Skip to main content

Oracle

The modeling rules for Oracle event collectors.

This pack includes XSIAM content.

Collect Events from Vendor

In order to use the collector, you will need to perform the following steps:

Broker VM

You will need to use the information described here.\
You can configure the specific vendor and product for this instance.

  1. Navigate to Settings -> Configuration -> Data Broker -> Broker VMs.
  2. Right-click the broker VM and select Database Collector -> Activate.
  3. When configuring the Database Collector, set:
    • vendor as oracle
    • product as db

Database Collector

You will need to use the information described here.\
When configuring the Database Connection the SQL Query should look as follows:

SELECT UNIFIED_AUDIT_TRAIL.*
FROM UNIFIED_AUDIT_TRAIL
WHERE UNIFIED_AUDIT_TRAIL.EVENT_TIMESTAMP > ?
ORDER BY UNIFIED_AUDIT_TRAIL.EVENT_TIMESTAMP DESC;

Make sure to use the correct value for "Retrieval Value", to match the Rising Column value type.

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 2, 2022
Last ReleaseMarch 26, 2025
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.