An automated tool that monitors audit data and immediately reports suspicious activity should be employed for the DBMS.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15103 | DG0161-ORACLE10 | SV-24814r1_rule | ECAT-2 | Medium |
| Description |
|---|
| Audit logs only capture information on suspicious events. Without an automated monitoring and alerting tool, malicious activity may go undetected and without response until compromise of the database or data is severe. |
| STIG | Date |
|---|---|
| Oracle 10 Database Installation STIG | 2014-01-14 |
Details
| Check Text ( C-29378r1_chk ) |
|---|
| Review evidence or operation of an automated, continuous on-line monitoring and audit trail creation capability for the DBMS is deployed with the capability to immediately alert personnel of any unusual or inappropriate activity with potential IA implications, and with a user-configurable capability to automatically disable the system if serious IA violations are detected. If the requirements listed above are not fully met, this is a Finding. |
| Fix Text (F-26403r1_fix) |
|---|
| Develop or procure, document and implement an automated, continuous on-line monitoring and audit trail creation capability for the DBMS is deployed with the capability to immediately alert personnel of any unusual or inappropriate activity with potential IA implications, and with a user-configurable capability to automatically disable the system if serious IA violations are detected. |