IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  Redact(Masking) Not Working on MS SQL Server

    Posted Sun September 17, 2023 09:45 AM

    Hello Seniors, Hope all is well.

    I am trying to Redact(Mask) a string/value using Guardium Extrusion Rules , for MS SQL Server. However, Values are getting masked in the Policy Violation Report(Log Only). But, on actual client tool which is "MICROSOFT SQL SERVER MANAGEMENT STUDIO" it is not getting masked. 

    Please note that, I have referred below two technotes and followed the guide . Even, I have tried to Attach Session by enabling Firewall. still , no luck. Can anyone guide me on this please. 

    REDACT - regex with '{' does not work on Windows DB Server

    Ibm remove preview
    REDACT - regex with '{' does not work on Windows DB Server
    Replace '{' with predefined SCRUB pattern names.
    View this on Ibm >

     IBM Security Guardium: the REDACT action does not work with regular expressions that include curly braces ("{" y "}") when applied to database servers on Microsoft Windows

    Ibm remove preview
    IBM Security Guardium: the REDACT action does not work with regular expressions that include curly braces ("{" y "}") when applied to database servers on Microsoft Windows
    As part of the data protection services offered by IBM Security Guardium™, it is possible to hide or mask all or part of the result set of a query, in order to protect sensitive information from unauthorized entities or users.
    View this on Ibm >



    ------------------------------
    Sincerely,
    Akash Parmar
    ------------------------------


  • 2.  RE: Redact(Masking) Not Working on MS SQL Server

    Posted Tue September 19, 2023 01:11 AM

    Hi Akash,

    If you've never seen expected result, I'd suggest to check the settings first. Did you check Inspect Returned Data and press Restart Inspection Engine from Guardium GUI, Manage > Activity Monitoring > Inspection Engines before using REDACT function?

    If you're seeing expected result without your own regex, c
    ould you please show us the regex that you're using and the data that you're expecting to be masked, and the data type (e.g. NVARCHAR(100))? This could be a sensitive information, then I'd suggest to open a support ticket, then we can review your data and configuration in our secure environment.

    Thanks,
    Satoshi



    ------------------------------
    SATOSHI KAWASE
    ------------------------------



  • 3.  RE: Redact(Masking) Not Working on MS SQL Server

    Posted Tue September 19, 2023 01:46 AM

    Hi Satoshi,

    Thank you for the response.  Below items are already done.

    Inspect Returned Data and press Restart Inspection Engine from Guardium GUI, - even restarted Sniffer from CLI.

    Regarding your second query - data type is = char(20) & the actual value is 000017-AED-0086-51

    I have used multiple regex but no luck. For example,

    0\d\d\d\d\d-([A-Z][A-Z][A-Z]|[a-z][a-z][a-z])-\d\d\d\d-\d\d

    ([0-9][0-9][0-9][0-9][0-9][0-9])[-]([A-Z][A-Z][A-Z])[-]([0-9][0-9][0-9][0-9])[-]([0-9][0-9])

    ([0-9][0-9][0-9][0-9])[0-9][0-9]



    ------------------------------
    Akash Parmar
    ------------------------------



  • 4.  RE: Redact(Masking) Not Working on MS SQL Server

    Posted Tue September 19, 2023 04:37 AM

    Hi Akash,

    I have created a table on MS SQL Server that has a char(20) column, and installed a policy that replaces the first 4 digits to asterisk (*) when 6 digits number is found. I mean, I used REDAT with regex "([0-9][0-9][0-9][0-9])[0-9][0-9]". Everything worked fine.

    What I ran is here:

    create table table0919 (col1 char(20), col2 char(10))
    insert into table0919 values ('qazwsxedcrqazwsxedcr', '1q1q1q1q1q')
    insert into table0919 values ('000017-AED-0086-51XX', 'abcabcabca')
    select * from table0919

    Here is the response:

    col1                 col2
    -------------------- ----------
    qazwsxedcrqazwsxedcr 1q1q1q1q1q
    ****17-AED-0086-51XX abcabcabca

    I do not know why it's not working in your environment. Could you please open a support ticket? Then support engineers will review your environment and should be able to find what's missing.

    Thanks,
    Satoshi



    ------------------------------
    SATOSHI KAWASE
    ------------------------------



  • 5.  RE: Redact(Masking) Not Working on MS SQL Server

    Posted Tue September 19, 2023 06:04 AM

    Hi Satoshi, Appreciate your support in this regard. I shall open a support ticket on this. thanks again!



    ------------------------------
    Akash Parmar
    ------------------------------



  • 6.  RE: Redact(Masking) Not Working on MS SQL Server

    Posted Wed October 04, 2023 10:12 AM

    Hi Satoshi,

    I am facing the same issue. Getting masked alerts. Data on my front-end application is masked but it is not being masked on SQL Management Studio. Any leads here?



    ------------------------------
    Shahryar Memon
    ------------------------------



  • 7.  RE: Redact(Masking) Not Working on MS SQL Server

    Posted Thu October 05, 2023 02:16 AM
    Edited by SATOSHI KAWASE Thu October 05, 2023 02:19 AM

    Hi Shahryar,

    Could you please try:

    1. Install REDACT policy (e.g. see my previous comment for details).
    2. Launch SQL Server Management Studio and connect to your SQL Server.
    3. Press "New Query".
    4. Write your simple SQL statement (e.g. "select * from table0919") in the query editor.
    5. Press "Execute"
    6. Check the result.

    Here is an example output in my environment.


    [NOTE] I used * as the replacement character in the policy last time, but today I used X instead. Sorry if this confused you.


    If you're not seeing masked data, we'd need to check your traffic using SLON, Win S-TAP debug log, or tcpdump, etc... These are sensitive information then you can't post these information in this public site. Kindly please open a support ticket, so support engineers can review your logs in a safe environment.

    Thanks,
    Satoshi



    ------------------------------
    SATOSHI KAWASE
    ------------------------------



  • 8.  RE: Redact(Masking) Not Working on MS SQL Server

    Posted Wed October 04, 2023 10:12 AM

    Hi Akash,

    I am also facing the same issue. Were you able to troubleshoot this?



    ------------------------------
    Shahryar Memon
    ------------------------------



  • 9.  RE: Redact(Masking) Not Working on MS SQL Server

    Posted Thu October 05, 2023 08:50 AM

    Hello Shahryar ,

    Actually, Initially, I was still facing the issue. But, then, I used Guardium Firewall Attach Rule to attach session on objects which I wanted to Redact And luckily It worked. However, you can also try restarting the sniffer and inspections engines and check if it's works for you... if the issue still persist , Please raise support case.



    ------------------------------
    Akash Parmar
    ------------------------------