IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  IBM Guardium and Splunk

    Posted 8 days ago

    Hi,

    I want to integrate Guardium alert to be farwarded to Splunk.

    Can anyone guide how to complete all these activities.



    ------------------------------
    Asad Ullah
    ------------------------------


  • 2.  RE: IBM Guardium and Splunk

    Posted 7 days ago
    Hi there. 
    Try the Guardium Insights app, available on Splunkbase. This connects via API to pull risk events, database activity, and audit data into Splunk for real-time analysis and dashboards. The IBM Security Guardium Insights for Splunk app is available directly through Splunk's app search interface.

    For file-based integration, Guardium exports alerts or reports as CSV files scheduled hourly and sent via SCP to a Splunk-monitored folder, requiring updates to Splunk's props.conf for parsing. Syslog forwarding sends basic alert templates directly from Guardium appliances to Splunk receivers, though it limits data to predefined fields rather than full records. 

    Lastly, try to verify your compatibility between Guardium and Splunk versions prior to implementation, and test in a non-production environment for optimal results. Cheers! 



    Original Message


  • 3.  RE: IBM Guardium and Splunk

    Posted 4 days ago

    Hi, I assume you're inquiring about Guardium Data Protection and alerts from the Data Security Policy to Splunk. The GDP policy alerts are sent to the SYSLOG, so you enable SYSLOG forwarding on each of your Collector appliances by using the store remotelog add cli command.

    Below are links to two documentation pages for further assistance:

    https://www.ibm.com/docs/en/gdp/12.x?topic=pi-combining-real-time-alerts-correlation-analysis-siem-products

    https://www.ibm.com/docs/en/gdp/12.x?topic=commands-configuration-control-cli#concept_dgk_2cj_4lb__store_remotelog



    ------------------------------
    Wendy Zemba
    Sr. Consultant, Data Protection
    Converge Technology Solutions
    wendy.zemba@convergetp.com

    Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
    ------------------------------

    Original Message


Related Content