IBM Security Guardium

hi,

If we install S-Tap(.exe) file in windows server without GIM. how can we change the parameters for S-Tap? does it works blocking, redaction and monitoring as we install through collector after GIM installation? Please suggest.

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

Hi Phanendra

Normally the install directory of STAP is: C:\Program Files\IBM\Guardium Agent Monitor\Bin inside you will fin the ini files where you can change parameters editing this file. (resmon.ini). Then you can restart the agent from collector or restarting the service (IBM security guardium s-tap).
I suggest that you use GIM as installer instead of the direct installation of s-tap.


------------------------------
Carlos Espinoza Chandia
------------------------------

Original Message:
Sent: Tue October 13, 2020 08:03 AM
From: PHANENDRA RAO CHAVANA
Subject: Windows S-Tap without GIM

hi,

If we install S-Tap(.exe) file in windows server without GIM. how can we change the parameters for S-Tap? does it works blocking, redaction and monitoring as we install through collector after GIM installation? Please suggest.

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

I do not have this in my environment but below is my understanding. Someone else please chime in if I am incorrect about anything. It would be best to install on a test server before mass deployment and verify the below is correct.

If you install the S-TAP without the GIM you will need to manage the S-TAP parameters locally on the server where it is installed rather than from a Guardium appliance. Initial parameters would be set during installation and post-install changes would need to be made to the guard_tap.ini and the conf files in the STAP install directory. Examples of these parameters would be the TAP_IP, STAP_Enabled, SQLGuard_IP, etc. that normally would be configurable via the 'Set up by Client' page.

Functionally, the S-TAP will behave the same as one installed without the GIM. The S-TAP will still be managed by a collector. The policy installation that is issued by that collector will be pushed down to the S-TAP. Blocking and redaction are defined here and should have the same management requirements as an S-TAP without GIM.

------------------------------
Chase Walkup
------------------------------

Original Message:
Sent: Tue October 13, 2020 08:03 AM
From: PHANENDRA RAO CHAVANA
Subject: Windows S-Tap without GIM

hi,

If we install S-Tap(.exe) file in windows server without GIM. how can we change the parameters for S-Tap? does it works blocking, redaction and monitoring as we install through collector after GIM installation? Please suggest.

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

You can manage some of the S-TAP configs via the collector, under 'S-TAP Control', but you need to set WINSTAP_ALL_CAN_CONTROL=1 during the install.  This parameter can only be changed locally on the client after install.

------------------------------
Wendy
------------------------------

Original Message:
Sent: Tue October 13, 2020 09:00 AM
From: Chase Walkup
Subject: Windows S-Tap without GIM

I do not have this in my environment but below is my understanding. Someone else please chime in if I am incorrect about anything. It would be best to install on a test server before mass deployment and verify the below is correct.

If you install the S-TAP without the GIM you will need to manage the S-TAP parameters locally on the server where it is installed rather than from a Guardium appliance. Initial parameters would be set during installation and post-install changes would need to be made to the guard_tap.ini and the conf files in the STAP install directory. Examples of these parameters would be the TAP_IP, STAP_Enabled, SQLGuard_IP, etc. that normally would be configurable via the 'Set up by Client' page.

Functionally, the S-TAP will behave the same as one installed without the GIM. The S-TAP will still be managed by a collector. The policy installation that is issued by that collector will be pushed down to the S-TAP. Blocking and redaction are defined here and should have the same management requirements as an S-TAP without GIM.

------------------------------
Chase Walkup

Original Message:
Sent: Tue October 13, 2020 08:03 AM
From: PHANENDRA RAO CHAVANA
Subject: Windows S-Tap without GIM

hi,

If we install S-Tap(.exe) file in windows server without GIM. how can we change the parameters for S-Tap? does it works blocking, redaction and monitoring as we install through collector after GIM installation? Please suggest.

------------------------------
PHANENDRA RAO CHAVANA
------------------------------

Hi Phanendra,

You can configure Windows S-TAP parameters by one of the following methods. The third one is available only when you install GIM. So, you may want to try the first one or the second one.

1. Edit guard_tap.ini on DB server and restart S-TAP.
Windows S-TAP is installed at "C:\Program Files\IBM\Windows S-TAP" by default, and you'll find guard_tap.ini in the Bin directory. You can edit parameters and restart Windows S-TAP to make the changes affective.

2. Edit config from S-TAP Control.
Logon to Guardium GUI, and navigate to Manage > Activity Monitoring > S-TAP Control. Select the S-TAP that you want to configure, and expand the settings (e.g. Firewall Details, Inspection Engines, etc...). Press Modify button and edit the settings.

3. Change config from Set Up by Client (GIM only)
Logon to Guardium GUI, and navigate to Manage > Module Installation > Set up by Client. This operation is available only when you install GIM.

You'll find all parameter details in Knowledge Center. Parameters are in each sub-document.
Windows: Editing the S-TAP configuration parameters
https://www.ibm.com/support/knowledgecenter/SSMPHH_11.2.0/com.ibm.guardium.doc.stap/stap/edit_the_s_tap_configuration_file_windows.html

p.s. The "C:\Program Files\IBM\Guardium Agent Monitor" is the default installation directory of Guardium Agent Monitor, which is installed along with Windows S-TAP. The resmon.ini is a config file for Guardium Agent Monitor and not for Windows S-TAP.

Thanks,
Satoshi

------------------------------
SATOSHI KAWASE
------------------------------

Original Message:
Sent: Tue October 13, 2020 08:03 AM
From: PHANENDRA RAO CHAVANA
Subject: Windows S-Tap without GIM

hi,

If we install S-Tap(.exe) file in windows server without GIM. how can we change the parameters for S-Tap? does it works blocking, redaction and monitoring as we install through collector after GIM installation? Please suggest.

------------------------------
PHANENDRA RAO CHAVANA
------------------------------