Database Activity Monitoring (DAM) policies : PCI, SOX, and HIPAA alert policies : Selecting which tables FortiDB tracks for PCI, SOX and HIPAA reports (Object Audit Options)
 
Selecting which tables FortiDB tracks for PCI, SOX and HIPAA reports (Object Audit Options)
Some regulatory compliance reports require you to select the tables on which FortiDB tracks data changes. The reports display the activity in the tables you specify.
You select the objects to audit for the following regulatory compliance reports using the corresponding PCI or SOX policy:
Abnormal or Unauthorized Changes to Data
Abnormal Use of Service Accounts
Abnormal Termination of Database Activity
End of Period Adjustments
PCI - Invalid Operation
PCI - Access to Credit Card Tables
HIPAA Privilege Changes
HIPAA Access to EPHI data
HIPAA User Privileges on EPHI data
To configure the Object Audit Options settings for a policy
1. Go to the editing page for the policy. (See “Configuring PCI, SOX and HIPAA policies”.)
2. Under Object Audit Settings, in the Select Objects to Audit section, select one of the check boxes. The following steps are based on the default setting of this field.
Manually Select Object: You enter the specific object name.
Browse Object by Target: You can select one from the dropdown list (default).
3. In the Target field, select a target from the dropdown list.
4. For Oracle and DB2, in the Schema field, select one from the dropdown list. For Microsoft SQL Server and Sybase, select one from the dropdown list in the Database field, and then select one in the Schema field.
5. From the Tables selection box, select one or more tables.
6. Select the Read (Select)or Write (Insert/Update/Delete) check box or both in the Audit Actions field.
7. Click the right arrow to move the selection to the Selected Objects table.
 
If you want to remove the objects from the Selected Users list, select the user you want to remove, then click the left arrow.
8. Click Save.
9. Optionally, configure the User Audit Options for the following policies: Sox Abnormal or Unauthorized Changes to Data, Sox Abnormal Termination of Database Activity, Sox Abnormal Use of Service Accounts policies, and PCI - User Audit Options. For more information, details about setting the User Audit Options, go to "Setting or Modifying User Audit Options".
See also
Configuring PCI, SOX and HIPAA policies
PCI, SOX, and HIPAA reports