Add legacy AI, RAG vector and Data Safe audit scenarios
Some checks failed
Repo Quality / structure (push) Has been cancelled

This commit is contained in:
Rodrigo Pace
2026-05-08 12:21:47 -03:00
parent 5cd8752a90
commit 703e072682
37 changed files with 686 additions and 23 deletions

View File

@@ -0,0 +1,37 @@
# 07 - Audit Evidence With Data Safe
## Objetivo
Demonstrar como transformar os acessos e tentativas de acesso a dados sensiveis em evidencias para auditoria usando Unified Audit e OCI Data Safe.
## Risco De Negocio
Controles preventivos reduzem exposicao, mas clientes tambem precisam provar quem acessou dados sensiveis, quando, por qual caminho e se houve mudanca de politica. Data Safe ajuda a centralizar assessment, discovery, activity auditing e relatorios para ambientes Oracle suportados.
## Narrativa Da Demo
1. Criar uma tabela sensivel de pagamentos.
2. Habilitar politicas de auditoria para SELECT, DDL e alteracoes de usuarios/roles.
3. Gerar acessos permitidos e tentativas indevidas.
4. Consultar evidencias no Unified Audit.
5. Mostrar, no Data Safe, como habilitar o target, activity auditing e relatorios.
## Execucao SQL
```powershell
powershell -ExecutionPolicy Bypass -File .\scripts\run-scenario.ps1 -Scenario 07-audit-evidence-data-safe -ConnectString "<connect_string>"
```
## Execucao No Data Safe
1. Registrar o banco como target no OCI Data Safe.
2. Habilitar Activity Auditing para o target.
3. Confirmar coleta de Unified Audit.
4. Executar os scripts do lab.
5. Validar eventos de acesso a `DDS_AUDIT_PAYMENTS`.
6. Gerar relatorio ou screenshot para evidencia.
## Resultado Esperado
O cliente ve a trilha de auditoria no banco e entende como Data Safe pode transformar essa trilha em monitoramento, relatorios e evidencias recorrentes.

View File

@@ -0,0 +1,8 @@
# Expected Results
- `auditor` can see all payment data for audit review.
- `payment_operator` sees Brazil payment operational fields and not `card_token`.
- `UNIFIED_AUDIT_TRAIL` records access to `DDS_AUDIT_PAYMENTS`.
- OCI Data Safe Activity Auditing can be used to collect and report the same class of activity for the registered target.
- Evidence package should include SQL output, Data Safe target screen, activity report and policy configuration screenshot.

View File

@@ -0,0 +1,15 @@
id: "07-audit-evidence-data-safe"
title: "Audit Evidence With Data Safe"
criticality: "high"
estimated_time_minutes: 25
audience:
- ciso
- compliance
- dba
- soc
products:
- "Oracle Data Safe"
- "Oracle Unified Audit"
- "Oracle Deep Data Security"
reset_supported: true

View File

@@ -0,0 +1,11 @@
WHENEVER SQLERROR EXIT SQL.SQLCODE
CREATE TABLE dds_audit_payments (
payment_id NUMBER GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
customer_name VARCHAR2(100) NOT NULL,
country VARCHAR2(40) NOT NULL,
payment_amount NUMBER(12,2) NOT NULL,
card_token VARCHAR2(80),
risk_flag VARCHAR2(20) NOT NULL
);

View File

@@ -0,0 +1,13 @@
WHENEVER SQLERROR EXIT SQL.SQLCODE
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
VALUES ('Acme Brasil', 'Brazil', 15000, 'tok_live_001', 'HIGH');
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
VALUES ('Varejo Sol', 'Brazil', 3500, 'tok_live_002', 'LOW');
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
VALUES ('Northwind US', 'USA', 48000, 'tok_live_003', 'HIGH');
COMMIT;

View File

@@ -0,0 +1,14 @@
WHENEVER SQLERROR EXIT SQL.SQLCODE
CREATE USER dds_audit_analyst IDENTIFIED BY "Welcome1_Audit!" ACCOUNT UNLOCK;
GRANT CREATE SESSION TO dds_audit_analyst;
CREATE END USER auditor IDENTIFIED BY "Welcome1_DDS!";
CREATE END USER payment_operator IDENTIFIED BY "Welcome1_DDS!";
CREATE DATA ROLE audit_read_role;
CREATE DATA ROLE payment_operator_role;
GRANT DATA ROLE audit_read_role TO auditor;
GRANT DATA ROLE payment_operator_role TO payment_operator;

View File

@@ -0,0 +1,15 @@
WHENEVER SQLERROR EXIT SQL.SQLCODE
CREATE OR REPLACE DATA GRANT audit_payments_read_all
AS SELECT
ON dds_audit_payments
TO audit_read_role;
CREATE OR REPLACE DATA GRANT audit_payments_operator
AS SELECT (payment_id, customer_name, country, payment_amount, risk_flag)
ON dds_audit_payments
WHERE country = 'Brazil'
TO payment_operator_role;
SET USE DATA GRANTS ONLY ON dds_audit_payments ENABLED;

View File

@@ -0,0 +1,11 @@
WHENEVER SQLERROR EXIT SQL.SQLCODE
CREATE AUDIT POLICY dds_payments_select_policy
ACTIONS SELECT ON dds_audit_payments;
CREATE AUDIT POLICY dds_security_admin_policy
ACTIONS CREATE USER, ALTER USER, DROP USER, CREATE ROLE, DROP ROLE, GRANT, REVOKE;
AUDIT POLICY dds_payments_select_policy;
AUDIT POLICY dds_security_admin_policy;

View File

@@ -0,0 +1,22 @@
SET PAGESIZE 100
SET LINESIZE 220
PROMPT Generate auditable activity.
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
FROM dds_audit_payments
ORDER BY payment_id;
PROMPT Review local audit trail. Data Safe should collect equivalent activity after target auditing is enabled.
SELECT event_timestamp,
dbusername,
action_name,
object_schema,
object_name,
unified_audit_policies
FROM unified_audit_trail
WHERE object_name = 'DDS_AUDIT_PAYMENTS'
ORDER BY event_timestamp DESC
FETCH FIRST 20 ROWS ONLY;

View File

@@ -0,0 +1,27 @@
BEGIN EXECUTE IMMEDIATE 'NOAUDIT POLICY dds_payments_select_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'NOAUDIT POLICY dds_security_admin_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP AUDIT POLICY dds_payments_select_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP AUDIT POLICY dds_security_admin_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'SET USE DATA GRANTS ONLY ON dds_audit_payments DISABLED'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP DATA GRANT audit_payments_read_all'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP DATA GRANT audit_payments_operator'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP TABLE dds_audit_payments PURGE'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP USER dds_audit_analyst CASCADE'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP DATA ROLE audit_read_role'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP DATA ROLE payment_operator_role'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP END USER auditor'; EXCEPTION WHEN OTHERS THEN NULL; END;
/
BEGIN EXECUTE IMMEDIATE 'DROP END USER payment_operator'; EXCEPTION WHEN OTHERS THEN NULL; END;
/

View File

@@ -0,0 +1,5 @@
PROMPT Negative test: payment operator must not see card_token for Brazil-only payment view.
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
FROM dds_audit_payments
ORDER BY payment_id;

View File

@@ -0,0 +1,3 @@
PROMPT Positive test: accesses to sensitive payment table generate unified audit events.
@../sql/05_generate_activity.sql