Oracle_SuspiciousActivity Job
The Oracle_SuspiciousActivity job is designed to provide insight into suspicious behavior based on user activity that does not conform to normal database activity.
Analysis Tasks for the Oracle_SuspiciousActivity Job
Navigate to the Oracle > 2.Activity > Oracle_SuspiciousActivity > Configure node and select Analysis to view the analysis tasks.
CAUTION: Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job.
The default analysis tasks are:
- Oracle Suspicious Activity Details – Analyzes the audited events and collects those that represent suspicious activity by the database users. Creates the SA_Oracle_SuspiciousActivity_Details table accessible under the job’s Results node.
- Suspicious Activity Instance Summary – Summarizes all suspicious activity found and groups it by instance. Creates the SA_Oracle_SuspiciousActivity_Summary table accessible under the job’s Results node.
In addition to the tables and views created by the analysis task, the Oracle_SuspiciousActivity Job produces the following pre-configured report.
| Report | Description | Default Tags | Report Elements |
|---|---|---|---|
| Suspicious Activity | This report highlights the number of suspicious events found per instance as well as provides the details about those events | None | This report is comprised of three elements: - Bar Chart – Displays suspicious activity by instance - Table – Provides details on suspicious activity by instance - Table – Provides details on suspicious activity details |