Cloud database service protection workflow

Provide protection for your cloud database services by using native audit.

About this task

This is a general workflow for providing cloud database service protection with native audit. Your specific workflow depends on what you want to achieve with the cloud database audit.

Procedure

  1. Define the AWS Identity and Access Management policy as described in Define AWS IAM for native audit.
  2. Create a cloud account as described in Create, modify, delete cloud accounts.
  3. Discover its database instances as described in Discover cloud databases.
  4. Catalog the databases that you want to work with as described in Catalog and manage databases. Cataloging creates a data source within Guardium so that you can manage the cloud database Guardium functions on the specific database.
  5. Optionally add the data source to a new or existing VA process (requires Vulnerability Assessment license) or to a new or existing Classification process. For more information, Manage Classification and Vulnerability Assessment.
  6. Optionally enable DB Audit on relevant databases, as described in Configure database auditing. Restart the databases either now from the Guardium UI, or later from the DB console. After DB auditing is enabled, it performs standard Oracle auditing. When you enable DB Auditing, your Guardium system becomes the unique owner of the DB Audit on this DB. No other Guardium system can modify the DB Audit or the object audit. To see Classification results, run Classification once (Run once now) after you enable the DB Audit, or wait for the next scheduled run. (The data source must be assigned to a Classification process.)
  7. Review the Classification results of your data sources (requires a classification process and DB Audit):
    • View the objects, grouped either by the object or the classification process that identified the objects, and use filters to further refine the results
    • Enable or disable object audit: individually, by table
    • Drill down from the objects grouping to open a list of all databases that contain the selected object in their classification results. In this view, you can also enable and disable object auditing.
  8. Periodically repeat steps 3 through 7.
  9. Review the data sources periodically, checking for New objects, and optionally adding or removing objects from the object audit. For example, you might remove objects that do not need auditing but were automatically added, or if a database is having performance issues. Or you might identify a suspicious object that is not audited, and add it to the object audit.