Scanning an Oracle database with the "sys" or "system" accounts doesn't return any results

book

Article ID: 160248

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

When trying to run a Discover scan against an Oracle database using the "sys" or "system" accounts, the scan completes in a few seconds and does not return any results.

Resolution

Change the query used by the Discover scan by performing the following steps:

1. Comment out the below query in sqldatabasecrawler.properties, by adding a # in front of the line:

driver_table_query.oracle = select ut.table_name, ut.iot_type from user_tables ut where not exists (select unt.table_name from user_nested_tables unt where unt.table_name = ut.table_name) and (ut.iot_type is null or not ut.iot_type = 'IOT_OVERFLOW')

2. Uncomment out this query and use it instead, which will query the system dictionary rather than the user dictionary:

driver_table_query.oracle = select dt.owner||'.'||dt.table_name from dba_tables dt where not exists (select dnt.table_name from dba_nested_tables dnt where dnt.table_name = dt.table_name and dnt.owner = dt.owner) and (dt.iot_type is null or not dt.iot_type = 'IOT_OVERFLOW')

3. Add the following to the Discover Target as an Include Filter: oracle:*|target-database-name.*