Set Up Oracle Authentication

VM scans: Oracle authentication is supported for Oracle Database Versions 8, 9, 10, 11 and 12.

PC scans: Refer to the supported technologies list, which is continuously updated. Go to PC > Policies > Controls, and click Search.

It is strongly recommended that you create one or more dedicated user accounts to be used solely by our service to authenticate to Oracle databases. See our Scanning Tips docs under Quick Links (also available under Help > Resources).

Be sure to choose the "Is CDB" option on the Target Configuration tab in the Oracle record. When “Is CDB” is selected, the compliance scan will auto discover and assess all accessible Pluggable Databases (PDBs) within the container database (CDB). Learn more about Oracle authentication for CDB/PDBs

- Go to Scans > Authentication.

- Check that you already have a record defined for each host running database instances.

- Create a Oracle record for the database instance. Go to New > Databases > Oracle.

Port <number>
Enter the port number you want to scan. We'll use the credentials in this record to attempt authentication to the SID on the port you enter here.

All Ports
Select this option and we'll use the credentials in the record to attempt authentication to the SID on all ports the SID is detected on. You may only create one Oracle record with the "All Ports" option per host.

We'll attempt to find a port-specific record first

We support integration with multiple third party password vaults. Just go to Scans > Authentication > Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault name. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault.

Select this option on the Windows and/or Unix tab to allow the scanning engine to gather Oracle compliance data at the operating system level.

For Windows, you must also have a Windows record with the same IP addresses as the Oracle record. For Unix, you must have a Unix record with the same IP addresses as the Oracle record.

Your Oracle Installation

Select this option on the Unix tab to allow the scanning engine to get a list of all installed patches for the Oracle instance. Unix authentication and Oracle Authentication are both required to perform OPatch checks. Learn more

Note - The Oracle installation details you provide on the Unix tab will apply to both types of checks: OS-dependent checks and OPatch checks.

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.