Files
oracle-deep-data-security-lab/scenarios/07-audit-evidence-data-safe/RUNBOOK.md
Rodrigo 4ab75ed578
Some checks failed
Repo Quality / structure (push) Has been cancelled
Enhance audit evidence and Data Safe scenario
2026-05-13 16:59:50 -03:00

3.2 KiB
Executable File

Runbook - 07 Audit Evidence With Data Safe

Objective

Show how to turn access to sensitive data into auditable evidence using Unified Audit and OCI Data Safe.

Security Value

  • Shows that prevention should be paired with evidence.
  • Helps CISO, audit, and compliance teams monitor access to sensitive data.
  • Demonstrates how Data Safe complements Oracle Deep Data Security with activity auditing and reporting.

Prerequisites

  • Oracle Database compatible with Unified Audit.
  • OCI Data Safe enabled in the tenancy.
  • Target database registered, or ready to be registered, in Data Safe.
  • Permissions to configure Activity Auditing.

Before - Vulnerable Environment

  1. Reset the scenario:

    @scenarios/07-audit-evidence-data-safe/sql/99_reset.sql
    
  2. Create the sensitive table, data, and personas without custom auditing or data grants:

    @scenarios/07-audit-evidence-data-safe/sql/00_schema.sql
    @scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql
    @scenarios/07-audit-evidence-data-safe/sql/02_identities.sql
    
  3. Run a broad payments query:

    SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag
    FROM dds_audit_payments
    ORDER BY payment_id;
    

Expected Result Before

  • CARD_TOKEN can be queried by users with broad access.
  • The team may struggle to quickly prove who accessed the table and when.
  • There is no clear evidence package for audit.

After - Applying Deep Data Security And Auditing

  1. Apply the data grants:

    @scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql
    
  2. Create Unified Audit policies:

    @scenarios/07-audit-evidence-data-safe/sql/04_audit_policies.sql
    
  3. Apply redaction to the payment token column:

    @scenarios/07-audit-evidence-data-safe/sql/06_redaction_policy.sql
    
  4. Generate activity and query the local audit trail:

    @scenarios/07-audit-evidence-data-safe/sql/05_generate_activity.sql
    
  5. In OCI Data Safe:

    Register Target Database
    Configure Activity Auditing
    Start audit trail collection for UNIFIED_AUDIT_TRAIL
    Review the Activity Auditing dashboard
    Generate or export an audit report
    

Expected Result After

  • payment_operator sees operational Brazil payment fields without card_token.
  • auditor sees the data required for review, with card_token partially redacted.
  • UNIFIED_AUDIT_TRAIL records access to DDS_AUDIT_PAYMENTS.
  • Data Safe collects and presents events in dashboards and reports.

Demo Evidence

  • Output from UNIFIED_AUDIT_TRAIL.
  • Screenshot of the Data Safe target.
  • Screenshot of Activity Auditing.
  • Exported Data Safe report, when available.

Official References