Sample Reports

Sample Reports
Below are a few dozen examples from the built-in reports in Core Audit. Core Audit contains over 200 reports grouped into bundles. All bundles contain more reports, and many derivatives can be easily produced. More reports can be seen in the Online Demo.
For more information about the reports, please see the Reports page. The Online Demo contains these and many other reports along with their parameters, and the Free Trial will allow you to experiment with the full functionality of Core Audit.
The Sample reports are divided into these categories:

DBA & Privileged User Reports

These sample reports are taken the DBA bundle. The DBA bundle targets the monitoring of Administrators (DBAs) and Privileged Users.
  • DBA accounts usage – A summery report for DBA sessions grouped by Username, Program, and Machine. The report will easily highlight unusual programs or machines used to connect to DBA accounts.
  • DBA Failed Logon Summary – A summary report of failed logons to DBA accounts (or accounts containing the name of a DBA account).
  • DBA detailed SQL activity – A detailed report for all DBA SQLs. This report will be long on many systems, but is often required by various regulations.
  • DBA DML activity – In environment where modifications to the database (insert, update and delete) are considered especially sensitive, this report will highlight such activity from DBA accounts.
  • DBA Non CC SQL activity – A detailed report of DBA SQL activity excluding sessions marked as Change Control sessions (using Change Control Integration). This report can be easier to monitor, but requires separate monitoring of Change Control activity.
  • DBA Non CC DML activity – A detailed report of DBA DML activity that is not marked as change control.

Session Reports

These sample reports are taken from the Sessions bundle. The Sessions bundle reports on successful and failed connections to the database.
  • User Logon – A simple summary report showing the users that logged into the database. This report is important to monitor for unusual usernames or unusual number of connections.
  • Logon Detail by User – A detailed report showing each logon, grouped by the username
  • Program Logon – A summary report showing the programs the logged into the database. This report is important to monitor for suspicious programs or unusual number of connections.
  • Failed Logon Summary – A summary report showing failed logons to the database.
  • Failed Logon Detail – A detail report showing each of the failed logons.
  • Logon per Hour – A summary report showing the number of logons per hour. This report can be important to monitor for unusual number of logons or logons at unusual hours.

DDL Reports

These sample reports are taken from the DDL bundle. The DDL bundle targets monitoring of changes to the database. The three main groups of changes are schema DDL (changes to tables, indexes, etc), User DDL (changes to users, roles, grants, etc), and programming DDL (changes to triggers, procedures, etc). A fourth group of database DDL is not sampled here.

Sensitive Table Reports

These sample reports are taken from the Table bundle. The Table bundle targets monitoring of sensitive tables.
  • Table activity by Program – A summary report showing the number of accesses (both queries and DML) to sensitive tables from each program
  • Table activity by Username – A summary report showing the number of accesses (both queries and DML) to sensitive tables from each Oracle account
  • Table detailed SQL activity no app – A report showing each access to sensitive tables excluding the application accounts
  • Table DML activity – A detailed report of changes (DML activity) to sensitive tables. In most cases, monitoring for change only is not sufficient, but it can be useful in certain situations (like changes to the salaries table shown in this report).

Sensitive Programs Reports

These sample reports are taken from the Program bundle. The program bundle targets particular programs (such as SQL*Plus, SQL developer, and Toad) whose usage in the database needs to be closely monitored.

Application User Reports

These sample reports are taken from the AppUser bundle. The AppUser bundle targets monitoring of the application users in general, and unauthorized usage of the application users in particular. Unauthorized usage is specified by connections that come from unauthorized programs, machines or IP addresses.
  • CCAPP AppUser Session Summary – A summary report of all the programs, machines and IP addresses used to connect to the application account.
  • CCAPP AppUser Session – A detailed report of connections to the application account (grouped by program).
  • CCAPP Unauth AppUser SQLs – A detailed SQL report of SQLs issued from unauthorized connections.
  • HRAPP Unauth AppUser DML – A detailed SQL report of SQLs issued from unauthorized connections. Note that this report is for a different application.

Data Changes Reports

These sample reports are taken from the Data Changes bundle. This Data Changes bundle is driven by the logminer collector that scans the Oracle redo logs once per day for changes to specified tables.

Security Reports

These sample reports are taken from the three Security bundles (General security, App security, and Table security). The security bundles are driven by the security repository and are searching for anomalies in the activity patterns of the database.
  • Security New Programs – A simple general security list report of new programs that have not been seen in the database recently.
  • Security New Users – A simple general security list report of new Oracle accounts that have not been seen in the database recently.
  • Security New SQLs – A general security report of all new SQLs in the database
  • AppSecurity SQL – An application security report of new SQLs in the application. This report will detect all SQL Injections.
  • Table Security New SQLs – A table security report of new SQLs in the database that contain the name of a sensitive table.