STIGQter STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 1 Release: 17 Benchmark Date: 24 Jan 2020: The DBMS must provide a real-time alert when organization-defined audit failure events occur.

DISA Rule

SV-66379r2_rule

Vulnerability Number

V-52163

Group Title

SRG-APP-000104-DB-000051

Rule Version

O112-C2-008300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure logging software to send a real-time alert to appropriate personnel when auditing fails for any reason.

(Oracle recommends the use of Oracle Enterprise Manager.)

Check Contents

Review Oracle Corp., OS, or third-party logging software settings to determine whether a real-time alert will be sent to the appropriate personnel when auditing fails for any reason.

If real-time alerts are not sent upon auditing failure, this is a finding.

Vulnerability Number

V-52163

Documentable

False

Rule Version

O112-C2-008300

Severity Override Guidance

Review Oracle Corp., OS, or third-party logging software settings to determine whether a real-time alert will be sent to the appropriate personnel when auditing fails for any reason.

If real-time alerts are not sent upon auditing failure, this is a finding.

Check Content Reference

M

Target Key

2669

Comments