Oracle Database Audit Analysis
The Oracle Database Audit Analysis dashboard provides analysis of audited actions for Oracle Databases monitored by Logging Analytics using Unified Database Audit Logs available in DB V12.2 onwards. Use this dashboard to understand user activity, schema changes, etc.
Ingest the logs using the Add Data wizard which is available in Compass in Logging Analytics.
Here's the list of widgets displayed in the Oracle Database Audit Analysis dashboard:
| Widget | Description |
|---|---|
| Monitored Databases | Shows count of Oracle Databases being monitored & analyzed in this dashboard based on database entities from Database Audit Logs. Useful to ensure there are no issues in log collection. |
| Objects in Audit Records | Shows count and trend of Oracle Database Audited Objects found in the Database Audit Logs for selected time range and databases. Useful to track broad changes in number of audited objects. |
| Active Users | Shows count of Oracle Database active users and change from previous time-range from Database Audit Logs. |
| Top Users by Activity | Shows distribution of Oracle Database auditable actions grouped by users from Database Audit Logs. Useful for analyzing most active users across selected databases and time range. |
| Audit Events by Database | Shows trend of Oracle Database auditable events from Database Audit Logs grouped. Use this visualization to compare and contrast auditable actions across multiple databases for selected time range to visually identify anomalous patterns. |
| Audit Events by User Names (Originating) | Shows trend of Oracle Database audited actions grouped by different users from Database Audit Logs. Useful for visually identifying any anomalous user activity over time. |
| Clients | Current count and trend of number of Oracle Database clients connecting to monitored Oracle Databases in selected time range from Audit Logs. Useful to visually identify broad changes in number of clients connecting to databases. |
| DML Actions by Database | Provides trend of Oracle Database DML (Data Manipulation
Language) action statements such as CALL,
DELETE, and UPDATE from Database
Audit Logs. Reviewing DML actions regularly can help track and detect
unauthorized data manipulations, which can indicate security breaches or
policy violations. Also essential for compliance that require detailed
logs of who accessed or modified data, when, and under what
circumstances. Use filters to narrow down to a specific
database.
|
| Transaction, Session and System Control Actions by Database | Provides distribution of Oracle Database Transaction Control Statements from Database Audit Logs to help oversee transactional integrity and operational consistency. Enables tracking of transaction completions, reversals, or intermediate save points, for understanding the lifecycle of data transactions. It can help ensure that all data changes within a transaction are properly committed or rolled back, maintaining the database consistency and integrity. Session and System Control Statements to gain insights into how sessions are customized and how roles are assigned, crucial for understanding the context in which data access and manipulation occur. Use filters to narrow down to a specific database. |
| Top 10 Administrative Actions | Shows distribution of all Oracle Database Audited actions from Database Audit Logs except select, execute, insert, update, delete which typically have higher usage. Useful for identifying unexpected database configuration and schema change actions at high level. |
| DDL Actions by Database | Provides distribution of Oracle Database DDL (Data
Definition Language) actions, from Database Audit Logs such as
ALTER, CREATE, and
DROP. Reviewing DDL actions regularly can help
track precise changes like table alterations, creation, or deletion, to
identify unauthorized or potentially harmful schema changes along with
enabling efficient change management and governance. Use filters to
narrow down to a specific database.
|
| Audit Events Security Categories | Shows distribution of Oracle Database audited events security categories of a subset of audited actions from Database Audit Logs. Subset consists all categories except read, audit, and login. |
| Issue Duration Analysis by User, Actions | Shows analysis of duration of Oracle Database issues (defined by problem labels) in correlation with users and actions audited from Database Audit Logs. Use this widget to identify anomalies based on active issues for different users and database actions. |