Add legacy AI, RAG vector and Data Safe audit scenarios
Some checks failed
Repo Quality / structure (push) Has been cancelled
Some checks failed
Repo Quality / structure (push) Has been cancelled
This commit is contained in:
37
scenarios/07-audit-evidence-data-safe/README.md
Normal file
37
scenarios/07-audit-evidence-data-safe/README.md
Normal file
@@ -0,0 +1,37 @@
|
||||
# 07 - Audit Evidence With Data Safe
|
||||
|
||||
## Objetivo
|
||||
|
||||
Demonstrar como transformar os acessos e tentativas de acesso a dados sensiveis em evidencias para auditoria usando Unified Audit e OCI Data Safe.
|
||||
|
||||
## Risco De Negocio
|
||||
|
||||
Controles preventivos reduzem exposicao, mas clientes tambem precisam provar quem acessou dados sensiveis, quando, por qual caminho e se houve mudanca de politica. Data Safe ajuda a centralizar assessment, discovery, activity auditing e relatorios para ambientes Oracle suportados.
|
||||
|
||||
## Narrativa Da Demo
|
||||
|
||||
1. Criar uma tabela sensivel de pagamentos.
|
||||
2. Habilitar politicas de auditoria para SELECT, DDL e alteracoes de usuarios/roles.
|
||||
3. Gerar acessos permitidos e tentativas indevidas.
|
||||
4. Consultar evidencias no Unified Audit.
|
||||
5. Mostrar, no Data Safe, como habilitar o target, activity auditing e relatorios.
|
||||
|
||||
## Execucao SQL
|
||||
|
||||
```powershell
|
||||
powershell -ExecutionPolicy Bypass -File .\scripts\run-scenario.ps1 -Scenario 07-audit-evidence-data-safe -ConnectString "<connect_string>"
|
||||
```
|
||||
|
||||
## Execucao No Data Safe
|
||||
|
||||
1. Registrar o banco como target no OCI Data Safe.
|
||||
2. Habilitar Activity Auditing para o target.
|
||||
3. Confirmar coleta de Unified Audit.
|
||||
4. Executar os scripts do lab.
|
||||
5. Validar eventos de acesso a `DDS_AUDIT_PAYMENTS`.
|
||||
6. Gerar relatorio ou screenshot para evidencia.
|
||||
|
||||
## Resultado Esperado
|
||||
|
||||
O cliente ve a trilha de auditoria no banco e entende como Data Safe pode transformar essa trilha em monitoramento, relatorios e evidencias recorrentes.
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
# Expected Results
|
||||
|
||||
- `auditor` can see all payment data for audit review.
|
||||
- `payment_operator` sees Brazil payment operational fields and not `card_token`.
|
||||
- `UNIFIED_AUDIT_TRAIL` records access to `DDS_AUDIT_PAYMENTS`.
|
||||
- OCI Data Safe Activity Auditing can be used to collect and report the same class of activity for the registered target.
|
||||
- Evidence package should include SQL output, Data Safe target screen, activity report and policy configuration screenshot.
|
||||
|
||||
15
scenarios/07-audit-evidence-data-safe/metadata.yaml
Normal file
15
scenarios/07-audit-evidence-data-safe/metadata.yaml
Normal file
@@ -0,0 +1,15 @@
|
||||
id: "07-audit-evidence-data-safe"
|
||||
title: "Audit Evidence With Data Safe"
|
||||
criticality: "high"
|
||||
estimated_time_minutes: 25
|
||||
audience:
|
||||
- ciso
|
||||
- compliance
|
||||
- dba
|
||||
- soc
|
||||
products:
|
||||
- "Oracle Data Safe"
|
||||
- "Oracle Unified Audit"
|
||||
- "Oracle Deep Data Security"
|
||||
reset_supported: true
|
||||
|
||||
11
scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
Normal file
11
scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
Normal file
@@ -0,0 +1,11 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE TABLE dds_audit_payments (
|
||||
payment_id NUMBER GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
|
||||
customer_name VARCHAR2(100) NOT NULL,
|
||||
country VARCHAR2(40) NOT NULL,
|
||||
payment_amount NUMBER(12,2) NOT NULL,
|
||||
card_token VARCHAR2(80),
|
||||
risk_flag VARCHAR2(20) NOT NULL
|
||||
);
|
||||
|
||||
13
scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql
Normal file
13
scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql
Normal file
@@ -0,0 +1,13 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
|
||||
VALUES ('Acme Brasil', 'Brazil', 15000, 'tok_live_001', 'HIGH');
|
||||
|
||||
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
|
||||
VALUES ('Varejo Sol', 'Brazil', 3500, 'tok_live_002', 'LOW');
|
||||
|
||||
INSERT INTO dds_audit_payments (customer_name, country, payment_amount, card_token, risk_flag)
|
||||
VALUES ('Northwind US', 'USA', 48000, 'tok_live_003', 'HIGH');
|
||||
|
||||
COMMIT;
|
||||
|
||||
14
scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
Normal file
14
scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
Normal file
@@ -0,0 +1,14 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE USER dds_audit_analyst IDENTIFIED BY "Welcome1_Audit!" ACCOUNT UNLOCK;
|
||||
GRANT CREATE SESSION TO dds_audit_analyst;
|
||||
|
||||
CREATE END USER auditor IDENTIFIED BY "Welcome1_DDS!";
|
||||
CREATE END USER payment_operator IDENTIFIED BY "Welcome1_DDS!";
|
||||
|
||||
CREATE DATA ROLE audit_read_role;
|
||||
CREATE DATA ROLE payment_operator_role;
|
||||
|
||||
GRANT DATA ROLE audit_read_role TO auditor;
|
||||
GRANT DATA ROLE payment_operator_role TO payment_operator;
|
||||
|
||||
15
scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
Normal file
15
scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
Normal file
@@ -0,0 +1,15 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE OR REPLACE DATA GRANT audit_payments_read_all
|
||||
AS SELECT
|
||||
ON dds_audit_payments
|
||||
TO audit_read_role;
|
||||
|
||||
CREATE OR REPLACE DATA GRANT audit_payments_operator
|
||||
AS SELECT (payment_id, customer_name, country, payment_amount, risk_flag)
|
||||
ON dds_audit_payments
|
||||
WHERE country = 'Brazil'
|
||||
TO payment_operator_role;
|
||||
|
||||
SET USE DATA GRANTS ONLY ON dds_audit_payments ENABLED;
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
WHENEVER SQLERROR EXIT SQL.SQLCODE
|
||||
|
||||
CREATE AUDIT POLICY dds_payments_select_policy
|
||||
ACTIONS SELECT ON dds_audit_payments;
|
||||
|
||||
CREATE AUDIT POLICY dds_security_admin_policy
|
||||
ACTIONS CREATE USER, ALTER USER, DROP USER, CREATE ROLE, DROP ROLE, GRANT, REVOKE;
|
||||
|
||||
AUDIT POLICY dds_payments_select_policy;
|
||||
AUDIT POLICY dds_security_admin_policy;
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
SET PAGESIZE 100
|
||||
SET LINESIZE 220
|
||||
|
||||
PROMPT Generate auditable activity.
|
||||
|
||||
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
|
||||
FROM dds_audit_payments
|
||||
ORDER BY payment_id;
|
||||
|
||||
PROMPT Review local audit trail. Data Safe should collect equivalent activity after target auditing is enabled.
|
||||
|
||||
SELECT event_timestamp,
|
||||
dbusername,
|
||||
action_name,
|
||||
object_schema,
|
||||
object_name,
|
||||
unified_audit_policies
|
||||
FROM unified_audit_trail
|
||||
WHERE object_name = 'DDS_AUDIT_PAYMENTS'
|
||||
ORDER BY event_timestamp DESC
|
||||
FETCH FIRST 20 ROWS ONLY;
|
||||
|
||||
27
scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
Normal file
27
scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
Normal file
@@ -0,0 +1,27 @@
|
||||
BEGIN EXECUTE IMMEDIATE 'NOAUDIT POLICY dds_payments_select_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'NOAUDIT POLICY dds_security_admin_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP AUDIT POLICY dds_payments_select_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP AUDIT POLICY dds_security_admin_policy'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'SET USE DATA GRANTS ONLY ON dds_audit_payments DISABLED'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP DATA GRANT audit_payments_read_all'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP DATA GRANT audit_payments_operator'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP TABLE dds_audit_payments PURGE'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP USER dds_audit_analyst CASCADE'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP DATA ROLE audit_read_role'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP DATA ROLE payment_operator_role'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP END USER auditor'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
BEGIN EXECUTE IMMEDIATE 'DROP END USER payment_operator'; EXCEPTION WHEN OTHERS THEN NULL; END;
|
||||
/
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
PROMPT Negative test: payment operator must not see card_token for Brazil-only payment view.
|
||||
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
|
||||
FROM dds_audit_payments
|
||||
ORDER BY payment_id;
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
PROMPT Positive test: accesses to sensitive payment table generate unified audit events.
|
||||
@../sql/05_generate_activity.sql
|
||||
|
||||
Reference in New Issue
Block a user