MJ,
Database auditing is your friend. You can audit almost anything in the
database, including queries but it won't do you any good unless you have it
turned on and correctly configured before the threat happens.
Database Firewall and Database Vault can also help with diagnosis and even
prevention in these situations but again, they have to be in place and
running before the event occurs.
Seth Miller
On Tue, Jan 26, 2016 at 3:30 AM, Niall Litchfield <
niall.litchfield@xxxxxxxxx> wrote:
Hypotheticals don't work here. You'd need to understand the specific
threat and timeframes involved and investigate accordingly. If you are
concerned about object definition changes you'd look for evidence of that,
for data changes a different set of specific steps would be required.
I'd expect the in-house info sec team to lead on this, potentially with
external consultancy as well.
On Tue, Jan 26, 2016 at 2:42 AM, MJ Mody <emjay.mody@xxxxxxxxx> wrote:
Oracle Experts
I have a hypothetical scenario and apologize for open-ended questions. I
will not confirm or deny the following statements. Say your management just
got word that some clients' pcs had malware that compromised external
facing applications and database objects supporting these applications.
While there are v$ and dba_ views that DBA can use to investigate the
severity.
Any recommendations or sql that DBA can run to do 'damage assessment' or
'damage control'.
Your insight is greatly appreciated.
Best
MJ--
//www.freelists.org/webpage/oracle-l
--
Niall Litchfield
Oracle DBA
http://www.orawin.info
