The courses in this category address creating Guardium reports.
This video goes over how to identify common problems using the buffer usage report, how to resolve those problems and other tips for sniffer health.
Starting with version 10.6, Guardium has a new query and report builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, as well as an intuitive, step-by-step guide to create and configure the query. The report is automatically generated from the query. If the query is modified, the report is automatically regenerated when the query is saved.
In the lab exercises, you create a query and report that shows SQL commands. Then you generate data to test the report and view the results.
Guardium contains a powerful tool that links related reports. Users can click report entries and view a list of other reports that provide more granular information related to the entry. In this lab, you create a drill-down report to extend the capabilities of existing reports. Then, you test your new report.
This lab environment reflects Guardium 10.5.Franklin Almonte
In this Open Mic, you will learn about IBM Guardium distributed reports. This Central
Manager feature provides a way to automatically gather data from all or a
subset of the Guardium managed units that are associated with this
particular Central Manager. Distributed reports are designed to provide a
high-level view, to correlate data from across data sources, and to
summarize views of the data.
Guardium provides over 600 preconfigured reports. As well as being useful in themselves, these reports can serve as templates to create a report customized to your specific needs. This saves time and effort. In this course, you clone a Guardium query. Then, you customize the fields and conditions of this query and generate a report from the new query.
The lab environment reflects Guardium 10.5.
File activity monitoring (FAM) includes two major components. The first component discovers and classifies files stored in the file system, and the second component is the activity monitor. It extracts the security policy from the appliance and enforces it on file activity in real time.
In this lab, you view the settings necessary to perform file access monitoring, create a dashboard and add a file entitlement report, and then perform some file operations to view how the FAM functionality reacts to changes.
Franklin Almonte, Guardium 10.5
Guardium gathers a large amount of data about your database environment. You use reports and queries to learn the details of your data security environment. In this virtual lab, you create a dashboard, simple query, and report that is used to examine user data you generate.
The lab environment reflects Guardium 10.5.
Guardium technical support commonly analyzes the Buffer Usage Monitor
Report & Sniffer must_gather to determine problems occurring with in
the Guardium environment. This Open Mic explores those reports and
information commonly analyzed.
In this video, you will see how to use specific Guardium GUI reports to check the data being logged on a Guardium Appliance .
IBM Security Guardium provides deployment health tools to help you visualize and gather information about problems that affect the central manager, collectors, aggregators, S-TAP and GIM agents, and inspection engines.
Different tools provide different views into the health of your Guardium deployment. Some tools, such as the Deployment Health topology view, show the data flow relationships between various components. Others, such as the Deployment Health table, provide insight into issues that affect numerous components across your deployment. Others, such as the Deployment Health dashboard provides charts that summarize data and allow you to drill down to explore issues in greater detail.
In this lab, you explore various Guardium deployment health tools. You search for common issues, such as resource availability, a problem with K-TAP loading, changes in S-TAP agents and inspection engines, or with version control of GIM and S-TAP agents.
Guardium receives and processes a great amount of data that can be used to generate a report. However, sifting through this data to generate a report can be resource intensive.
Data marts extract data based on a report query, and store it in either a seperate table or a file. This helps reduce managed unit resources necessary to generate a report, preserves relevant data after an archive and purge, facilitates exporting data to other reporting tools, and helps with the creation of distributed reports.
Guardium 10.x includes functionality you can use to monitor file activity. In this course, you view the discovery and classification capabilities of the file activity monitoring (FAM) tools and learn how to set up a blocking rule to prevent someone from deleting files in a directory and logs the attempt. You also learn how to create and install policies to monitor files.
IBM Security Guardium Insights for IBM Cloud Pak for Security provides centralized views of your security data and risk-based alerts, so that you can view, investigate, apply data protection, and uncover hidden threats across your on-premises and cloud-based data sources.
In this course, delivered by Josh Klahn and Devan Shah, you learn more about this next generation approach to data security, including:
- Guardium Insights demonstration and deep-dive with data security experts
- Hands-on lab walk through
- Hands-on lab
- Live Q&A session
IBM Security Guardium Insights is a hybrid cloud data security hub that helps you improve visibility into user data activity and risk. Guardium Insights helps you protect data more efficiently, enhance information technology flexibility, and reduce operational costs as you embrace new business paradigms like moving data to the cloud. Guardium Insights helps reduce the cost and complexity related to collecting, managing, and retaining data security and compliance data. It provides new analytics to enhance threat investigations and it provides quick reporting functionality with custom or predefined reports. Risk scoring and alerting in Guardium Insights helps you prioritize your activities.
IBM Security Guardium Insights is a powerful tool that can help you secure your data. Simple to use, Guardium Insights allows you to set up connections to your data sources.
After your data sources are scanned, Guardium Insights provides this information to help you analyze data:
Data sources and users that are at risk. Anomalies that indicate events that are atypical.
Reports Activity that has been undertaken as a result of data analysis.
In this lab, you explore and familiarize yourself with the Guardium Insights GUI and a variety of features including:
- Risk-based analytics
Duration: 30 minutes
In this session from Virtual Master Skills University 2020, Bill Manty covers reporting in Guardium today: Custom queries, reports, domains and compliance workflow , distributed reports, data marts, and how to enhance with a modern approach.
Employees in organizations need access to various assets to perform
their job. Managing this access can be a challenge as requirements
change. For example, new applications are added or existing users need
additional access rights. This gets more complex when you collaborate
with outside organizations and you might not know who in the other
organization needs access to your organization's resources and vice
IBM Security Guardium can aid you with entitlement management. You can use Guardium Database Entitlement Reports to verify that users only have access to the appropriate data. Your IBM Security Guardium system includes predefined database entitlement reports for several database types. Database entitlement reports provide up-to-date snapshots of database users and access privileges.
In this lab, you learn how to prepare and run these reports to validate and ensure that users only have the privileges required to perform their duties.
In this video, you will see how to use Guardium reports to show how data is spread across tables and across time. This is important information to help prevent database full issues.
A walk through of integration between IBM Cloud Pak for Security "Cases" and Guardium Insights
- Map a ticket in Guardium Insights to the “Cases” application and assign to a user
- Allow SOC analyst to view and respond through the Cloud Pak for Security console