Oracle Audit Vault is a security and compliance monitoring platform targeted primarily to security auditors and/or administrators. It provides a means to automatically collect and analyze audit data (who connected, when, what they did, etc.) from multiple systems into a centralized location; where custom or canned reports and alerts can be generated detailing the audited actions for review, forensic analysis, or compliance purposes.

The platform is deployed via an agent/server architecture; with the Oracle Audit Vault Server hosting the central repository and action console while individual Oracle Audit Vault Collection agents are deployed to the DBs/application servers themselves for the collection of audit data and transmission to the central repository for further analysis. While the initial release of the product collected audit data only from Oracle DBs; the latest release supports Oracle (9i/R2+, including 11g), SQL Server (2000/2005), IBM DB2 8.2/9.5 and Sybase ASE 12.5/15.0.

The collection method for the data as well as what data is actually available is dependent on the database monitored. For Oracle, the vendor notes that auditing can be based on specific types of actions or combinations of metrics, including name, application, time, success/failure, etc. Auditing must be enabled on the database, and and the collection of before and after data from the redo stream is also supported.

Auditing of SQL Server leverages C2 auditing, server side trace files, and Windows event viewer; with the ability to record server audit action groups per-instance, and either database audit action groups or database audit actions per database.

IBM DB2 writes audit data to a binary file, from which it can be extracted by an Audit Vault supplied utility to a text file for processing by the Audit Vault agent. Types of events that can be audited include the changing of auditing settings themselves, maintenance of objects (creating or dropping database objects), granting or revoking of privileges, and more.

Finally, for Sybase ASE the Audit Vault agent connects to the database to read audit trail records. Potential data includes the nature of the event, date, time, user, success and failure; with potential events including such actions as logins/logouts, boots, data and object access commands, etc.

Canned and customizable reports are available from the repository, including charting/graphing capabilities as well as the ability to remove/reorder report columns, and add data highlighting rules. Out-of-the-box reports include such information as DB account management, privileged user activities, DB structure changes, etc.

Other features include monitoring/alerting; and the ability to automatically remove Oracle DB audit data from the source system once it has been collected.

Oracle Audit Vault is available now. Server pricing is $57,500 per processor; and Collection Agents are $3,500 per processor.

Visit the Oracle Web site for further information.