106 lines
3.2 KiB
Markdown
Executable File
106 lines
3.2 KiB
Markdown
Executable File
# Runbook - 07 Audit Evidence With Data Safe
|
|
|
|
## Objective
|
|
|
|
Show how to turn access to sensitive data into auditable evidence using Unified Audit and OCI Data Safe.
|
|
|
|
## Security Value
|
|
|
|
- Shows that prevention should be paired with evidence.
|
|
- Helps CISO, audit, and compliance teams monitor access to sensitive data.
|
|
- Demonstrates how Data Safe complements Oracle Deep Data Security with activity auditing and reporting.
|
|
|
|
## Prerequisites
|
|
|
|
- Oracle Database compatible with Unified Audit.
|
|
- OCI Data Safe enabled in the tenancy.
|
|
- Target database registered, or ready to be registered, in Data Safe.
|
|
- Permissions to configure Activity Auditing.
|
|
|
|
## Before - Vulnerable Environment
|
|
|
|
1. Reset the scenario:
|
|
|
|
```sql
|
|
@scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
|
|
```
|
|
|
|
2. Create the sensitive table, data, and personas without custom auditing or data grants:
|
|
|
|
```sql
|
|
@scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
|
|
@scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql
|
|
@scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
|
|
```
|
|
|
|
3. Run a broad payments query:
|
|
|
|
```sql
|
|
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
|
|
FROM dds_audit_payments
|
|
ORDER BY payment_id;
|
|
```
|
|
|
|
## Expected Result Before
|
|
|
|
- `CARD_TOKEN` can be queried by users with broad access.
|
|
- The team may struggle to quickly prove who accessed the table and when.
|
|
- There is no clear evidence package for audit.
|
|
|
|
## After - Applying Deep Data Security And Auditing
|
|
|
|
1. Apply the data grants:
|
|
|
|
```sql
|
|
@scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
|
|
```
|
|
|
|
2. Create Unified Audit policies:
|
|
|
|
```sql
|
|
@scenarios/07-audit-evidence-data-safe/sql/04_audit_policies.sql
|
|
```
|
|
|
|
3. Apply redaction to the payment token column:
|
|
|
|
```sql
|
|
@scenarios/07-audit-evidence-data-safe/sql/06_redaction_policy.sql
|
|
```
|
|
|
|
4. Generate activity and query the local audit trail:
|
|
|
|
```sql
|
|
@scenarios/07-audit-evidence-data-safe/sql/05_generate_activity.sql
|
|
```
|
|
|
|
5. In OCI Data Safe:
|
|
|
|
```text
|
|
Register Target Database
|
|
Configure Activity Auditing
|
|
Start audit trail collection for UNIFIED_AUDIT_TRAIL
|
|
Review the Activity Auditing dashboard
|
|
Generate or export an audit report
|
|
```
|
|
|
|
## Expected Result After
|
|
|
|
- `payment_operator` sees operational Brazil payment fields without `card_token`.
|
|
- `auditor` sees the data required for review, with `card_token` partially redacted.
|
|
- `UNIFIED_AUDIT_TRAIL` records access to `DDS_AUDIT_PAYMENTS`.
|
|
- Data Safe collects and presents events in dashboards and reports.
|
|
|
|
## Demo Evidence
|
|
|
|
- Output from `UNIFIED_AUDIT_TRAIL`.
|
|
- Screenshot of the Data Safe target.
|
|
- Screenshot of Activity Auditing.
|
|
- Exported Data Safe report, when available.
|
|
|
|
## Official References
|
|
|
|
- Oracle Data Safe Activity Auditing Overview: https://docs.oracle.com/en/cloud/paas/data-safe/udscs/activity-auditing-overview.html
|
|
- Oracle Deep Data Security Guide: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/index.html
|
|
- CREATE DATA GRANT SQL Reference: https://docs.oracle.com/en/database/oracle/oracle-database/26/sqlrf/create-data-grant.html
|
|
- Configure Data Grants: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/configure-data-grants.html
|