How to manage collect Oracle audit Logs
In this page we describe how to collect audit logs from the Oracle Database.
Navigate to Settings
You must be logged in to the CYBERQUEST web interface with a user with administrative rights.
Navigate to "Settings > Management > Data Source Manager".
This page contains all the data sources added in the CYBERQUEST application.
Complete the form
Press the "Add data-source" button and complete de following form:
DataSource Type: Select "Database/Oracle 11 Audit Log" data source. You can select between "Database/Oracle 11 Audit Log" and "Database/Oracle 12 Audit Log", depending on the database version;
DataSource Information: This field is filled in automatically with data source information;
Query Interval: At what time interval is the WMI query executed. It is automatically completed to run every 1800 seconds(30 minutes);
Credentials to use: Add appropriate credentials from a drop-down list;
Tag: This field is filled in automatically, but you can change the information;
Administrative Notes: You can complete with information about the added data source;
Annonymize Fields: You can select certain information to be anonymized;
Time Format: Time format;
Connection String: Complete with the connection data of the database;
Query: Query through which we extract data from the database. It changes depending on the structure of the database;
Field Mapper: After executing the query, the data extracted from the database is placed in the fields in the Cyberquest application. We can add other fields besides the ones already created using the button.z
Last Date Time: The date from which the collection of information begins;
Time Column: Time column;
Command Timeout: Command Timeout - property sets the number of seconds to wait while attempting to execute a command, before canceling the attempt and generating an error. It is automatically completed to to 60 seconds, but can be changed to the desired value;
Connection Timeout: Connection timeout - is a time period within which a connection between a client and a server must be established. It is automatically completed to 60 seconds, but can be changed to the desired value;
Click the "Save" button to save the data source.
Assign the CYBERQUEST agent
The next step is to assign the CYBERQUEST agent to this data source. Press the drop-down list and choose the agent.
To edit the data sources information, press "Edit" button. This process is almost identical to adding data sources.
Bulk Clone : Clone the current data source settings for each element of the field “Bulk Clone”.
Clone : Clone the data source.
You can also delete the data source by pressing "Delete" button.