IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  What is the default policy behavior of Guardium for fresh installation

    Posted Thu June 08, 2023 10:10 AM

    Hello everyone,

    I need a clarification on default behavior on Guardium for fresh installation?

    1. I have installed the Guardium and by default 'Default ignore policy' is installed and I can see Connection Profiling List group used in the rule which is always empty. What is the use of this policy if this group always empty? How this is ignoring connection if the list is empty?
    2. Do we need to override always this default ignore policy when we create new policies and install it or just keep this policy as last policy? I mean something like implicit default deny policy in network firewall?
    3. I have created a new test policy and installed it by overriding the default ignore policy to monitor a particular a column in a table. So currently I have only this policy installed but when I checked the reports like DDL, DML, DCL I am able to see entries in those reports. How this data is collected when there is no policy to collect it? Is this default behavior? 

    Thanks in advance

    Muhammed Rafi



    ------------------------------
    Muhammed Rafi
    ------------------------------


  • 2.  RE: What is the default policy behavior of Guardium for fresh installation

    Posted Fri June 09, 2023 10:52 AM

    Muhammed,

    You have a lot of questions about setting up policies. The security learning academy asset below may help you get started with understanding the different policy types, actions, and expectations.

    https://login.ibm.com/oidc/sps/auth?client_id=NzJiOTdhOTUtNDBmZi00&Target=https%3A%2F%2Flogin.ibm.com%2Foidc%2Fendpoint%2Fdefault%2Fauthorize%3FqsId%3D1a887d9f-81a0-4f0f-a620-ef91d40307ab%26client_id%3DNzJiOTdhOTUtNDBmZi00

    Ibm remove preview
    View this on Ibm >

    There are several more policy related assets in the learning center that could be helpful.

    Good luck!

    Jennifer



    ------------------------------
    Jennifer Dodson
    Security Technical Professional
    Global Sales, Financial Services
    1 469 502 8850 Mobile
    jennifer.dodson@ibm.com

    IBM
    ------------------------------

    Original Message


  • 3.  RE: What is the default policy behavior of Guardium for fresh installation

    Posted Sat June 10, 2023 05:56 PM
    Edited by Muhammed Rafi Sun June 11, 2023 01:32 AM

    Dear Jennifer,

    Thanks for the response.

    I have watched those videos already but got confused with the data it collects. That is why I asked the question here. Could you please explain the below question?

    1. Do I need to install any policy to show report for DDL, DML, DCL commands. I can see the these reports with data without any policy. Please see my current policy screenshot below and you can see I don't have any policy to collect these commands. This is the only policy I have in my system even I overridden the default ignore policy. So Which policy collecting these data(DDL,DML, DCL) from database server?  

      

    Thanks,

    Muhammed Rafi



    ------------------------------
    Muhammed Rafi
    ------------------------------

    Original Message


  • 4.  RE: What is the default policy behavior of Guardium for fresh installation

    Posted Mon June 12, 2023 09:28 AM

    Muhammed,

    You will need to have at least a policy to collect that type of traffic to start.

    You might want to start with the "Global Data Privacy template" policy. Make a clone of it and name is to match your standard.

    Install it and you should start seeing some data come through.  Then you will want to adjust the groups referenced in the policy like CCPA Personal Data Authorized Server IPs, CCPA Personal Data Admin Users, CCPA Personal Data Sensitive Object and others. Some of the command groups are already populated.

    Add some values to the related groups and reinstall the policy every time you make a change to the group or policy and you should start seeing data.

    Or you can create a new data security policy, non-selective with 1 Access rule to start. The SQL criteria can start with Command In Group Database DML...

    Make sure you have an appropriate Rule action.  Your example just had Redact. At a minimum, choose Log Only so you can start seeing some records.

    Jennifer



    ------------------------------
    Jennifer Dodson
    Security Technical Professional
    Global Sales, Financial Services
    1 469 502 8850 Mobile
    jennifer.dodson@ibm.com

    IBM
    ------------------------------

    Original Message


Related Content