11-2 Oracle Fusion Middleware Application Security Guide ■ Operational activities like starting and stopping applications, upgrades, and backups This allows compliance officers to perform periodic reviews of compliance policies. Monitoring The audit data naturally provides a rich set of data for monitoring purpose. In addition to any log data and component metrics that are exposed, audit data can be used to create dashboards and to build Key Performance Indicators KPIs for alerts to monitor the health of the various systems on an ongoing basis. Analytics Audit data can also be used in assessing the efficacy of controls through analysis on the audit data. The data can also be used for risk analysis. Based on historical data, a risk score can be calculated and assigned to any user. Any runtime evaluation of user access can include the various risk scores as additional criteria to protect access to the systems.

11.1.2 Today’s Audit Challenges

To satisfy the audit requirements, IT organizations often battle with the deficiencies in audit support for their deployed applications. There is no reliable standard for: ■ Audit Record Generation ■ Audit Record Format and Storage ■ Audit Policy Definition As a result, todays audit solutions suffer from a number of key drawbacks: ■ There is no centralized audit framework. ■ The quality of audit support is inconsistent from application to application. ■ Audit data is scattered across the enterprise. ■ Complex data correlation is required before any meaningful cross-component analysis can be conducted. ■ Audit policies and their configurations are also scattered. These factors are costing IT organization considerable amount of time and resources to build and maintain any reasonable audit solutions. With the data scattered among individual silos, and the lack of consistency and centralization, the audit solutions also tend to be fragile with idiosyncrasies among applications from different vendors with their current audit capabilities.

11.1.3 Oracle Fusion Middleware Audit Framework in 11g

Oracle Fusion Middleware Audit Framework is a new service in11g Release 1 11.1.1, designed to provide a centralized audit framework for the middleware family of products. The framework provides audit service for the following: ■ Middleware Platform - This includes Java components such as Oracle Platform Security Services OPSS and Oracle Web Services. These are components that are leveraged by applications deployed in the middleware. Indirectly, all the deployed applications leveraging these Java components will benefit from the audit framework auditing events that are happening at the platform level. Introduction to Oracle Fusion Middleware Audit Framework 11-3 ■ Java EE applications - The objective is to provide a framework for Java EE applications, starting with Oracles own components. Java EE applications will be able to create application-specific audit events. In 11g Release 1 11.1.1, the audit framework is only available for Oracles own applications. ■ System Components - For system components in the middleware that are managed by Oracle Process Manager and Notification Server, the audit framework also provides an end-to-end structure similar to that for Java components.

11.2 Overview of Audit Features

Key features of the Oracle Fusion Middleware Audit Framework include: ■ A uniform system for administering audits across a range of Java components, system components, and applications ■ Extensive support for Java component auditing, which includes: – support for Oracle Platform Security Services auditing for non-audit-aware applications – the ability to search for audit data at any application level ■ Capturing authentication historyfailures, authorization history, user management, and other common transaction data ■ Flexible audit policies – pre-seeded audit policies, capturing customers’ most common audit events, are available for ease of configuration – tree-like policy structure simplifies policy setup ■ Prebuilt compliance reporting features – Oracle Fusion Middleware Audit Framework provides out-of-the-box analytical reporting capabilities within Oracle BI Publisher; data can be analyzed on multiple dimensions Execution Context ID ECID, user ID, and so on across multiple components. These reports can also be customized according to your preferences. – Reports are based on centralized audit data. – Customers can customize the reports or write their own based on the published audit schema. See Chapter 13, Using Audit Analysis and Reporting for details. ■ Audit record storage Data store database and files bus-stop are available. Maintaining a common location for all audit records simplifies maintenance. Using a data store lets you generate reports with Oracle Business Intelligence Publisher. ■ Common audit record format Highlights of the audit trail include: – baseline attributes like outcome status, event date-time, user, and so on See Also: Understanding Key Oracle Fusion Middleware Concepts in the Oracle Fusion Middleware Administrators Guide.