Home
Knowledge Base
Security
AVDF – Configure Alerts

AVDF – Configure Alerts

This note describes how to create AVDF Critical and Warning alerts. We will generate an alert when failed login attempts exceeds a defined threshold and also an alert when a privileged user like the DBA modifies data in a table marked as ‘sensitive’.

Open the Policies menu and click on the target database

We see the the Core Policies which come out-of-the-box with AVDF as well as the predefined Unified Auditing policies as well as some custom policies which have been created in this case.

Click Provision Unified Policy

Create an alert policy where an alert will be raised if there are more than 5 failed login attempts in a one minute duration

Connect to the database with an invalid password for the user SECADMIN_STEVE – we do this 6 times

SQL> connect “secadmin_steve@example.com”/Welcome_4@pdb1

ERROR:

ORA-01017: invalid username/password; logon denied

SQL> connect “secadmin_steve@example.com”/Welcome_4@pdb1

ERROR:

ORA-01017: invalid username/password; logon denied

SQL> connect “secadmin_steve@example.com”/Welcome_4@pdb1

ERROR:

ORA-01017: invalid username/password; logon denied

SQL> connect “secadmin_steve@example.com”/Welcome_4@pdb1

ERROR:

ORA-01017: invalid username/password; logon denied

SQL> connect “secadmin_steve@example.com”/Welcome_4@pdb1

ERROR:

ORA-01017: invalid username/password; logon denied

SQL> connect “secadmin_steve@example.com”/Welcome_4@pdb1

ERROR:

ORA-01017: invalid username/password; logon denied

Note that an alert has been raised

Click on the alert to get more further details related to the alert

Create an alert policy where an alert with severity Critical will be raised if a DBA tries to modify data in any of the tables and columns which have been configured as containing data sensitive in nature.

Note the Condition.

Connect as a DBA and execute an update on the EMPLOYEES table – this is one of the ‘sensitive’ data tables.

SQL> connect “dba_charles@example.com”/Oracle_4U@PDB1

Connected.

SQL> update HCM.EMPLOYEES set SALARY=23999 where EMAIL=’samkirk@example.com’;

1 row updated.

SQL> commit;

Commit complete.

Note that now a Critical alert has been raised.

Open the alert to get more details.

Updated on June 11, 2021

Tagged: 20.4 alert avdf policies

Was this article helpful?

About The Author

Gavin Soorma

Oracle ACE Director (only 3 in Australia), Oracle Cloud Infrastructure Architect, Oracle Certified Master Database and Cloud (10g,11g and 12c), Oracle Certified Specialist (GoldenGate, Exadata 11g, Exadata Database Machine and Cloud Service 2017) and Oracle OCP (8i to 12c).

Leave a Comment