Its better to increase hardware requirements & make log full details & alert per match.
Thanks for your reply.
Original Message:
Sent: Mon July 01, 2024 06:49 AM
From: Rizwan Joo
Subject: ALERT PER MATCH & LOG FULL DETAILS
Hi Santosh,
It looks a concern. you may not get complete values in query.
------------------------------
Regards,
Rizwan Ali
Senior Guardium Consultant
Pakistan
Original Message:
Sent: Mon July 01, 2024 06:12 AM
From: Santhosh M
Subject: ALERT PER MATCH & LOG FULL DETAILS
Hi Rizwan,
Check below doc:
https://www.ibm.com/docs/en/guardium/11.5?topic=actions-alerting-rule
What does attention says ?
Attention: The %%RecordsAffected
variable does not return values when used in a message template for alert only rule actions that specify the syslog notification type.
Is it anything like issue ?
------------------------------
Santhosh M
Original Message:
Sent: Mon July 01, 2024 06:02 AM
From: Rizwan Joo
Subject: ALERT PER MATCH & LOG FULL DETAILS
Hi Santosh,
It will be same as Alert per match except it won't log anything to collector.
check this: https://www.ibm.com/support/pages/ibm-security-guardium-logging-policy-actions-alert-only-and-alert-match
------------------------------
Regards,
Rizwan Ali
Senior Guardium Consultant
Pakistan
Original Message:
Sent: Mon July 01, 2024 05:52 AM
From: Santhosh M
Subject: ALERT PER MATCH & LOG FULL DETAILS
Hi Rizwan,
Will it notify each & every Activities like alert per match to SIEM?
Will SIEM admin can see detailed information like source & destination ip sql string, time of events?
------------------------------
Santhosh M
Original Message:
Sent: Mon July 01, 2024 03:35 AM
From: Rizwan Joo
Subject: ALERT PER MATCH & LOG FULL DETAILS
Hello,
If you need detailed logs in Guardium itself as well. go for log full details and alert only for SIEM. Alert only will not log anything in Guardium
------------------------------
Regards,
Rizwan Ali
Senior Guardium Consultant
Pakistan
Original Message:
Sent: Mon July 01, 2024 02:56 AM
From: Santhosh M
Subject: ALERT PER MATCH & LOG FULL DETAILS
Hi Rizwan,
If I use alert per match I can't see comprehensive data for the query right.
TAC also suggested for alert per match & log full details for my requirement.
Can you tell me why you are suggesting alert per match?
------------------------------
Santhosh M
Original Message:
Sent: Mon July 01, 2024 02:47 AM
From: Rizwan Joo
Subject: ALERT PER MATCH & LOG FULL DETAILS
Hi Santosh,
Use Alert per match.
------------------------------
Regards,
Rizwan Ali
Senior Guardium Consultant
Pakistan
Original Message:
Sent: Fri June 28, 2024 09:05 AM
From: Santhosh M
Subject: ALERT PER MATCH & LOG FULL DETAILS
Hi All,
I have rule for dml activities which is having alert per session & log only action.
As per documentation alert per match will send each & every triggered to SIEM also it logs data to policy violation table. We can see full sql string with values in the report as well.
Log full details logs the full sql string with values in guardium.
But if I give alert per match & log full details it will become duplicate in tables. So database size will get increase due to duplicate.
Can you let me know what action I can go ahead? Each and every trigger should go to SIEM & meantime if someone from Application team ask who performed some activity at this time i should have every details.
Shall I go ahead for alert per match alone will it work for my requirement? Please suggest.
------------------------------
Santhosh M
------------------------------