Deployment & Administration
This category includes courses that help to deploy and administer Guardium.
Deployment & Administration Courses:
This course contains an Open Mic replay describing using the query builder to troubleshoot Guardium issues effectively.
This Open Mic addresses the Guardium File Activity Monitor (FAM), and common issues users face during configuration.
Originally presented 25 May 2017
Correlation alerts in Guardium are query based, as opposed to real-time policy alerts. There are various considerations for configuration of correlation alerts. There are also some overhead cost to be considered. This Open Mic is a discussion of correlation alerts in IBM Security Guardium, including an example of setting up a Repeating Inactive S-Tap alert.
This course demonstrates the hands-on lab available in the course Detect database login failures with Guardium. The demonstration covers creating a policy that will detect and alert on database login failures that occur multiple times over a short time period,
This Open Mic presented by David Plummer of Guardium Tech Support provides an overview to Guardium load balancing, including:
- Prerequisites
- How it works
- grdapi commands
- Activity report
- Other related information and general overview
This Open Mic discusses how to troubleshoot situations where the S-TAP shows 'no traffic', including various steps you can take on your system to understand the reason for the issue or at least the scope of the issue, and what to do if all else fails.
Originally presented 18 July, 2017
Remote Syslog Shipping is a process to transport Guardium syslog to remote Security Information and Event Management (SIEM) systems. This Open Mic addresses how to configure remote syslog shipping in Guardium and basic troubleshooting of common issues.
In this video, Guardium expert Glenn Weidner demonstrates enhancements to Guardium 11.2 auto create inspection engines, including scheduler user interface, rules results report, report only mode, and alerts.
In this video, Vlad Langman, L3 Engineering Manager, discusses best practices for upgrading to Guardium 11.
In this course, targeted for Guardium administrators, you'll learn about Severity 1 problems when the Database or Database Server might be effected, and be provided key troubleshooting recommendations and information to gather if necessary.
The information in this Open Mic will help keep you out of trouble and possibly rescue you in the case of full appliance issues.
Agenda:
- Introduction
- Detection
- First Response
- Getting to Root Cause
- Questions & Answers
In the follow-up to the Open Mic, John spends time answering audience questions on that and other topics.
- Reboot the appliance
- Issues with fixes
- Vulnerabilities
- The Discovery engine
- High CPU
In this Open Mic, you learn about how Outlier Detection works. You also learn about the Learning and Analysis phases, how to configure Outlier Detection, and how to interpret the Outlier results.
Load balancing automatically allocates managed units to S-TAP agents
when new S-TAPs are installed and during fail-over when a managed unit
is unavailable. The load balancing application also dynamically
re-balances loaded or busy managed units by relocating S-TAP agents to
less-loaded managed units. These topics are discussed in this Open Mic.
New in IBM Guardium 10.6, alerts are sent when the system predicts that a
DB size or files on disk (/var) will reach 50% in the next 14 days.
Alerts detail the predicted size and the largest tables or files. Alerts
are also shown in the deployment health dashboard of the central
manager. In this course, you will see a quick overview of this feature
and then a deeper dive into the function and its architecture.
This Open Mic covered different aspects of IBM Guardium certificates,
including the prerequisite for installing certificates, how to create
request certificates, converting certificates in the format that
Guardium supports, and the hierarchy of certificates.
In this Open Mic video, Avi Walerius from Guardium Technical Support
discusses different aspects of appliance patches: differences between
patch types, advice on the health check patch, and best practices for
installing GPU patches.
In this video, you will learn some tips and tricks for keeping your Windows S-TAP up and running with fewer issues. You will investigate the following parameters and settings:
- USE_TLS=1
- DB2_EXIT_DRIVER_INSTALLED
- WFP_DRIVER_INSTALLED
- SOFTWARE_TAP_HOST or TAP_IP
- LOAD_BALANCER_IP
- GUARD_TAP.INI
- LHMON_DRIVER_INSTALLED
- TAP_MIN_TIME_BEFOREFAILOVER
- TAP_MIN_HEARTBEAT_INTERVAL
The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers. In this course, you will learn about GIM deployment and usage, and includes GIM reports, registration and authentication, and troubleshooting. This is Part 2 of a two-part series.
The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers. In this course, you will learn about GIM Agent installation planning, installation steps and validation, and installation troubleshooting. This is Part 1 of a two-part series.
During this Open Mic session, Carolina Leme from Guardium Level 2 support discusses user management and roles and responsibilities. The bookmarks in the video will take you to the following topics:
- Administrator responsibilities
- Root user
- GUI users
- CLI access
- Roles and permissions
This IBM Guardium Open Mic discusses the following topics:
- How to tell if KTAP will install directly on a kernel version? (i.e how to use ktaposmatch)
- Options to build KTAP for unlisted kernel versions (flex_loading, and custom ktap build), including examples of each case, with GIM and non-GIM installs.
This video provides an example of installing a Guardium GPU patch; highlighting good practices and tips for the install.
This Guardium Open Mic discusses the usage of ATAP and EXIT. ATAP allows
interception of encrypted traffic at the database server application
level, and EXIT functionality makes it possible to intercept any traffic
while eliminating the need for loading the KTAP module into the kernel.
In this Guardium Open Mic, the following topics are discussed: Shared Secrets, ID's and Passwords, Ports and Firewalls, Backups and Archives, Supportability Options
During this Tech Talk, Guardium experts discuss hints and tips for a successful upgrade to v10
This Open Mic discusses how to troubleshoot underlying problems causing you to receive Sniffer restart and High CPU correlation alerts.
This session from Virtual Master Skills University 2020 focuses on how Guardium Data Protection enables flexibility and choice by offering agent-based and agent-less approaches to monitoring database activities. The session highlights benefits, use cases and considerations for each approach so that organizations can make the right choice(s) for securing their data assets.
In This session from Virtual Master Skills University 2020, Prasad Bandaru covers architecture, as well as the product components, current architecture, deployment considerations, sizing, load balancing, agents , and automation.
In this session from Virtual Master Skills University, Yosef Rozenblit reviews lessons learned and talks about the data protection elements that every deployment must have configured.
GIM and S-TAP installation are common but complex tasks. In this session from Virtual Master Skills University, Avi Walerius covers GIM and S-TAP installation, how to investigate issues, leverage the S-TAP dashboard (from 11.2), and ensure installation is successful.
In this session from Virtual Master Skills University 2020, Vinay Vijayadharan shares advanced tips about what administrators need to watch out for and manage.
- Data-centric security approach
- Partnership with STEALTHbits
- Data Protection for Files, NAS, and SharePoint
- File Discovery, Entitlement, and Classification (FDEC)
- File Activity Monitoring (FAM)