IBM Security Guardium

 View Only

  • 1.  Automatic Scheduled Reports for Guardium Health status

    Posted Tue May 10, 2022 02:29 AM
    Hi Everyone,

    Need urgent help.
    I need to automate the below process in single or separate reports.
    Daily Taking report manually by logging to each Collector, Aggregators.

    Need scheduled report on daily basis for below items with respect to the Guardium Server IP address:
    Is it possible to get it?

    • Disk Size,
    • S-TAP status (collectors),
    • GIM status (CM),
    • Sniffer status,
    • Archive status (Collectors),
    • Data Import (all Aggregators)
    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: Automatic Scheduled Reports for Guardium Health status

    Posted Wed May 11, 2022 03:34 AM
    In version 11.2:
    Step 1: Prepare reports working on collector
    Step 2: Functoriality Distributed Report Builder (based on report from Step 1). To execute report on whole env
    Step 3: Alert Builder for scheduled process and indicate reviewers
               Disk Size,-> Entity Sniffer Buffer Usage
    • S-TAP status (collectors), -> Entity: S-TAp Info
    • GIM status (CM), -> GIM Clients
    • Sniffer status, ?
    • Archive status (Collectors), Entity: Agg/Archive Log
    • Data Import (all Aggregators) Entity: Agg/Archive Log


    ------------------------------
    Miroslaw Heimrath
    ------------------------------

    Original Message


  • 3.  RE: Automatic Scheduled Reports for Guardium Health status

    Posted Wed May 11, 2022 10:37 AM
    Hi Panendar,

    The options I see and we use here at my corporation: 

    1. For the information/reports you need from the collectors, as Miroslaw shared, in most cases you can just create a Distributed Report from the CM.
    2. There are also alerts that if you setup it will come from the respective appliance it's alerting for (E.g., if there is any disk space consumption alerts, any of the regular jobs Data Archive, Data Import, ... that failed, etc).
    3. You also have the Dashboards (Health ones in particular) from the CM you can check the overall health of the environment to the managed units within the same architecture.
    4. You have the flexibility to create a Dashboard in Guardium and combine different reports/charts you wish to see into the same screen/dashboard.
    4.1 Another option but not desirable is to create your own dashboard (out of Guardium) where you combine the information/reports you wish to look as a HC on a daily basis. We've got this one created here but you may need someone that knows programming and it may require some maintenance.

    I hope that helps.

    Regards,
    -Felipe


    ------------------------------
    Felipe Boff
    ------------------------------

    Original Message


  • 4.  RE: Automatic Scheduled Reports for Guardium Health status

    Posted Wed May 11, 2022 10:43 AM
    There are quite a few views already built in at the Central Manager.
    Go to Manage > System View and look through the ones delivered. 
    S-TAP and GIM Dashboard was one of my favorites as well as the the Deployment Health Table.
    If you click on the top right sliders you can adjust the settings you are interested in (or not) as well as time traffic time period and exclusion list.

    ------------------------------
    Jennifer Dodson
    ------------------------------

    Original Message


  • 5.  RE: Automatic Scheduled Reports for Guardium Health status

    Posted Mon May 13, 2024 01:40 PM

    I'm trying to automate reports I'm getting from collector(s) because I haven't received traffic for a few days from some of the DB servers after performing nslookup on these servers so I can track it and report it to my team. I'm not sure what report will resolve my issue and I'm not sure how I can create filtered S-TAP Host daily reports for a particular collector and receive alerts about DB server activity. Attaching images below of where I'm stuck 

    How do I display daily reports for particular collectors or S-TAP hosts?


    ------------------------------
    Eric Xu
    ------------------------------

    Original Message


  • 6.  RE: Automatic Scheduled Reports for Guardium Health status

    Posted Mon May 13, 2024 02:45 PM

    Just speaking about automation, I think Guardium already has an automating/ML tool with Guardium Insights which I think you link up with Splunk to generate alerts. I'm wondering if there are other kinds of automation tools out there in Guardium for reporting/Monitoring. If anyone knows please share. 



    ------------------------------
    Eric Xu
    ------------------------------

    Original Message


  • 7.  RE: Automatic Scheduled Reports for Guardium Health status

    Posted Mon May 13, 2024 03:13 PM

    HI Eric:

    Do you tried using Alert Builder? There is an alert for this type. This alerts you can change they the frequency for view. I think that "Active S-TAPs Changed" could help with you search. This alert use the report with the same name (this report is system build in and cannot changed it). The alert send a message to anybody when it is trigger. 

    Regards,



    ------------------------------
    Carlos Espinoza Chandia
    ------------------------------

    Original Message


  • 8.  RE: Automatic Scheduled Reports for Guardium Health status

    Posted Thu May 16, 2024 11:19 AM

    Checking it out, thanks Carlos!



    ------------------------------
    Eric Xu
    ------------------------------

    Original Message