Oracle AFDF can track the usage of sensitive data in your database, this includes, who can access, who has made changes, and access by privileged users. Improving your ability to keep an eye on what is happening with sensitive data.
How to Discover sensitive data for loading into AVDF.
- Download the dbsat utility from Oracle support. Doc ID: 2138254.1
- https://docs.oracle.com/en/database/oracle/oracle-database/21/satug/index.html#UGSAT-GUID-5FBC2744-18E9-49C5-BB1E-8E76A1900537
- Gather the sensitive data. The dbsat utility has several preconfigured sensitive data types such as PII located in <your db utilities directory>/dbsat/discover/conf directory. The file sensitive_en.ini contains regular expressions for common sensitive data elements, PII, etc. make a copy of this file and edit it with regular expressions describing the sensitive data in your database system(s).
- Running dbsat for sensitive data discovery. dbsat for sensitive data discover, will save the file as a html and csv file. Use the csv file to upload sensitive data locations into AVDF.
- [oracle@localhost dbsat]$ ./dbsat discover -c ./Discover/conf/demo_dbsat.config test1
- Unzip the encrypted file.
Upload sensitive data metadata into Audit Vault
Sensitive data reports
- https://docs.oracle.com/en/database/oracle/audit-vault-database-firewall/20/sigau/reports.html#GUID-2CF333F5-18D1-495C-A921-E32014A9AB87
- There are four preconfigured sensitive data reports.
- Sensitive data that shows what sensitive data you have in your target databases.
- Access Rights to sensitive data that shows you who has access to sensitive data. Use this report in conjunction with privilege analysis (dbms_privilege_capture) to fine tune least privilege rights.
- Activity on sensitive data shows you the detail activity on your sensitive data.
- Activity on sensitive data by privileged users shows you what your privileged users have been doing with your sensitive data.
Advantages:
- Locate sensitive information in your Oracle database systems. Sensitive data can easily propagate in your database to places that were not originally intended. This can happen for several reasons such as a new materialized view was defined to address a performance issue. By keeping track of the sensitive data, and where it resides, you are better able to keep control of the data.
- Learn about what activity has been happening with your sensitive data by users and privileged users.
- With the sensitive data access rights report in conjunction with database privilege analysis (dbms_privilege_capture), you can adjust privileges to help enforce least privilege.