This question is based on some scenarios I noticed in my own environment and I want to verify that I understand correctly. When the DB User Name cannot be identified by Guardium (due to missing login packet or otherwise) and an OS User exists does Guardium place OS User in the Database User column and append "(OS USER)"? For example:

Server IP: 111.111.221.222
DB User Name: User1
Database Name: Db0
OS User: User5

ServerIP: 111.111.221.222
DB User Name: User5 (OS USER)
Database Name:
OS User: User5

------------------------------
Chase Walkup
------------------------------

If you refer to report, it is possible

Create computed attribute which produces OS User in case DB Username is empty.

Computed attribute uses MySQL functions where IF condition is available.

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Warsaw
------------------------------

Original Message:
Sent: Fri April 17, 2020 02:33 PM
From: Chase Walkup
Subject: OS User as Database User

This question is based on some scenarios I noticed in my own environment and I want to verify that I understand correctly. When the DB User Name cannot be identified by Guardium (due to missing login packet or otherwise) and an OS User exists does Guardium place OS User in the Database User column and append "(OS USER)"? For example:

Server IP: 111.111.221.222
DB User Name: User1
Database Name: Db0
OS User: User5

ServerIP: 111.111.221.222
DB User Name: User5 (OS USER)
Database Name:
OS User: User5

------------------------------
Chase Walkup
------------------------------

Zbigniew,

Thank you. We do not have any computed attributes defined in our environment but I still see this behavior. My question is if this functionality is expected out of the box.

------------------------------
Chase Walkup
------------------------------

Original Message:
Sent: Mon April 20, 2020 12:59 AM
From: Zbigniew (Zibi) Szmigiero
Subject: OS User as Database User

If you refer to report, it is possible

Create computed attribute which produces OS User in case DB Username is empty.

Computed attribute uses MySQL functions where IF condition is available.

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Warsaw

Original Message:
Sent: Fri April 17, 2020 02:33 PM
From: Chase Walkup
Subject: OS User as Database User

This question is based on some scenarios I noticed in my own environment and I want to verify that I understand correctly. When the DB User Name cannot be identified by Guardium (due to missing login packet or otherwise) and an OS User exists does Guardium place OS User in the Database User column and append "(OS USER)"? For example:

Server IP: 111.111.221.222
DB User Name: User1
Database Name: Db0
OS User: User5

ServerIP: 111.111.221.222
DB User Name: User5 (OS USER)
Database Name:
OS User: User5

------------------------------
Chase Walkup
------------------------------

Hi Chase,

Generally speaking, if the DB User can not be identified due to dropped packets it will be logged as a ? and there will be a LOGIN_MISSED exception. If it can not be identified due to a specific protocol problem or defect in the sniffer usually it is blank.

There are some specific cases where the DB User is populated with the OS User followed by (OS User). One such case is for MSSQL traffic in Guardium v9. Prior to correlating the DB User it will appear as you noted there.

What exact database and OS are you seeing that for? And what Guardium version?

Then we can confirm it is expected in that case

------------------------------
AVRAM WALERIUS
------------------------------

Original Message:
Sent: Wed April 22, 2020 04:11 PM
From: Chase Walkup
Subject: OS User as Database User

Zbigniew,

Thank you. We do not have any computed attributes defined in our environment but I still see this behavior. My question is if this functionality is expected out of the box.

------------------------------
Chase Walkup

Original Message:
Sent: Mon April 20, 2020 12:59 AM
From: Zbigniew (Zibi) Szmigiero
Subject: OS User as Database User

If you refer to report, it is possible

Create computed attribute which produces OS User in case DB Username is empty.

Computed attribute uses MySQL functions where IF condition is available.

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Warsaw

Original Message:
Sent: Fri April 17, 2020 02:33 PM
From: Chase Walkup
Subject: OS User as Database User

This question is based on some scenarios I noticed in my own environment and I want to verify that I understand correctly. When the DB User Name cannot be identified by Guardium (due to missing login packet or otherwise) and an OS User exists does Guardium place OS User in the Database User column and append "(OS USER)"? For example:

Server IP: 111.111.221.222
DB User Name: User1
Database Name: Db0
OS User: User5

ServerIP: 111.111.221.222
DB User Name: User5 (OS USER)
Database Name:
OS User: User5

------------------------------
Chase Walkup
------------------------------

Hi Chase,

Sorry if you get this multiple times, seems like its not posting to the forum properly...

Generally speaking if the DB User is missing due to dropped login packets it will appear as ? and there will be a LOGIN_MISSED exception.
If it is missing due to a specific protocol problem or defect in the product it is usually blank.

There are some specific cases where it will be populated as you note with (OS User). One I know of is for MSSQL traffic with Guardium v9.
In that case before the real DB User is decrypted it will appear as you noted.

If you're not referring to MSSQL on Guardium v9 - Can you clarify:
- What DB and OS is this traffic coming from?
- What is the Guardium version?

Then we can confirm if its expected.

Thanks
Avi

------------------------------
AVRAM WALERIUS
------------------------------

Original Message:
Sent: Wed April 22, 2020 04:11 PM
From: Chase Walkup
Subject: OS User as Database User

Zbigniew,

Thank you. We do not have any computed attributes defined in our environment but I still see this behavior. My question is if this functionality is expected out of the box.

------------------------------
Chase Walkup

Original Message:
Sent: Mon April 20, 2020 12:59 AM
From: Zbigniew (Zibi) Szmigiero
Subject: OS User as Database User

If you refer to report, it is possible

Create computed attribute which produces OS User in case DB Username is empty.

Computed attribute uses MySQL functions where IF condition is available.

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Warsaw

Original Message:
Sent: Fri April 17, 2020 02:33 PM
From: Chase Walkup
Subject: OS User as Database User

This question is based on some scenarios I noticed in my own environment and I want to verify that I understand correctly. When the DB User Name cannot be identified by Guardium (due to missing login packet or otherwise) and an OS User exists does Guardium place OS User in the Database User column and append "(OS USER)"? For example:

Server IP: 111.111.221.222
DB User Name: User1
Database Name: Db0
OS User: User5

ServerIP: 111.111.221.222
DB User Name: User5 (OS USER)
Database Name:
OS User: User5

------------------------------
Chase Walkup
------------------------------

Hi Chase,

UPDATE!
I did confirm internally that your understanding is correct.

For Windows S-TAP, if DB User is missing and OS User is available the DB User will be populated with the OS User followed by (OS_USER) to notify that its not the real DB User.

Hope that helps

------------------------------
AVRAM WALERIUS
------------------------------

Original Message:
Sent: Fri April 24, 2020 04:36 AM
From: AVRAM WALERIUS
Subject: OS User as Database User

Hi Chase,

Sorry if you get this multiple times, seems like its not posting to the forum properly...

Generally speaking if the DB User is missing due to dropped login packets it will appear as ? and there will be a LOGIN_MISSED exception.
If it is missing due to a specific protocol problem or defect in the product it is usually blank.

There are some specific cases where it will be populated as you note with (OS User). One I know of is for MSSQL traffic with Guardium v9.
In that case before the real DB User is decrypted it will appear as you noted.

If you're not referring to MSSQL on Guardium v9 - Can you clarify:
- What DB and OS is this traffic coming from?
- What is the Guardium version?

Then we can confirm if its expected.

Thanks
Avi

------------------------------
AVRAM WALERIUS

Original Message:
Sent: Wed April 22, 2020 04:11 PM
From: Chase Walkup
Subject: OS User as Database User

Zbigniew,

Thank you. We do not have any computed attributes defined in our environment but I still see this behavior. My question is if this functionality is expected out of the box.

------------------------------
Chase Walkup

Original Message:
Sent: Mon April 20, 2020 12:59 AM
From: Zbigniew (Zibi) Szmigiero
Subject: OS User as Database User

If you refer to report, it is possible

Create computed attribute which produces OS User in case DB Username is empty.

Computed attribute uses MySQL functions where IF condition is available.

------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Warsaw

Original Message:
Sent: Fri April 17, 2020 02:33 PM
From: Chase Walkup
Subject: OS User as Database User

This question is based on some scenarios I noticed in my own environment and I want to verify that I understand correctly. When the DB User Name cannot be identified by Guardium (due to missing login packet or otherwise) and an OS User exists does Guardium place OS User in the Database User column and append "(OS USER)"? For example:

Server IP: 111.111.221.222
DB User Name: User1
Database Name: Db0
OS User: User5

ServerIP: 111.111.221.222
DB User Name: User5 (OS USER)
Database Name:
OS User: User5

------------------------------
Chase Walkup
------------------------------