The DBMS must produce audit records containing sufficient information to establish the sources (origins) of the events.
An XCCDF Rule
Description
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes, but is not limited to: timestamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, file names involved, access control or flow control rules invoked. Without information establishing the source of activity, the value of audit records from a forensics perspective is questionable.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-220273r960900_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the DBMS's auditing to audit standard and organization-defined auditable events, the audit record to include the source of the event. If preferred, use a third-party or custom tool.
If using a third-party product, proceed in accordance with the product documentation. If using Oracle's capabilities, proceed as follows.
If Standard Auditing is used:
Use this process to ensure auditable events are captured: