@Ahmad Hassan Tariq,
With your Guardium Data Protection Policy Builder there is a "Basic Data Security Policy [template]" that has example policy rules you can leverage for DDoS and SQL Injections. A more comprehensive list of the threat descriptions built in the product can be found here: https://www.ibm.com/docs/en/gdp/11.5?topic=analytics-threat-descriptions. Some, will be detected by policy rules, others leverage behavioral analytics.
------------------------------
Wendy Zemba
Sr. Consultant, Data Protection
Converge Technology Solutions
wendy.zemba@convergetp.comNeed help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
------------------------------
Original Message:
Sent: Fri October 11, 2024 02:05 AM
From: Ahmad Hassan Tariq
Subject: DDOS & SQl Injection Policies
Does IBM Guardium have any built-in policies for detecting DDoS attacks and SQL Injection attacks that can be used in an environment
e.g. Trigger an alert for a potential denial-of-service (DoS) attack based on multiple failed login attempts within a minute. Additionally, a high number of client IPs in a single session could indicate a possible DDoS attack
------------------------------
Ahmad Hassan Tariq
------------------------------