Oracle PDB scanning in CCS

book

Article ID: 222938

calendar_today

Updated On:

Products

Control Compliance Suite Control Compliance Suite Standards Server

Issue/Introduction

Control Compliance Suite (CCS)

You would like to scan Oracle PDB databases using CCS.

Environment

Release : CCS 12.5.x

NOTE: Data Collection on Oracle PDB assets can only be collected by agentless method

Prerequisites:

1) Network ports for agentless data collection:

  • Windows scanning: 135 / 137 / 138 / 139 / 445 / 389, Ephemeral port range
  • Unix\Linux server scanning: 22
  • CCS Oracle agentless target (default) : 1521
    • If Oracle listens on other ports other than the default port, those are needed to be open as well

2) Required Permissions for agentless Oracle and OS scanning:

3) The Oracle ODP.NET 4 (12.1.0.2.0) client needs to be installed on each manager in the ‘Data Collector’ role.

Oracle Client ODP.NET 4 (12.1.0.2.0) For data collection on Oracle assets, you must manually install the Oracle Client ODP.NET 4 on the CCS Manager. You can install it before or after you install CCS. This component is a part of the ODAC 12c Release 4 and Oracle Developer Tools for Visual Studio (12.1.0.2.4) installation package. You must download the package from the Oracle product support website, extract the contents of the .zip package, and then run the installer for the Oracle Data Provider for .NET 4 12.1.0.2.0

 

Resolution

Data Collection for Oracle PDB assets

Data Collection on Oracle PDB assets can only be collected by agentless method.   Also you cannot import PDB Oracle assets by running the Asset Import Job in the CCS console.  You have to add the PDB manually by adding each PDB asset individually, or by using the CSV or the ODBC asset import functionality to add multiple assets.

NOTE: While importing the PDB Oracle assets, assets attributes such as Database Name Type, Database Version, Operating System, and OS Type must be updated for successful data collection.
The Database Name Type asset property must be updated to Service Name, and not as a System ID (SID).

 

How to add an Oracle PDB asset

Additional information how to use Add Asset functionality in CCS: https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/control-compliance-suite/12-x/policy-management-v122966579-d8e87449/add-assets-provide-asset-information-v123213506-d8e237665.html

Add the Oracle PDB asset using 'Add Asset'

  1. The Asset Type would be 'Oracle Configured Databases' and
    • For single assets use the 'Add Assets Classification' and fill out the required information for a single asset (you will need to have the required information listed in the Note section above to create the PDB asset).
    • If you have multiple assets to create, you can use the second option to use a csv (**in the required format, see bullet point below to generate the csv file with headers) file or ODBC to give the information.
      • **To get the headers for the csv file, go to Asset System -> Assets -> Asset Tasks dropdown -> Export CSV Headers  and choose 'Oracle Configured Databases'.  (Information on the required headers are in the top of the csv file once created).
  2. Configure a Common Credential or Asset Credentials for CCS to use for the Oracle data collection.
  3. Run an Oracle data collection or CER job on the newly created Oracle Asset(s).

Attachments

1630415486825__Control Compliance Suite Data Collection Privileges Guide.pdf get_app