The Oracle Audit Vault has seeded reports for the following compliance and legislative requirements – no additional license is required.
For each compliance statue, following table lists the included reports available –
Oracle E-Business Suite 12.0 Extended Support ends on January 31, 2015. Sustaining Support does not include security fixes in the form of Critical Patch Updates (CPU). The final 12.0 CPU will be the January 2015 CPU released on January 20th.
Oracle E-Business Suite 12.0 customers should be looking to upgrade to 12.1 or 12.2 in the near future.
Custom reports can be created in Oracle Audit Vault using Oracle BI Publisher. BI Publisher is an add-on to Microsoft Word and can be used to modify or create new reports.
For example, to modify a new report, to meet specific corporate or internal audit needs, download a standard Oracle Audit Vault report that is similar (Auditor -> Reports -> Custom Reports -> Uploaded Reports). Click on the icon to download both the template and the report definition and load both files into BI Publisher.
The Oracle Audit Vault by default installs over one-hundred (100) reports. This includes core audit reports as well as compliance reports. Reporting is a key feature of the Oracle Audit Vault and one which well-built as evidenced by the use of BI Publisher to allow for easy modification and creation of new reports.
The audit reporting bundle installed by the default has the following categories –
The Oracle Audit Vault uses Plug-Ins to define data sources. The following table summarizes several of the important facts about the Oracle Audit Vault database plug for Oracle databases –
|
Oracle Database Plug-In for the Oracle Audit Vault |
|
|---|---|
|
Plug-in Specification | |
The Oracle Audit Vault is installed on a server, and collector agents are installed on the hosts running the source databases. These collector agents communicate with the audit vault server.
If the collection agents are not active, no audit data is lost, as long as the source database continues to collect the audit data. When the collection agent is restarted, it will capture the audit data that the source database had collected during the time the collection agent was inactive.
When upgrading the Oracle E-Business Suite database to Oracle Database 12c (12.1), there are a number of security considerations and steps that should be included in the upgrade procedure. Oracle Support Note ID 1524398.1 Interoperability Notes EBS 12.0 or 12.1 with RDBMS 12cR1 details the upgrade steps. Here, we will document steps that should be included or modified to improve database security. All refer
For Oracle database customers the Oracle Audit Vault can protect the following:
Oracle Audit Vault is aptly named; the Oracle Audit Vault is a vault in which data about audit logs is placed, and it is based on two key concepts. First, Oracle Audit Vault is designed to secure data at its source. Second, Oracle Audit Vault is designed to be a data warehouse for audit data.
Certainly from an auditing and logging perspective, one of the best new features delivered by Oracle 12c is mandatory auditing of the administrative users such as SYSDBA. This can be described as ‘always on auditing’. By default, the following audit related activities are now mandatorily audited -