Auditing objects
A properly designed and implemented statement-level auditing policy can help to detect suspicious activity, especially in cases in which we have a small number of statements executed frequently on the same objects. However, if there are thousands of statements being executed per minute, then it may be more difficult to determine if any of those executions are tied to activities we would need to investigate. In those situations it may be more beneficial to implement object-level auditing against the sensitive objects. In this case, it would be easier to audit the sensitive objects separately using object auditing features.
In this recipe we will audit the table EMPLOYEES
for all statements, and the emp_details_hr
view from the schema HR
for the SELECT
statements.
Getting ready
All steps will be performed on the HACKDB
database.
How it works...
Connect as the
system
user and start the audit for theEMPLOYEES
table as follows:SQL> conn system Enter password: Connected. SQL...