Using Restore backup validate or recover backup validate header for Ransomware detection
On-prem, Oracle EE 19c multi-tenant RDBMS. Current Patch level 19.26
Been tasked with validating whether our backup files have been tampered with due to a ransomware attack. This task is in addition to other layers of security/detection we have in place already within our environment, so this process is just another check or opportunity to detect some abnormality occurring with i our environment. Reading a lot of documentation, the Restore validate and Recover validate seem like viable options to detect whether or not someone has encrypted/deleted/altered your backup files sitting on a separate NFS storage device.
We do take immutable snapshots of our backups every 6 hours. So, I have a 6 hour window of backups to check 4 times a day for our oracle footprint. ( more than 120 db's of varying sizes). Need to check datafile backups and logs.