logo

CALLGOOSE

Oracle Audit Vault and Database Firewall

Integration of Oracle Audit Vault and Database Firewall with Callgoose SQIBS


Overview


This document provides a detailed guide to integrating Oracle Audit Vault and Database Firewall with Callgoose SQIBS for real-time Incident Management, Incident Auto Remediation, Event-Driven Automation, and other automation capabilities. The integration enables automatic creation, updating, and resolution of incidents in Callgoose SQIBS based on alerts triggered in Oracle Audit Vault and Database Firewall. The guide includes steps for setting up alerts, configuring webhook notifications, creating API filters in Callgoose SQIBS, and troubleshooting.


Prerequisites


  • Oracle Audit Vault and Database Firewall Account: Access to Oracle Audit Vault and Database Firewall for creating alerts and managing notifications.
  • Callgoose SQIBS Account: With valid privileges to set up API filters and receive notifications.
  • Webhook/API Endpoint: Available in Callgoose SQIBS to receive alerts from Oracle Audit Vault and Database Firewall.


1. Obtain API Token and Endpoint Details

To integrate with Callgoose SQIBS, you first need to obtain an API token and find the API endpoint details.

  1. Generate an API Token:
  • Follow the guide on How to Create API Token in Callgoose SQIBS: https://docs.callgoose.com/sqibs/api_token.
  1. Find the API Endpoint:
  • Refer to the Callgoose SQIBS API Endpoint Documentation: https://docs.callgoose.com/sqibs/api_end_point to get the endpoint details where the JSON payloads from Oracle Audit Vault and Database Firewall will be sent.


2. Debugging and Troubleshooting

Enable debugging in the API tokens used with Oracle Audit Vault and Database Firewall notifications for troubleshooting purposes.

  • Enable Debugging:
  • Update the debug value when adding or updating an API token.
  • When API tracking is enabled, logs are stored in the API log section for review. Debugging will automatically disable after 48 hours.
  • When API tracking is turned off, no logs are saved in the API log.
  • Using API Log for Troubleshooting:
  • The API log provides detailed information on all API calls made to Callgoose SQIBS.
  • Check the JSON values in each API log entry for troubleshooting purposes.
  • Use API log data to refine API filters to ensure incidents are created correctly.
  • Callgoose SQIBS creates incidents according to API filter configuration, providing full control over how alerts trigger incidents and automation processes.


3. Configuring Oracle Audit Vault and Database Firewall to Send JSON Payloads

Oracle Audit Vault and Database Firewall provide real-time monitoring and alerting mechanisms to detect suspicious database activities, unauthorized access, SQL injections, and policy violations.


3.1 Setting Up Alerts in Oracle Audit Vault and Database Firewall

  1. Log in to the Oracle Audit Vault and Database Firewall Console:
  • Access the Oracle Audit Vault and Database Firewall platform using your account credentials.
  1. Navigate to the Alerts Section:
  • In the Oracle Audit Vault and Database Firewall console, go to Alerts > Create Alert.
  1. Create a New Alert:
  • Click on Add Alert to create a new alert.
  • Specify Alert Conditions: Define the conditions that will trigger the alert, such as unauthorized access attempts, policy violations, or anomalous activity.
  1. Configure the Notification Method:
  • Choose Webhook as the notification method to send data to a webhook.
  • Webhook URL: Enter the webhook URL provided by Callgoose SQIBS.


3.2 Configuring the Webhook Notification

To ensure that the JSON payload sent matches the examples provided, follow these steps when configuring the webhook:

  • Add Webhook URL:
  • Enter the endpoint provided by Callgoose SQIBS.
  • Ensure the protocol is HTTPS for secure data transmission.
  • Customize Payload Format:
  • Ensure that the payload includes key fields like "alertName", "severity", "description", "timestamp", "alertId", and others as shown in the example payloads.

Example Payload Setup:

{
  "alertName": "$alertName",
  "severity": "$severity",
  "description": "$description",
  "timestamp": "$timestamp",
  "alertId": "$alertId"
}
  • Test the Webhook Configuration:
  • Perform a test to ensure the JSON payload is correctly formatted and sent to the Callgoose SQIBS API endpoint.
  • Review the payload in Callgoose SQIBS to confirm that it matches the expected structure.


4. Configuring Callgoose SQIBS

To correctly map incidents from Oracle Audit Vault and Database Firewall alerts, create API filters based on the JSON payloads received.

  • Refer to the API Filter Instructions and FAQ: https://docs.callgoose.com/sqibs/api_integration for more details.


Example JSON Payloads from Oracle Audit Vault and Database Firewall

Alert Triggered (severity: "Critical")

{
  "alertName": "Unauthorized Database Access",
  "severity": "Critical",
  "description": "An unauthorized login attempt detected on the Oracle database",
  "timestamp": "2024-08-05T12:00:00.000Z",
  "alertId": "oracle789"
}

Alert Resolved (severity: "Normal")

{
  "alertName": "Unauthorized Database Access Cleared",
  "severity": "Normal",
  "description": "Unauthorized login attempt resolved on the Oracle database",
  "timestamp": "2024-08-05T12:30:00.000Z",
  "alertId": "oracle789"
}


5. Testing and Validation


  • Triggering Alerts:
  • Simulate a security alert in Oracle Audit Vault and Database Firewall.
  • Verify that an incident is created in Callgoose SQIBS with the correct details.
  • Resolving Alerts:
  • Investigate and resolve the alert in Oracle Audit Vault and Database Firewall.
  • Ensure that the corresponding incident in Callgoose SQIBS is updated or resolved accordingly.


6. Security Considerations


  • API Security: Ensure that the Callgoose SQIBS API endpoint is correctly configured and that API tokens are securely stored.
  • Oracle Audit Vault and Database Firewall Permissions: Verify that webhook permissions allow sending security event data to Callgoose SQIBS.
  • Data Encryption: Ensure encrypted data transmission between Oracle Audit Vault and Database Firewall and Callgoose SQIBS.


7. Conclusion


This guide provides a comprehensive overview of how to integrate Oracle Audit Vault and Database Firewall with Callgoose SQIBS for effective database security management. By following these steps, organizations can ensure security alerts from Oracle Audit Vault and Database Firewall trigger automated responses in Callgoose SQIBS, reducing manual intervention and improving security incident response times.

For further customization or advanced use cases, refer to:



CALLGOOSE
SQIBS

Advanced Automation platform with effective On-Call schedule, real-time Incident Management and Incident Response capabilities that keep your organization more resilient, reliable, and always on

Callgoose SQIBS can Integrate with any applications or tools you use. It can be monitoring, ticketing, ITSM, log management, error tracking, ChatOps, collaboration tools or any applications

Callgoose providing the Plans with Unique features and advanced features for every business needs at the most affordable price.



Unique Features

  • 30+ languages supported
  • IVR for Phone call notifications
  • Dedicated caller id
  • Advanced API & Email filter
  • Tag based maintenance mode
Book a Demo

Signup for a freemium plan today &
Experience the results.

No credit card required