How to collect Oracle audit logs
This page describes how to collect audit logs from Oracle databases.
Navigate to Settings
Log in to the CYBERQUEST web interface with an account with administrative rights.
Navigate to Settings > Management > Data Source Manager.
This page contains all data sources added in the CYBERQUEST application.
Click ADD DATA-SOURCE to create and configure a new data source.
DataSource Type: Select Database / Oracle 11 Audit Log or Database / Oracle 12 Audit Log based on the Oracle version
DataSource Information: Auto-populated information about the data source
Query Interval: How often the query runs (default: 1800 seconds / 30 minutes)
Credentials to use: Select Oracle credentials from the list (user with access to audit data)
Tag: Auto-filled identifier, can be customized
Administrative Notes: Optional notes for administrators
Anonymize Fields: Select fields to anonymize (optional)
Time Format: Time format used by the audit timestamp
Connection String: Database connection string (for example, HOST=...;PORT=...;SERVICE_NAME=...)
Query: SQL query used to extract audit data (adjust to the audit schema/structure)
Field Mapper: Map query result columns to CYBERQUEST fields. Add custom mappings with the New button: 
Last Date Time: Starting point for collection
Time Column: Column name containing the audit timestamp
Command Timeout: Seconds to wait for query execution before timeout (default: 60 seconds)
Connection Timeout: Seconds to wait when establishing the connection (default: 60 seconds)
Click the "Save" button to save the data source.
Assign the CYBERQUEST agent
Assign a CYBERQUEST agent to this data source. Choose the agent that has network access to the Oracle server.
Actions menu
To edit the data source, click Edit 
. This process is almost identical to adding a data source.
Bulk Clone 
: Clone the current data source settings for each value in the "Bulk Clone" field.
Clone 
: Clone the data source.
Delete: remove the data source from the list.