Skip to main content

Oracle

Download With Dependencies

The modeling rules for Oracle event collectors.

This pack includes XSIAM content.

Collect Events from Vendor

In order to use the collector, you will need to perform the following steps:

Broker VM

You will need to use the information described here.\
You can configure the specific vendor and product for this instance.

  1. Navigate to Settings -> Configuration -> Data Broker -> Broker VMs.
  2. Right-click the broker VM and select Database Collector -> Activate.
  3. When configuring the Database Collector, set:
    • vendor as oracle
    • product as db

Database Collector

You will need to use the information described here.\
When configuring the Database Connection the SQL Query should look as follows:

SELECT to_char(EVENT_TIMESTAMP,'YYYY/MM/DD HH:MM:SS.mi') as DB_TIMESTAMP, UNIFIED_AUDIT_TRAIL.*
FROM UNIFIED_AUDIT_TRAIL
WHERE to_char(EVENT_TIMESTAMP,'YYYY/MM/DD HH:MM:SS.mi') > ?
ORDER BY  DB_TIMESTAMP DESC;

Make sure to use the correct value for "Retrieval Value", to match the Rising Column value type.

PUBLISHER

Cortex

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 2, 2022
Last ReleaseMarch 1, 2023
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.