IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Expand all | Collapse all

Where to find log or history of policy rules active at a certain point?

  • 1.  Where to find log or history of policy rules active at a certain point?

    Posted Thu June 27, 2024 11:11 AM
    Hello,
    we're using Guardium 11.5 with collectors pointing to S-Tap for Db2 z/OS. I want to know which policy and which rules were active at a certain points on the collectors. But there seems to be no report that gives the information about the rule criteria and rule action of the rules contained in a policy. In other words, the information you get when you he information you get in the GUI when you edit the rules of a profile. 
     
    In Protect > Security Policies > Policy Builder for Data > Security Policies there is a possibility to download the policy definitions to a CSV file. The columns "Rule properties" and "Action" contain the information I'm looking for in a historic report. 
     
    I have tried following reports policy changes where I can see rule names and modification but no details and right-clicking from there to Detailed Guardium User Activity and User Activity Audit Trail. 
    I have tried following reports Policy changes where I can see rule description and right clicking from thre to repors Detailed Guardium User Activity and User Activity Audit Trail.
    Best regards, 
    Claude


    ------------------------------
    Claude Birtz
    DBA
    CTIE
    ------------------------------


  • 2.  RE: Where to find log or history of policy rules active at a certain point?

    Posted Mon July 01, 2024 03:11 AM

    Hi Claude,

    Try to check from here, Protect > Security Policies > Policy builder for Data > Analyze > view results > continuous Analysis 

    Inside there click on time frame and change it to back date and check the old rules and action. but it won't give you details about the rule.



    ------------------------------
    Regards,
    Rizwan Ali
    Senior Guardium Consultant
    Pakistan
    ------------------------------



  • 3.  RE: Where to find log or history of policy rules active at a certain point?

    Posted Tue July 02, 2024 02:25 PM

    Hi Rizwan,

    thanks for the answer. It's not really what I was looking for as there is no way to limit the time other than "Last x minutes / days". 

    I added an API mapping to "Policy changes" between "Object Description" and "rule_info_from_policy", which gives me the information I want when Modified entity equals "GDM_INSTALLED_POLICY_HEADER". But again, no history.

    Curious that this important information seems to be missing

    Regards,

    Claude



    ------------------------------
    Claude Birtz
    DBA
    CTIE
    ------------------------------