You need to audit changes to a DLP user role or account

search cancel

You need to audit changes to a DLP user role or account

book

Article ID: 217747

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention Data Loss Protection Oracle Standard Edition Data Loss Prevention Oracle Standard Edition 2 Data Loss Prevention Enforce

Issue/Introduction

Symantec Data Loss Prevention (DLP) - any version

For audit purposes, you need to show when a change is made to a user role or a user account and Enforce console logins.

Environment

Release: Any version

Component: Data Loss Prevention Enforce and Oracle database

Resolution

The database table "protect.auditlog" contains data when a user role is created or changed.
That table also shows changes to a user account.
And that table shows Enforce console login events.

The Detail column will show the changes to the role, but not what the previous setting was.

Example: If you change a role from "Read-Only" to "SysAdmin" the detail column will show the change to "SysAdmin" but it does not show the previous value, i.e. "Read-Only".

The Entity column will show "Role" when a change to a role is made.
The Entity column will show "User" when a change to a user is made.
The Entity column will show "Login" when a console login attempt is made.

We do not have a built-in report to show that data.
You or your DBA will need to create a query to pull that data and put it into a useable report for your audit team.

Feedback

thumb_up Yes

thumb_down No