IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Subject: Alert for MSSQL Services stopped

    Posted Tue March 28, 2023 07:52 AM

    Hi Team,

    I need to configure an alert if any MSSQL Services stopped manually in windows through Services.msc via Guardium.

    will it be possible? Do we have that feature for identifying if any Database services stopped to get an alert?



    ------------------------------
    sathya Janakiraman
    ------------------------------


  • 2.  RE: Subject: Alert for MSSQL Services stopped

    Posted Tue March 28, 2023 02:40 PM

    Sathya,

    Guardium mainly focuses on the database activity collected instead of processes. The only thing you could do in Guardium would be to monitor for traffic from that SQL server instance and/or for records with sqlserver.exe as the source program. But that will only tell you if there is no traffic as a possible indicator that the process is down.  Quieter environments may naturally have periods where there is no activity.  A Powershell script or other host monitoring solution would be best to check for the process as long as the scheduler is working to continue checking/monitoring.

    I hope this helps.

    Jennifer



    ------------------------------

    Jennifer Dodson
    Data Protection Managed Services
    Converge Technology Solutions Corp.
    Formerly Information Insights LLC
    _____________
    m: 469.502.8850
    convergetp.com | Jennifer.Dodson@convergetp.com

    ------------------------------

    Original Message


  • 3.  RE: Subject: Alert for MSSQL Services stopped

    Posted Tue March 28, 2023 03:08 PM

    Jennifer:

    Is it possible using the CAS Agent? I try study and implement it, but the information is poor.  Only this link I found:

    https://www.ibm.com/docs/en/guardium/11.5?topic=harden-configuration-auditing-system-cas

    Regards,



    ------------------------------
    Carlos Espinoza Chandia
    ------------------------------

    Original Message


  • 4.  RE: Subject: Alert for MSSQL Services stopped

    Posted Wed March 29, 2023 12:42 PM

    Carlos,

    I think CAS is very limited and you cannot modify the templates. And it is focused on files and settings. There are some SQL queries built in (for SQL server) which would fail if the process was down. And there are some timeouts and failover options to explore. So it might be worth some testing to see what happens if the CAS agent is up and the sqlserver process is down so CAS cannot complete the queries. I don't believe it will be in real time but might be fun to test.

    Jennifer



    ------------------------------
    Jennifer Dodson
    Data Protection Managed Services
    Converge Technology Solutions Corp.
    Formerly Information Insights LLC
    _____________
    m: 469.502.8850
    convergetp.com | Jennifer.Dodson@convergetp.com
    ------------------------------

    Original Message


Related Content