Policy Management

The courses in this category help to create, install, and tune Guardium policies. It also includes policy strategy recommended policy design practices, and advanced policy techniques.

Policy Management Courses:

Guardium 10.6 improved policy builder

Starting with version 10.6, Guardium has a new policy builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, and an intuitive, step-by-step guide to create and configure the policy.

Franklin Almonte

Configuring your Guardium Policies to prevent appliance problems

An overview of Guardium policies from a problem prevention viewpoint.

Create, install, and update a Guardium policy

A policy is a key component of your data security strategy. To keep your data secure, you must implement rules that monitor, log, and control data.  In this course, you learn how to create, install, and modify IBM Security Guardium policies and policy rules that control data access.

This video is based on Guardium 11.2.


  • Create, install, and test a Guardium policy
  • Modify a Guardium policy and policy rule
  • Add rules to a Guardium policy
  • Test a reinstalled Guardium policy

Policy Rules tagging

With this feature, new compliance regulations may be supported by adding tags to existing out-of-the box Policy rules, where possible. This enables Guardium to support new regulations more quickly.  

Guardium 11 policy analyzer

Guardium 11 introduces Policy Analyzer, which provides rule counts for installed Data Access Management (DAM) policy rules.

Create a Guardium policy from file activity discovery and classification results

Guardium File Activity Monitoring provides tools to discover, classify, and build policies for files. In this lab, you use the Quick Search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This lab is useful for Guardium users and administrators who need to monitor access to files that contain sensitive information. The lab is based on Guardium version 10.5.

Guardium policy strategy and techniques

Polices are a core component of the Guardium Solution. Policies are sets of rules and actions applied in real time to the database traffic observed by a Guardium system. Policies define which traffic is ignored or logged, which activities require more granular logging, and which activities should trigger an alert or block access to the database.  Therefore, it is critical to develop strategies and techniques associated with polices to maintain a healthy Guardium ecosystem while meeting business requirements. This course consolidates every Guardium policy course on the Security Learning Academy, which provides you with practical knowledge and hands-on experiences to help you develop effective and efficient Guardium polices in your environment. 

In this course, you learn about creating, installing, and tuning Guardium polices through various related videos and labs. In addition, you learn about policy strategy, recommended practices when designing your polices, and advanced policy techniques.

Creating a Guardium policy that ignores trusted user session database activity

Guardium Data Security policies help flag suspicious database activity. When you configure policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units. In this  lab, you create a policy with rules to discard trusted activity and flag untrusted activity.

The lab environment reflects Guardium 10.5.

Getting started with Guardium policy actions

Policy actions are key components of Guardium polices and are critical to policy strategy and tuning. This interactive video introduces you to common blocking actions, alerting actions, and logging actions. It also includes general tips about using policy rule actions.

Franklin Almonte

Guardium policy stacking

Organizations have many goals for monitoring data servers. These goals require many rules, some of which  apply to a broad set of data servers, and some of which might apply to only one or a few data servers.

In this video, you learn how to organize these rules into a series of policies to optimize maintainability.

Guardium session-level policy

Starting with version 10.6, IBM Guardium features special policies that work at the session level. These policies are installed and processed before standard data-security policies, and respond to information that is available at the beginning of a database session. This feature allows quicker processing and response. In this lab, you create and test a session-level policy. 

Franklin Almonte

Using the Flat Log Policy

Peak database traffic periods can overload monitoring solutions. The Guardium flat log policy provides a way to defer analysis and logging of traffic to off-peak periods. In this video series, you learn about the flat log policy and how it can help you avoid resource overload.

Guardium Access, Exception, and Extrusion Policy Rules

IBM Guardium policy rules fall into three categories:

  • Access rules
  • Extrusion rules
  • Exception rules

In this video series, you  learn about the three types of rules , what criteria and actions are associated with each type, and some of the uses for each type of rule.

Using Guardium to quarantine database access

IBM Guardium provides powerful functions you can use to monitor and control database access. Guardium can terminate sessions performing suspicious database access commands and even quarantine suspicious users. In this lab, you explore the session termination and quarantine functionality.

The lab environment reflects Guardium 10.5.

Create Guardium policy to log file activity

Using IBM Guardium, you can create policies to monitor access to unstructured data, such as that found in files, as well as structured data, such as that found in databases. In this lab, you learn how to create and install policies to monitor files. Then you modify the FAM policy and add a rule that prevents a group of users from copying a file.

Guardium policy: Using the Continue to next rule functionality

Guardium policies often have multiple rules. By default, after a rule is triggered, processing stops. If you do not want to stop processing after the first rule triggers, you must configure your policy to continue to the next rule. In this lab, you configure and test a policy to examine the continuation functionality.

The lab environment reflects Guardium 10.5.

Louis Fuka

IBM Guardium S-GATE Policy

With Guardium, you can set up rules that automatically terminate database sessions when Guardium detects improper data access, limiting the damage from hostile attacks on your database.

In this videos, you learn how to configure the S-TAP agent and create policy rules to take advantage of S-GATE functionality.

Guardium Selective and Non-Selective Audit Policy

Guardium policies are powerful resources to monitor your data environment. However, due to the large amount of data activity in a database production environment, you must configure your policy carefully to filter out innocent traffic.

In this course, you learn the differences between selective and non-selective audit policies.

Detect database login failures with Guardium

Guardium data security policies help flag suspicious database activity and events. In this virtual lab, you create a policy that will detect and alert on database login failures that occur multiple times over a short time period.

Franklin Almonte

File Activity Monitoring using Guardium

Guardium 10.x includes functionality you can use to monitor file activity. In this course, you view the discovery and classification capabilities of the file activity monitoring (FAM) tools and learn how to set up a blocking rule to prevent someone from deleting files in a directory and logs the attempt. You also learn how to create and install policies to monitor files.

IBM Guardium Policy Management

In this session from Virtual Master Skills University 2020, Yosef Rozenblit shares how to best use and manage policies and groups and discusses the overall impact on logging and performance. 

Getting started with Guardium alerts

It is easy to use the predefined alerts in Guardium. In this course, you to learn about the different Guardium alert types and how to use them to monitor your Guardium ecosystem.

How to check the Guardium policy for actions that fill the database

In this video, you see how to check the Guardium policy for actions that can fill the database.  This is an important step in preventing database full issues.