Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 58 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog


Home » Archives » June 2014 » Integrating PFCLScan and Creating SQL Reports

[Previous entry: "Automatically Add License Protection and Obfuscation to PL/SQL"] [Next entry: "Coding in PL/SQL in C style, UKOUG, OUG Ireland and more"]

Integrating PFCLScan and Creating SQL Reports

June 25th, 2014 by Pete


We were asked by a customer whether PFCLScan can generate SQL reports instead of the normal HTML, PDF, MS Word reports so that they could potentially scan all of the databases in their estate and then insert either high level results of the scans (pass / fail, number of issues) into a database and also potentially insert all of the actual detailed results of each policy/test failure.

We can do this and the ability was designed into the product from day 1. This is because we can create reports that are any text based template file. The reporting language of PFCLScan is simple and template based. So you can create a text file that is a template of how you want the report to look - so a nice HTML report, an XML report or even an MS Word document or a SQL*Plus script and then you use the PFCLScan reporting language template variables to insert report data where you need it. That "data" can be from the product, policies, project or scan results of course. So its easy instead to create an SQL file to run instead of a fancy report.

I have written a new blog post on the product website running through an example of how to create SQL reports from PFCLScan.

This makes PFCLScan powerful as its easy to use the output and also to use automation. PFCLScan uses projects to manage each peice of work (a scan of all your databases, or a scan of a single system, or a scan of prod or of dev....) and in each project you manage targets, policy sets and of course the checks defined in the policy sets and also report templates. All of the policies are easily added to a new project so defining a project with what targets you need and what checks you want is quick and simple.

The really cool thing though is that you can also run PFCLScan itself as a check in a policy. You can also run the reporting tool as a check in a policy. This is how we make automation very easy in PFCLScan to achieve powerful results and also to simplify the tasks that you need to do. So, for example one project can be created that reads an Excel sheet with a list of databases that need to be scanned. It tests if each can be reached first and for those that can be it generates a PFCLScan project for each to run. Then it runs each project to perform a detailed scan of each database and then runs a report for each. This means that once set up (and each part is just projects and policies and checks configured in the normal way) you can run one project and supply one Excel sheet and scan any number of databases on demand each day from the GUI or from the command line and also bring in inserting data to a vulnerability database if needed.

We will post a new blog next week on the PFCLScan Website showing a simple example of this automation in PFCLScan to complement the SQL report demo in this new blog post.

Remember also that our pricing model is simple and very competitive; we charge per installation of our software not the number of databases that you scan so its very cost effective to use PFCLScan.



New Comment
Name:
E-Mail:
Homepage:
Smilies:
smile shocked sad
big grin razz *wink wink* hey baby
angry, grr blush confused
cool crazy cry
sleepy hehe LOL
plain jane rolls eyes satisfied
 
June 2014
SMTWTFS
1234567
891011121314
15161718192021
22232425262728
2930     

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives


Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!