3.2 KiB
Executable File
3.2 KiB
Executable File
Runbook - 07 Audit Evidence With Data Safe
Objective
Show how to turn access to sensitive data into auditable evidence using Unified Audit and OCI Data Safe.
Security Value
- Shows that prevention should be paired with evidence.
- Helps CISO, audit, and compliance teams monitor access to sensitive data.
- Demonstrates how Data Safe complements Oracle Deep Data Security with activity auditing and reporting.
Prerequisites
- Oracle Database compatible with Unified Audit.
- OCI Data Safe enabled in the tenancy.
- Target database registered, or ready to be registered, in Data Safe.
- Permissions to configure Activity Auditing.
Before - Vulnerable Environment
-
Reset the scenario:
@scenarios/07-audit-evidence-data-safe/sql/99_reset.sql -
Create the sensitive table, data, and personas without custom auditing or data grants:
@scenarios/07-audit-evidence-data-safe/sql/00_schema.sql @scenarios/07-audit-evidence-data-safe/sql/01_seed_data.sql @scenarios/07-audit-evidence-data-safe/sql/02_identities.sql -
Run a broad payments query:
SELECT payment_id, customer_name, country, payment_amount, card_token, risk_flag FROM dds_audit_payments ORDER BY payment_id;
Expected Result Before
CARD_TOKENcan be queried by users with broad access.- The team may struggle to quickly prove who accessed the table and when.
- There is no clear evidence package for audit.
After - Applying Deep Data Security And Auditing
-
Apply the data grants:
@scenarios/07-audit-evidence-data-safe/sql/03_data_grants.sql -
Create Unified Audit policies:
@scenarios/07-audit-evidence-data-safe/sql/04_audit_policies.sql -
Apply redaction to the payment token column:
@scenarios/07-audit-evidence-data-safe/sql/06_redaction_policy.sql -
Generate activity and query the local audit trail:
@scenarios/07-audit-evidence-data-safe/sql/05_generate_activity.sql -
In OCI Data Safe:
Register Target Database Configure Activity Auditing Start audit trail collection for UNIFIED_AUDIT_TRAIL Review the Activity Auditing dashboard Generate or export an audit report
Expected Result After
payment_operatorsees operational Brazil payment fields withoutcard_token.auditorsees the data required for review, withcard_tokenpartially redacted.UNIFIED_AUDIT_TRAILrecords access toDDS_AUDIT_PAYMENTS.- Data Safe collects and presents events in dashboards and reports.
Demo Evidence
- Output from
UNIFIED_AUDIT_TRAIL. - Screenshot of the Data Safe target.
- Screenshot of Activity Auditing.
- Exported Data Safe report, when available.
Official References
- Oracle Data Safe Activity Auditing Overview: https://docs.oracle.com/en/cloud/paas/data-safe/udscs/activity-auditing-overview.html
- Oracle Deep Data Security Guide: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/index.html
- CREATE DATA GRANT SQL Reference: https://docs.oracle.com/en/database/oracle/oracle-database/26/sqlrf/create-data-grant.html
- Configure Data Grants: https://docs.oracle.com/en/database/oracle/oracle-database/26/ddscg/configure-data-grants.html