Knowing who did what and when in an application helps in investigating unauthorized access.
Proactive workspace monitoring helps us to detect security incidents early and provides forensic evidence when breaches occur. Without it, security issues may persist undetected until significant damage has occurred.
Let's see how we can do this in Oracle APEX.
Where to find Monitor Activity and how to configure it
Oracle APEX has a build-in feature for this: the Monitor Activity. It is turned on by default.
An workspace administrator can configure it at workspace level, accessing Manage Instance -> Feature Configuration -> Monitoring.
If the Application Activity Logging is set to Use Application Settings then we can turn monitoring on or off for each individual application within workspace: go to Application Definitions -> Property to enable or disable logging.
The retention interval for audit information is set by default to 14 days but this can also be changed by a workspace administrator in the instance settings under Manage Instance -> Manage Log Interval.
The maximum value that can be specified for retention interval is 180 days. If we need to keep the audit information for a longer period of time, we have to save it in local tables
View Audit Information
APEX provides 2 dashboards with audit information: one is available Administration Services (a) and monitor activity of all worspaces; teh second one is available in APEX Builder (b) and monitor activity within a workspace.
a) Administration Service -> Monitor Activity gives us access to reports on applications, developers, session activity in all workspaces.
b) The Monitor Activity within a workspace provides reports that show developer activity, track page views, active sessions, login attempts and analysis reports.
It's very easy to view the monitor reports within a workspace, if we have the APEX Builder installed: just click on the upper-right icon-menu Administration:
Each report has an (almost) self-explanatory name; when in doubt, we always have the documentation :).
What about production environment, where, from security reason, we should not have APEX Builder installed. What to do in this case?
How to view audit information when APEX Builder is not available
APEX views are our friends, we should know them well, isn't it ? Depending on which kind of audit information we need, we can query the following 3 views: the APEX_WORKSPACE_ACCESS_LOG for records on login attempt; the APEX_WORKSPACE_ACTIVITY_LOG for records who is viewing which page; the APEX_WORKSPACE_SESSIONS for records on Oracle APEX sessions.
We can easily create our own dashboard and reports with the useful information from these 3 views. We can go one step further: find anomalies pattern, define report(s) for these and automatically email these report(s) to the responsible team. How to do this - it's a topic for a future post.
Conclusion
Monitoring workspace activity in Oracle APEX helps identify suspicious behavior patterns like, for example: unusual login times or locations, excessive failed login attempts, abnormal page access sequences. These patterns can indicate compromised accounts or insider threats before they cause significant damage.
We can use Monitor Activity within Workspace or create our own dashboard on audit information, Regular monitoring of these dashboards and sending automatic alerts on specific security-relevant events is essential for maintaining security awareness and quickly identifying potential security incidents before they cause significant damage.
