Video Screencast Help

Configure DLP to Monitor Oracle DB Operation

Created: 28 Apr 2012 • Updated: 30 Apr 2012 | 1 comment
Language Translations
yang_zhang's picture
+7 7 Votes
Login to vote

We can use DLP's Network Monitor to audit/monitor the operation of the Oracle DB.

Each command of the Oracle DB operation will be packed and transfered from the netwok. It's the principle of this configuration.

Here are the steps:

1. From DLP Enforce Console, nevigate to 'System' --> 'Settings' --> 'Protocols'

2. Click 'Add Protocol'

3. Input the name of the protocol.

   In the 'Ports' field, input 1521, which is the port used by Oracle DB.

   In the 'IP Filter' field, input +,192.168.1.200/32,*;-,*,*

    192.168.1.200 is the IP address of the Oracle DB

4. Return to the Servers Overview page, click the Network Monitor Server, then click the 'Configure' button. Under the 'Protocol' list, click to choose the protocol name that created on step3:

5. Create a Content Matches Keywords policy to detect these words: insert, update, select

 

6. Save this policy.

If the endpoint user log into the Oracle DB to run some command, then, there will be incidents recorded:

 

Comments 1 CommentJump to latest comment

pete_4u2002's picture

a very descriptive and helpful info. Thumbs up!

0
Login to vote