Oracle Audit Vault / Database Firewall (AVDF) 20.7 and Sensitive data discovery.

Oracle AFDF can track the usage of sensitive data in your database, this includes, who can access, who has made changes, and access by privileged users. Improving your ability to keep an eye on what is happening with sensitive data.

How to Discover sensitive data for loading into AVDF.

  • Download the dbsat utility from Oracle support. Doc ID: 2138254.1
  • Gather the sensitive data. The dbsat utility has several preconfigured sensitive data types such as PII located in <your db utilities directory>/dbsat/discover/conf directory. The file sensitive_en.ini contains regular expressions for common sensitive data elements, PII, etc. make a copy of this file and edit it with regular expressions describing the sensitive data in your database system(s).
  • Running dbsat for sensitive data discovery. dbsat for sensitive data discover, will save the file as a html and csv file. Use the csv file to upload sensitive data locations into AVDF.
    • [oracle@localhost dbsat]$ ./dbsat discover -c ./Discover/conf/demo_dbsat.config test1
    • Unzip the encrypted file.

Upload sensitive data metadata into Audit Vault

Sensitive data reports


  • Locate sensitive information in your Oracle database systems. Sensitive data can easily propagate in your database to places that were not originally intended. This can happen for several reasons such as a new materialized view was defined to address a performance issue. By keeping track of the sensitive data, and where it resides, you are better able to keep control of the data.
  • Learn about what activity has been happening with your sensitive data by users and privileged users.
  • With the sensitive data access rights report in conjunction with database privilege analysis (dbms_privilege_capture), you can adjust privileges to help enforce least privilege.
This entry was posted in infosec. Bookmark the permalink.