Hi @mauricio:
I'm going to assume that the S-TAPs will report to the same collectors (otherwise there are other considerations that you can make), but you can create a group of Server IP's or Server Host Names and use those groups in your policy rules.
This scenario can get complicated and potentially difficult to maintain. So I recommend using wild cards in your groups if possible. For example, if your database hosts for your productive footprint have a naming convention of SQLSVRPROD01, SQLSVRPROD02, etc. you can use SQLSVRPROD% in your group. Likewise if you have network segments where they are assigned, you can use a similar concept for IPs. You'll then use the 'In Group' condition.
Note that explicates are not recommended, especially if you are monitoring a clustered environment, because Guardium will record the Server host name and Server IP that is used in the connection. For example, if SQLSVRPROD01(10.1.1.1) and SQLSVRPROD02(10.1.1.2) are a pair and your users connect to SQLSVRPROD_A(10.1.1.3) which takes them to the primary node, Guardium will record SQLSVRPROD_A(10.1.1.3) as the Server host name(IP).
Here's an example of what you would include in a policy rule using the wild card option, otherwise use equals '=':
------------------------------
Wendy
Converge Technology Solutions
Formerly Information Insights
------------------------------
Original Message:
Sent: Mon January 30, 2023 03:49 PM
From: Mauricio Kenta
Subject: Deploy Policy architecture
Hello all,
Please if someone enlighten me, I want to integrate productive and laboratory databases to Guardium, but i want to have two different active policies:
1. Policy for productive databases
2. Policy for laboratory databases
So, in each one, install a rule group and deploy the policy according to the database either productive or laboratory. Is it possible to do this?
------------------------------
Mauricio Kenta
------------------------------