search cancel

Scanning an Oracle database with the "sys" or "system" accounts doesn't return any results


Article ID: 160248


Updated On:


Data Loss Prevention Network Discover


When trying to run a Discover scan against an Oracle database using the "sys" or "system" accounts, the scan completes in a few seconds and does not return any results.


Change the query used by the Discover scan by performing the following steps:

1. Comment out the below query in, by adding a # in front of the line: = select ut.table_name, ut.iot_type from user_tables ut where not exists (select unt.table_name from user_nested_tables unt where unt.table_name = ut.table_name) and (ut.iot_type is null or not ut.iot_type = 'IOT_OVERFLOW')

2. Uncomment out this query and use it instead, which will query the system dictionary rather than the user dictionary: = select dt.owner||'.'||dt.table_name from dba_tables dt where not exists (select dnt.table_name from dba_nested_tables dnt where dnt.table_name = dt.table_name and dnt.owner = dt.owner) and (dt.iot_type is null or not dt.iot_type = 'IOT_OVERFLOW')

3. Add the following to the Discover Target as an Include Filter: oracle:*|target-database-name.*