IBM Security Guardium

------------------------------
Claude Birtz
DBA
CTIE
------------------------------

Hi Claude,

Try to check from here, Protect > Security Policies > Policy builder for Data > Analyze > view results > continuous Analysis 

Inside there click on time frame and change it to back date and check the old rules and action. but it won't give you details about the rule.

------------------------------
Regards,
Rizwan Ali
Senior Guardium Consultant
Pakistan
------------------------------

Original Message:
Sent: Thu June 27, 2024 11:08 AM
From: Claude Birtz
Subject: Where to find log or history of policy rules active at a certain point?

Hello,

we're using Guardium 11.5 with collectors pointing to S-Tap for Db2 z/OS. I want to know which policy and which rules were active at a certain points on the collectors. But there seems to be no report that gives the information about the rule criteria and rule action of the rules contained in a policy. In other words, the information you get when you he information you get in the GUI when you edit the rules of a profile. 

 

In Protect > Security Policies > Policy Builder for Data > Security Policies there is a possibility to download the policy definitions to a CSV file. The columns "Rule properties" and "Action" contain the information I'm looking for in a historic report. 

 

I have tried following reports policy changes where I can see rule names and modification but no details and right-clicking from there to Detailed Guardium User Activity and User Activity Audit Trail. 

I have tried following reports Policy changes where I can see rule description and right clicking from thre to repors Detailed Guardium User Activity and User Activity Audit Trail.

Best regards, 

Claude

------------------------------
Claude Birtz
DBA
CTIE
------------------------------

Hi Rizwan,

thanks for the answer. It's not really what I was looking for as there is no way to limit the time other than "Last x minutes / days". 

I added an API mapping to "Policy changes" between "Object Description" and "rule_info_from_policy", which gives me the information I want when Modified entity equals "GDM_INSTALLED_POLICY_HEADER". But again, no history.

Curious that this important information seems to be missing

Regards,

Claude

------------------------------
Claude Birtz
DBA
CTIE
------------------------------

Original Message:
Sent: Mon July 01, 2024 03:10 AM
From: Rizwan Joo
Subject: Where to find log or history of policy rules active at a certain point?

Hi Claude,

Try to check from here, Protect > Security Policies > Policy builder for Data > Analyze > view results > continuous Analysis 

Inside there click on time frame and change it to back date and check the old rules and action. but it won't give you details about the rule.

------------------------------
Regards,
Rizwan Ali
Senior Guardium Consultant
Pakistan

Original Message:
Sent: Thu June 27, 2024 11:08 AM
From: Claude Birtz
Subject: Where to find log or history of policy rules active at a certain point?

Hello,

we're using Guardium 11.5 with collectors pointing to S-Tap for Db2 z/OS. I want to know which policy and which rules were active at a certain points on the collectors. But there seems to be no report that gives the information about the rule criteria and rule action of the rules contained in a policy. In other words, the information you get when you he information you get in the GUI when you edit the rules of a profile. 

 

In Protect > Security Policies > Policy Builder for Data > Security Policies there is a possibility to download the policy definitions to a CSV file. The columns "Rule properties" and "Action" contain the information I'm looking for in a historic report. 

 

I have tried following reports policy changes where I can see rule names and modification but no details and right-clicking from there to Detailed Guardium User Activity and User Activity Audit Trail. 

I have tried following reports Policy changes where I can see rule description and right clicking from thre to repors Detailed Guardium User Activity and User Activity Audit Trail.

Best regards, 

Claude

------------------------------
Claude Birtz
DBA
CTIE
------------------------------