Create a separate Oracle authentication record for each Oracle instance you want to scan. During scanning we'll authenticate to all Oracle instances defined in all Oracle records in your account.
Did you know? You can allow the system to create Oracle authentication records for auto discovered instances and scan them. This is supported for Unix installations only. To enable this feature, you must first create Oracle System Record Templates.
For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article:
Authentication Technologies Matrix
A few things to consider... |
We recommend you review Oracle Use Cases |
What credentials should I use?What credentials should I use? It is strongly recommended that you create one or more dedicated user accounts to be used solely by our service to authenticate to Oracle databases. See our Scanning Tips docs under Quick Links (also available under Help > Resources). |
Is the database a Multitenant Container Database?Is the database a Multitenant Container Database? Be sure to choose the "Is CDB" option on the Target Configuration tab in the Oracle record. When “Is CDB” is selected, the compliance scan will auto discover and assess all accessible Pluggable Databases (PDBs) within the container database (CDB). Learn more about Oracle authentication for CDB/PDBs |
Help me with record settings |
How do I get started?How do I get started? - Go to Scans > Authentication. - Check that you already have a record defined for each host running database instances. - Create a Oracle record for the database instance. Go to New > Databases > Oracle. |
Tell me about the Ports settingTell me about the Ports setting Port <number> All Ports We'll attempt to find a port-specific record firstWe'll attempt to find a port-specific record first When we detect an Oracle instance on a host at scan time: First we'll look for a port-specific record for the host and attempt authentication using its credentials. If a port-specific record is not found or if authentication fails... Then we'll look for an "All Ports" record for the host and attempt authentication using its credentials. |
We support integration with multiple third party password vaults. Just go to Scans > Authentication > Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault name. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault. |
Perform OS-dependent compliance checksPerform OS-dependent compliance checks (Windows, Unix) Select this option on the Windows and/or Unix tab to allow the scanning engine to gather Oracle compliance data at the operating system level. For Windows, you must also have a Windows record with the same IP addresses as the Oracle record. For Unix, you must have a Unix record with the same IP addresses as the Oracle record. Your Oracle InstallationYour Oracle Installation Enter details about your Oracle installation in the fields provided. All fields are required and have a limit of 255 characters. For Windows, these special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ / For Unix, these special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ \ |
Perform OPatch checksPerform OPatch checks (Unix) Select this option on the Unix tab to allow the scanning engine to get a list of all installed patches for the Oracle instance. Unix authentication and Oracle Authentication are both required to perform OPatch checks. Learn more Note - The Oracle installation details you provide on the Unix tab will apply to both types of checks: OS-dependent checks and OPatch checks. |
Tell me about TCPS configurationTell me about TCPS configuration Once you have configured the TCPS connection protocol for your Oracle database, then you can add the same to the Oracle authentication records in the Qualys Platform.
Important notes for Unit ManagersImportant notes for Unit Managers When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager. |