The DBMS must produce audit records containing sufficient information to establish the sources (origins) of the events.
An XCCDF Rule
Description
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes, but is not limited to: timestamps, source and destination IP addresses, user/process identifiers, event descriptions, application specific events, success/fail indications, file names involved, access control or flow control rules invoked. Without information establishing the source of activity, the value of audit records from a forensics perspective is questionable.
- ID
- SV-219757r879566_rule
- Version
- O112-C2-007700
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the DBMS's auditing to audit standard and organization-defined auditable events, the audit record to include the source of the event. If preferred, use a third-party or custom tool.
If using a third-party product, proceed in accordance with the product documentation. If using Oracle's capabilities, proceed as follows.
Use this query to ensure auditable events are captured: