List of Contributions

Wendy Zemba

Contact Details

My Content

1 to 19 of 19 total
Posted By Wendy Zemba Jul 7, 2020 10:17 AM
Found In Egroup: IBM Security Guardium
\ view thread
@farah zabe Multi-threading is a completely different thing. If that's what you are trying to do then we can have a different conversation. To use Enterprise Load Balancing it should be PARTICIPATE_IN_LOAD_BALANCING=0. Here's a link to the knowledge center pages on configuring Windows for ELB. There ...
Posted By Wendy Zemba Jun 25, 2020 7:31 AM
Found In Egroup: IBM Security Guardium
\ view thread
Hi @Ron Shleif : We aren't using ​ " Compare to values in group", but I'm curious if you've tried using wild cards (%banana for example)? ------------------------------ Wendy ------------------------------
Posted By Wendy Zemba Jun 25, 2020 7:29 AM
Found In Egroup: IBM Security Guardium
\ view thread
Hi @farah zabe : We schedule ' IP-to-Host Aliasing' to run on every unit. It is a configuration that's available to push down from the CM thorough 'Distribute Configuration Profiles'. 'IP-to-Host Aliasing' is also dependent on your DNS repository, so if the server doesn't have a DNS entry at the time ...
Posted By Wendy Zemba Jun 23, 2020 12:04 PM
Found In Egroup: IBM Security Guardium
\ view thread
Hi @farah zabe : The correct value for ​ STAP_PARTICIPATE_IN_LOAD_BALANCING is 0 for ELB. We've had no issues with this feature on Windows machines. Did you try setting STAP_PARTICIPATE_IN_LOAD_BALANCING to 0 ? ------------------------------ Wendy ------------------------------
Posted By Wendy Zemba Jun 18, 2020 1:32 PM
Found In Egroup: IBM Security Guardium
\ view thread
@farah zabe In 10.6, we had situations where ELB would set the SQLGARD_IP as the CM instead. I'll have to research for the bug number. Do you have ​​access to the guard_tap.ini file on the source system to validate? Another thing you should ensure that the value in the STAP_TAP_IP parameter is the ...
Posted By Wendy Zemba Jun 17, 2020 1:42 PM
Found In Egroup: IBM Security Guardium
\ view thread
Hi @farah zabe : Correction, sorry. STAP_PARTICIPATE_IN_LOAD_BALANCING needs to be set to 0 to use ELB. ------------------------------ Wendy ------------------------------
Posted By Wendy Zemba Jun 17, 2020 1:37 PM
Found In Egroup: IBM Security Guardium
\ view thread
Hi @farah zabe : STAP_PARTICIPATE_IN_LOAD_BALANCING needs to be set to 1 to use ELB. STAP_LOAD_BALANCER_NUM_MUS you'll want to use 1 or 2. 1 means that the CM will designate a primary collector, 2 means the CM will designate a primary and a secondary, but don't use it unless you are running v10.6 or ...
Posted By Wendy Zemba May 18, 2020 8:04 AM
Found In Egroup: IBM Security Guardium
\ view thread
Hi Brian: You can get creative with this on the QRadar side. They can create a custom parameter and parse it out of the SQLString using regular expressions. It does get quite complex as multiple ObjectNames can be contained within one SQLString and you have to be comfortable accepting some level of ...
Posted By Wendy Zemba May 18, 2020 7:56 AM
Found In Egroup: IBM Security Guardium
\ view thread
Hi Francis: I suggest you have your data security and IAM SME's review the IBM provided scripts to determine what permissions are granted. Many of ours were not comfortable executing the scripts or they did not work as part of a repeatable process, so it took us some trial and error with each db platform ...
Posted By Wendy Zemba Mar 5, 2020 8:32 AM
Found In Egroup: IBM Security Guardium
\ view thread
When you enable Enterprise Load Balancing by setting STAP_PARTICIPATE_IN_LOAD_BALANCING = 0 You no longer set the STAP_SQLGUARD_IP. Instead you set STAP_LOAD_BALANCER_IP to your CM. The CM will determine what is populated in the STAP_SQLGUARD_IP parameter when it designates the primary collector. ...
Posted By Wendy Zemba Mar 5, 2020 7:40 AM
Found In Egroup: IBM Security Guardium
\ view thread
Hi Mohamed, The behavior depends on what you have set for STAP_LOAD_BALANCER_NUM_MUS. Also, the version of the S-TAP you are running. My experience running v10.5 appliance and STAPs: STAP_LOAD_BALANCER_NUM_MUS = 1 CM will assign one collector as the primary. If the collector goes down the CM will assign ...
Posted By Wendy Zemba Feb 11, 2020 7:26 AM
Found In Egroup: IBM Security Guardium
\ view thread
Would like this ability as well. Does anyone know if it is scheduled for a future release? If there's an RFE for this I would vote for it! ------------------------------ Wendy Zemba ------------------------------
Posted By Wendy Zemba Feb 3, 2020 1:55 PM
Found In Egroup: IBM Security Guardium
\ view thread
Hi Brian: What Domain Entity are you getting your timestamp from? It's possible that you are using the "Access - Client/Server" Timestamp and should be using the "Access - Session" Timestamp. Domain* - Entity Attribute(s) Meaning Access - Client/Server Timestamp The time on ...
Posted By Wendy Zemba Jan 23, 2020 7:45 AM
Found In Egroup: IBM Security Guardium
\ view thread
Hi Herman: p9998 was a one time only requirement for v11.001. There is a SqlGuard-11.0p9997.tgz.enc.sig (Health Check for GPU installation (Aug 6 2019)) that you will use once you get to v11.001. ​ ------------------------------ Wendy Zemba ------------------------------
Posted By Wendy Zemba Nov 1, 2019 9:53 AM
Found In Egroup: IBM Security Guardium
\ view thread
Hi Ali: You have to create a query that matches the logic in the policy rule. It looks like you are most interested in reporting on Exceptions. There are several Exceptions reports provided by IBM that you can clone and use for your purposes. But I can try to explain, you want to create the query ...
Posted By Wendy Zemba Nov 1, 2019 9:52 AM
Found In Library: IBM Security Guardium
Posted By Wendy Zemba Oct 29, 2019 2:14 PM
Found In Egroup: IBM Security Guardium
\ view thread
Here is an example of what I use: SETUP.EXE -UNATTENDED -APPLIANCE=<GIM_SERVER> -INSTALLPATH=<INSTALLDIR> -LOCALIP=<COMPUTERNAME> ------------------------------ Wendy Zemba ------------------------------
Posted By Wendy Zemba Jul 19, 2019 12:32 PM
Found In Egroup: IBM Security Guardium
\ view thread
Here's an example of a pull from Multiple Groups exclude disabled: (|(&(memberOf=CN=GROUP_NAME,OU=DirecotryL1,OU=DirecotryL2,OU=DirecotryL3,DC=DOMAIN,DC=net)(!(userAccountControl=514)))(&(memberOf=CN=GROUP_NAME2,OU=DirecotryL1,OU=DirecotryL2,OU=DirecotryL3,DC=DOMAIN,DC=net)(!(userAccountControl=514)))) ...
Posted By Wendy Zemba Jul 10, 2019 12:09 PM
Found In Egroup: IBM Security Guardium
\ view thread
We see that rule fire on 'Select * from Dual' as well. There is no data returned when Dual is called. It's been on my list to look into but shouldn't fire this rule either. ------------------------------ Wendy Zemba ------------------------------