorios.
- `payment_operator` sees operational Brazil payment fields without `card_token`.
- `auditor` sees the data required for review.
- `UNIFIED_AUDIT_TRAIL` records access to `DDS_AUDIT_PAYMENTS`.
- Data Safe collects and presents events in dashboards and reports.
## Evidencias Para Demo
## Demo Evidence
- Output de `UNIFIED_AUDIT_TRAIL`.
- Screenshot do target no Data Safe.
- Screenshot de Activity Auditing.
- Relatorio exportado do Data Safe, quando disponivel.
- Output from `UNIFIED_AUDIT_TRAIL`.
- Screenshot of the Data Safe target.
- Screenshot of Activity Auditing.
- Exported Data Safe report, when available.
## Referencias Oficiais
## Official References
- Oracle Data Safe Activity Auditing Overview: https://docs.oracle.com/en/cloud/paas/data-safe/udscs/activity-auditing-overview.html
- Oracle Deep Data Security Guide: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/index.html

View File

@@ -1,13 +1,12 @@
WHENEVER SQLERROR EXIT SQL.SQLCODE
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
VALUES ('Acme Brasil', 'Brazil', 15000, 'tok_live_001', 'HIGH');
VALUES ('Acme Brazil', 'Brazil', 15000, 'tok_live_001', 'HIGH');
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
VALUES ('Varejo Sol', 'Brazil', 3500, 'tok_live_002', 'LOW');
VALUES ('Sun Retail', 'Brazil', 3500, 'tok_live_002', 'LOW');
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
VALUES ('Northwind US', 'USA', 48000, 'tok_live_003', 'HIGH');
COMMIT;