diff --git a/database/advanced/avdf-restructured/getting-started.md b/database/advanced/avdf-restructured/getting-started.md index 3a236c5c7..7d97b8aff 100644 --- a/database/advanced/avdf-restructured/getting-started.md +++ b/database/advanced/avdf-restructured/getting-started.md @@ -23,7 +23,7 @@ Watch a preview of "*LiveLabs - Oracle Database Security Central*" [](youtube:eL - Assess your database: risks, users, and data - Establish visibility first: audit and monitor - Protect and Prevent: enforce controls -- Continuous vigilance: report and alert +- Continuous vigilance: reports, alerts and GenAI-powered insights ### Prerequisites This lab assumes you have: @@ -36,16 +36,16 @@ This lab assumes you have: ### Lab Timing (estimated) -| Step No. | Feature | Approx. Time | -|--|------------------------------------------------------------|-------------| -|| **Security Central Labs**|| -|04| Access Security Central console | <5 minutes| -|05| Assess your database: risks, users, and data | 10 minutes| -|06| Establish visibility first: audit and monitor | 10 minutes| -|07| Protect and Prevent: enforce controls | 30 minutes| -|08| Continuous vigilance: report and alert | 5 minutes| -|| **Optional**|| -|09| Reset the Security Central labs config | <5 minutes| +| Feature | Approx. Time | +|------------------------------------------------------------|-------------| +| **Security Central Labs**|| +| Access Security Central console | <5 minutes| +| Assess your database: risks, users, and data | 10 minutes| +| Establish visibility first: audit and monitor | 10 minutes| +| Protect and Prevent: enforce controls | 30 minutes| +| Continuous vigilance: reports, alerts and GenAI-powered insights | 5 minutes| +| **Optional**|| +| Reset the Security Central labs config | <5 minutes| ## Task 1: Access Security Central console @@ -113,9 +113,23 @@ You have been given a randomly generated password for the *`AVADMIN`* and *`AVAU - Click [**Submit**] + +## Task 2: Configure Generative AI service integration + + Configure Generative AI service integration in Security Central to leverage the features of *`Security advisor`* and *`Alert Assistant`*. + +1. Login to Security Central Console as *`AVADMIN`* +2. Click on the **Settings** tab, and **System** in the left menu +3. Under **Configuration**, click **Security advisor configuration** to open the popup +4. Follow the intructions provided in the tooltip **`See how to gather the Security advisor configuration details`** to fill the details + + ![AVDF](./images/avdf-305.png "AVDF - Sec Advisor") + +5. Click Save. + You may now **proceed to the next lab**. ## Acknowledgements - **Author** - Nazia Zaidi, Oracle Database Security Central - Product Manager - **Contributors** - Angeline Dhanarani, Database Security - Product Manager -- **Last Updated By/Date** - Angeline Dhanarani, Database Security - Product Manager - April 2026 +- **Last Updated By/Date** - Angeline Dhanarani, Database Security - Product Manager - May 2026 diff --git a/database/advanced/avdf-restructured/images/avdf-022a.png b/database/advanced/avdf-restructured/images/avdf-022a.png index 60eeed995..b213e4505 100644 Binary files a/database/advanced/avdf-restructured/images/avdf-022a.png and b/database/advanced/avdf-restructured/images/avdf-022a.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-023a.png b/database/advanced/avdf-restructured/images/avdf-023a.png index c94cf7fee..c4cf5802e 100644 Binary files a/database/advanced/avdf-restructured/images/avdf-023a.png and b/database/advanced/avdf-restructured/images/avdf-023a.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-305.png b/database/advanced/avdf-restructured/images/avdf-305.png new file mode 100644 index 000000000..e964ccd50 Binary files /dev/null and b/database/advanced/avdf-restructured/images/avdf-305.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-656.png b/database/advanced/avdf-restructured/images/avdf-656.png index 8c58774f0..24a355cda 100644 Binary files a/database/advanced/avdf-restructured/images/avdf-656.png and b/database/advanced/avdf-restructured/images/avdf-656.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-656a.png b/database/advanced/avdf-restructured/images/avdf-656a.png new file mode 100644 index 000000000..2d075c553 Binary files /dev/null and b/database/advanced/avdf-restructured/images/avdf-656a.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-700.png b/database/advanced/avdf-restructured/images/avdf-700.png new file mode 100644 index 000000000..b4ba7c66b Binary files /dev/null and b/database/advanced/avdf-restructured/images/avdf-700.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-701.png b/database/advanced/avdf-restructured/images/avdf-701.png new file mode 100644 index 000000000..f3211602c Binary files /dev/null and b/database/advanced/avdf-restructured/images/avdf-701.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-702.png b/database/advanced/avdf-restructured/images/avdf-702.png new file mode 100644 index 000000000..87d7c12a6 Binary files /dev/null and b/database/advanced/avdf-restructured/images/avdf-702.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-703.png b/database/advanced/avdf-restructured/images/avdf-703.png new file mode 100644 index 000000000..6c6b8ef60 Binary files /dev/null and b/database/advanced/avdf-restructured/images/avdf-703.png differ diff --git a/database/advanced/avdf-restructured/images/avdf-704.png b/database/advanced/avdf-restructured/images/avdf-704.png new file mode 100644 index 000000000..ec032c356 Binary files /dev/null and b/database/advanced/avdf-restructured/images/avdf-704.png differ diff --git a/database/advanced/avdf-restructured/protect-prevent.md b/database/advanced/avdf-restructured/protect-prevent.md index bb6402817..3da6339b5 100644 --- a/database/advanced/avdf-restructured/protect-prevent.md +++ b/database/advanced/avdf-restructured/protect-prevent.md @@ -407,7 +407,7 @@ In this task, we will do the following 3. Confirm the Glassfish application connects through DB Firewall - - Open a Web Browser at the URL *`http://dbsec-lab:8080/hr_prod_pdb1`* to access to **your Glassfish App** + - Open a Web Browser at the URL *`http://dbsec-lab:8080/hr_prod_pdb1`* to access to **your Glassfish App**. **Note:** If you are not using the remote desktop you can also access this page by going to *`http://:8080/hr_prod_pdb1`*. - Login to the application as *`hradmin`* with the password "*`Oracle123`*" @@ -618,16 +618,22 @@ In this task, we will do the following - Description: *Someone has selected more than 100 rows of PII in a single query* - Type: *Oracle Database* - Severity: *Warning* - - Condition: *:ROW_COUNT >100 AND :OBJECT like '%DEMOHR%'* - Threshold (times): *1* - Duration: *1* - Group By (Field): *USER* + - Condition: Let's use *Alert Assistant* to create the condition ![AVDF](./images/avdf-656.png "Alert Policies parameters") - - Click [**Save**] - + - Enter the condition in natural language: *When someone selects more than 100 records in `DEMO_HR_EMPLOYEES` table in a single query* + - Click *Generate Alert Condition* + - Review the condition if similar to the following: *(:OBJECT = '`DEMO_HR_EMPLOYEES`') AND (:`OBJECT_TYPE` = 'TABLE') AND (:`COMMAND_CLASS` = 'SELECT') AND (:`ROW_COUNT` > 100)* + - Click *Use this alert condition* + ![AVDF](./images/avdf-656a.png "Alert Assistant") + + - Click [**Save**] to create the alert policy + 5. To trigger alerts, generate traffic by running the scripts in Step 4. 6. Let's check the Database Firewall alerts that were generated diff --git a/database/advanced/avdf-restructured/report-alert.md b/database/advanced/avdf-restructured/report-alert.md index 0d9925321..e6a6bc310 100644 --- a/database/advanced/avdf-restructured/report-alert.md +++ b/database/advanced/avdf-restructured/report-alert.md @@ -3,6 +3,8 @@ ## Introduction Establish a continuous monitoring process to support compliance with regulatory requirements by leveraging the pre-defined reports available in Security Central. In addition, configure alerts to proactively notify you of actionable events, allowing you to prioritize and respond to potential risks in a timely manner. +Use the GenAI-powered Security Advisor to query Database Security Central in natural language and gain faster insights from aggregated data. + *Estimated Lab Time:* 5 minutes *Version tested in this lab:* Oracle Database Security Central @@ -15,13 +17,14 @@ Watch a preview of "*LiveLabs - Oracle Database Security Central*" [](youtube:eL ### Objectives - Review common pre-defined reports like *Activity on sensitive Data*, *Data Modification Before-After values* - Review alerts generated +- Use security advisor to gain faster and meaningful insights ## Task 1: Review common pre-defined reports
**Step 1: Review activity on sensitive Data** -1. Go back to Audit Vault Web Console as *`AVAUDITOR`* +1. Go to Security Central Console as *`AVAUDITOR`* 2. View the Sensitive Data @@ -63,8 +66,6 @@ Watch a preview of "*LiveLabs - Oracle Database Security Central*" [](youtube:eL 5. You can also view additional **Compliance Reports** about Sensitive Data - ![AVDF](./images/avdf-024.png "Compliance Reports") - 💡 **TIP:** You can now demonstrate compliance with regulations by showcasing activity on sensitive data through these reports. Consider scheduling these reports to run automatically at regular intervals to ensure continuous monitoring, timely insights, and readiness for audits without manual effort.
@@ -152,7 +153,7 @@ Watch a preview of "*LiveLabs - Oracle Database Security Central*" [](youtube:eL ## Task 2: Review alerts generated -1. Go to Audit Vault Web Console as *`AVAUDITOR`* +1. Go to Security Central Console as *`AVAUDITOR`* 2. Click the **Alerts** tab @@ -169,16 +170,65 @@ Watch a preview of "*LiveLabs - Oracle Database Security Central*" [](youtube:eL 💡 **TIP:** You have now explored on actionable alerts - how you can monitor them from Security Central. + +## Task 3: Use security advisor to gain faster and meaningful insights + +1. Go to Security Central Console as *`AVAUDITOR`* +2. Click the red chat icon at the bottom part of the screen to open the **Security advisor** + +3. Find out the actionable security assessment findings using the natural language query + + - Enter the following query *What are the high and medium risk security assesssment findings in `employees_search` instance* + + ![AVDF](./images/avdf-700.png "Sec-advisor1") + + - Review the results of the query to see where you need to focus your next steps to further strengthen security posture. + +4. Identify the risk landscape of users from the user assesssment findings in `employees_search` instance + + - Enter the following query *Summarize the user assesssment findings in `employees_search`* + + ![AVDF](./images/avdf-701.png "Sec-advisor2") + + - You will notice that **employees_search** has high concentration of critical privilege users carrying potential risks owing to their entitlements + +5. Let's probe more to identify the database administrators who have broader access across databases + + - Enter the following query *List the distinct database administrators in **customer_orders** instance who are not C## user* + - Enter the following query *List the distinct database administrators in **employees_search** instance who are not C## user* + + ![AVDF](./images/avdf-702.png "Sec-advisor3") + + - You will notice that certain administrators like **DBA_DEBRA** have broader access to both databases. + +6. Review to see if **DBA_DEBRA** can access sensitive objects in both these databases + + - Enter the following query *Show schema and object names for sensitive object access that user **DBA_DEBRA** can access in targets - `customer_orders` and `employees_search`* + + ![AVDF](./images/avdf-703.png "Sec-advisor4") + + - You will notice that **DBA_DEBRA** does have access to sensitive data in both these databases, but in the previous lab we have configured monitoring and protection policies to ensure their activities are continuously monitored and secured. +7. Review to see the alerts landscape generated on account of the configured monitoring/protection policies + - Enter the following queries + - *How many alerts were generated in the last 48 hours against the target `employees_search`* + - *Which target has the most numer of alerts reported* + - *How many alerts are reported per target monitored in the system?* + + ![AVDF](./images/avdf-704.png "Sec-advisor5") + +💡 **TIP:** You have now explored security advisor - how you can get faster meaningful insights with natural language queries. + ## What did we learn in this lab In this lab, you learned how to establish continuous monitoring using Oracle Database Security Central. - You explored pre-defined reports such as *Activity on Sensitive Data* and *Data Modification Before-After Values* to gain visibility into data access and changes, supporting compliance and audit requirements. - You reviewed alerts generated for actionable events, enabling proactive monitoring and faster response to potential risks. +- You explored security advisor to get faster and meaningful insights with natural language queries. -Together, reporting and alerting provide continuous vigilance, helping organizations maintain security, ensure compliance, and protect sensitive data effectively. +Together, reporting and alerting provide continuous vigilance, helping organizations maintain security, ensure compliance, and protect sensitive data effectively. The GenAI-powered security advisor puts security insights at your fingertips. ## Acknowledgements - **Author** - Angeline Dhanarani, Database Security - Product Manager - **Contributors** - Nazia Zaidi, Database Security - Product Manager -- **Last Updated By/Date** - Angeline Dhanarani, Database Security - Product Manager - April 2026 +- **Last Updated By/Date** - Angeline Dhanarani, Database Security - Product Manager - May 2026 diff --git a/database/advanced/workshops/desktop-database-security-central/manifest.json b/database/advanced/workshops/desktop-database-security-central/manifest.json index e1d0271a0..0544f87d3 100644 --- a/database/advanced/workshops/desktop-database-security-central/manifest.json +++ b/database/advanced/workshops/desktop-database-security-central/manifest.json @@ -44,8 +44,8 @@ "filename": "../../avdf-restructured/protect-prevent.md" }, { - "title": "Lab 6: Report and Alert", - "description": "In this lab you will learn how to Report and set Alerts in Security Central", + "title": "Lab 6: Continuous vigilance", + "description": "In this lab you will learn how to use Continuous vigilance with reports, alerts and GenAI-powered insights in Security Central", "publisheddate": "10/20/2020", "filename": "../../avdf-restructured/report-alert.md" }, diff --git a/database/advanced/workshops/freetier-database-security-central/manifest.json b/database/advanced/workshops/freetier-database-security-central/manifest.json index 704e6d04f..ac332400e 100644 --- a/database/advanced/workshops/freetier-database-security-central/manifest.json +++ b/database/advanced/workshops/freetier-database-security-central/manifest.json @@ -51,8 +51,8 @@ "filename": "../../avdf-restructured/protect-prevent.md" }, { - "title": "Lab 7: Report and Alert", - "description": "In this lab you will learn how to Report and set Alerts in Security Central", + "title": "Lab 7: Continuous vigilance", + "description": "In this lab you will learn how to use Continuous vigilance with reports, alerts and GenAI-powered insights in Security Central", "publisheddate": "10/20/2020", "filename": "../../avdf-restructured/report-alert.md" }, diff --git a/database/advanced/workshops/livelabs-database-security-central/manifest.json b/database/advanced/workshops/livelabs-database-security-central/manifest.json index 01cc636d8..88bf8d857 100644 --- a/database/advanced/workshops/livelabs-database-security-central/manifest.json +++ b/database/advanced/workshops/livelabs-database-security-central/manifest.json @@ -44,8 +44,8 @@ "filename": "../../avdf-restructured/protect-prevent.md" }, { - "title": "Lab 6: Report and Alert", - "description": "In this lab you will learn how to Report and set Alerts in Security Central", + "title": "Lab 6: Continuous vigilance", + "description": "In this lab you will learn how to use Continuous vigilance with reports, alerts and GenAI-powered insights in Security Central", "publisheddate": "10/20/2020", "filename": "../../avdf-restructured/report-alert.md" },