The Cloud Pak for Data 4.8.0 release introduces a new database security feature in Watson Query, a built-in audit logging feature that seamlessly integrates with the IBM Cloud Pak for Data Audit Logging facility. You can monitor and record activities for each Watson Query database by using Db2 audit events. In this blog post, we’ll explore three use cases for taking advantage of the Db2 audit facility and other features that are a part of this update.

Audit logging use cases 

Here are three practical use cases for how you can take advantage of the Db2 audit facility to solve security challenges.

Graphic by Malik Johnson

Real-time security for threat identification

You can now capture detailed information about user access to specific objects, including whether the access was granted or denied. The immediate benefit? You can identify potential security threats in real-time and take appropriate action to mitigate these threats.

Historical analysis to resolve issues

You can generate historical audit logs to trace the actions leading up to a particular issue. This feature allows you to pinpoint concerning behaviours that are performed on a database or user interactions that might require further troubleshooting.

Integration with SIEM for proactive monitoring

• You can feed audit logs into a SIEM (Security Information and Event Management) system to receive alerts when abnormal activity is detected and to help you achieve compliance with organizational and governmental activity monitoring requirements.
• To learn how to integrate with SIEM solutions like Splunk, QRadar and Mezmo, see Audit events in the Cloud Pak for Data documentation.

Customize the Db2 audit facility

The Db2 audit facility comes enabled by default in Cloud Pak for Data 4.8.0. One of its notable features is the flexibility for you to customize the built-in audit policy so that it aligns with your organizational needs. As an authorized user, you can do any of the following tasks:

• Start and stop recording auditable events within the Watson Query instance.
• Create an audit policy to identify which events should be monitored and recorded during the audit process.
• Apply an audit policy to specific user groups based on varying levels of risk associated with the group’s activities.
• View all the audit policies that have been created and that are in use to determine if the coverage meets your needs.

To learn how to customize the default audit policy, see Customizing an audit policy in Db2 audit facility. 

Let’s get started

With the integration of Watson Query with the Db2 audit facility, you can now track database activities with greater detail, enhancing accountability, traceability, and regulatory compliance. To explore this feature further, see Monitoring user activity with auditing in Watson Query.

Upgrade your database security to Cloud Pak for Data 4.8.0 today!