Oracle Cloud Infrastructure Documentation

Activity Auditing Workflow

The workflow for Activity Auditing involves these main steps for a single target database. If you want, you can choose to configure multiple target databases at one time.

  1. Register the target database for which you want to collect audit data.
  2. Configure an Activity Auditing job for your target database by using the Activity Auditing wizard.
    1. Select your target database and retrieve its audit policies.
    2. Select audit policies to provision on your target database. You can choose categories of audit policies, individual custom policies, Oracle pre-seeded policies, and the Center for Internet Security (CIS) recommendations policy.
    3. Select alert policies to provision on your target database. Alerts are generated when certain user activities occur on the target database. You can choose to be alerted to database parameter changes, failed logins by administrator users, audit policy changes, user creations/deletions, and user entitlement changes.
    4. Register an audit trail for the target database. For an Autonomous Database, Activity Auditing automatically registers the UNIFIED_AUDIT_TRAIL.
    5. Start collecting audit data. Audit data collection begins when you start the Activity Auditing job and continues until you stop the job. Turn on the auto purge feature at your discretion.
  3. Monitor the audit data:
    • View and manage audit reports for the target database from the Reports tab.
    • View and manage alerts from the Alerts tab.
  4. Manage the audit job:
    • Manage the audit trail from the Audit Trails page. You can start, stop, pause, and resume collecting audit data and delete the audit trail.
    • View the audit job running on the Jobs page, but manage the job from the Audit Trails page.