Guardium

Creating and populating Guardium groups
NEW

Guardium 10.1.4 includes a new group builder application that  provides powerful tools you can use to add users to a group  and review  which resources use a given group. In this course, you learn to how to build and populate Guardium groups.

Louis Fuka

Create a Guardium policy from file activity discovery and classification results
NEW

Guardium File Activity Monitoring provides tools to discover, classify, and build policies for files. In this lab, you use the Quick Search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This lab is useful for Guardium users and administrators who need to monitor access to files that contain sensitive information. The lab is based on Guardium version 10.1.5.



Guardium 10.6 query-report builder

IBM Guardium 10.6 has a new query and report builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, as well as an intuitive, step-by-step guide to create and configure the query and report. Additionally, the report is automatically generated from the query, rather than requiring an additional step. If the query is modified, the report is automatically regenerated when the query is saved.

In this set of exercises, you will create a query and report which show SQL commands. Then you will generate data to test the report and view the results.

Objectives

  • Create a query and report which shows SQL commands executed on a monitored database server
  • Test the query and report, viewing the results

Creating a Guardium policy that ignores trusted user session database activity
NEW

Guardium Data Security policies help flag suspicious database activity. When you configure policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units. In this  lab, you create a policy with rules to discard trusted activity and flag untrusted activity.

Guardium 10.6 improved policy builder

Starting with version 10.6, IBM Guardium has a new policy builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, and an intuitive, step-by-step guide to create and configure the policy.

Objectives

  • Describe the differences between the new and legacy user interfaces
  • Create a policy that logs any attempt by a group of privileged users to run an INSERT command on a sensitive database table
  • Generate data to test the policy
  • View the results

Introduction to the IBM Guardium User and Command Line Interfaces

In this course, you will become familiar with the IBM Guardium v10 user and command line interfaces.  You see how the Guardium user interface allows easy access to commonly used features and applications.  The Guardium CLI allows you to automate and script frequently used functions. You see how to search for commands and list applicable options.

In the hands-on lab, you will explore the interface and learn how to classify data in your database environment.

IBM Guardium session-level policy

IBM Guardium v10.6 introduces session-level policy. This feature allows you to create policies that use database session information to make key decisions about actions, and makes Guardium database monitoring more efficient.

In this lab, you create and test a session-level policy.

Using Guardium to quarantine database access
NEW

IBM Guardium provides powerful functions you can use to monitor and control database access. Guardium can terminate sessions performing suspicious database access commands and even quarantine suspicious users. In this lab, you explore the session termination and quarantine functionality.

Creating an IBM Guardium report with drill-down capabilities

IBM Guardium contains a powerful tool that links related reports. Users can click report entries and view a list of other reports that provide more granular information related to the entry.

In this lab, you create a drill-down report to extend the capabilities of existing reports. Then, you test your new report.


Deploying the Guardium S-TAP Agent

Guardium S-TAP is a lightweight software agent installed on database servers. S-TAP agents collect the data that are used by traffic reports, alerts, and visualizations. S-TAP agents also enact certain policy rules.

In this hands on exercise, you install the S-TAP agent using the Guardium Installation Manager (GIM) and the Guardium GUI.

Using IBM Guardium APIs to Speed Deployment and Automate Repetitive Tasks

Regular upkeep of your data security environment is required to keep the system aligned with the ever-changing IT environment, including new data servers, new uses of sensitive data, new users, and new applications. Organizations that use IBM Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner.

In this course, you learn how Guardium APIs can speed deployment and automate repetitive tasks such as creating a datasource, updating users, or modifying groups.


Clone a Guardium query and report
NEW

Guardium provides over 600 preconfigured reports. As well as being useful in themselves, these reports can serve as templates to create a report customized to your specific needs. This saves time and effort. In this course, you clone a Guardium query. Then, you customize the fields and conditions of this query and generate a report from the new query.

Lou Fuka


Guardium policy: Using the Continue to next rule functionality
NEW

Guardium policies often have multiple rules. By default, after a rule is triggered, processing stops. If you do not want to stop processing after the first rule triggers, you must configure your policy to continue to the next rule. In this lab, you configure and test a policy to examine the continuation functionality.

Louis Fuka

Create a Guardium query and report
NEW

Guardium gathers a large amount of data about your database environment. You use reports and queries to learn the details of your data security environment. In this virtual lab, you create a dashboard, simple query, and report that is used to examine user data you generate.

Franklin Almonte

Detect database login failures with Guardium
NEW

Guardium data security policies help flag suspicious database activity and events. In this virtual lab, you create a policy that will detect and alert on database login failures that occur multiple times over a short time period.

Franklin Almonte


Assessing Database Vulnerabilities using IBM Guardium

The Guardium Vulnerability Assessment application enables organizations to identify and address database vulnerabilities in a consistent and automated fashion. The assessment process in Guardium evaluates and recommends actions to improve the health of your database environment. In this lab, you learn how to configure and run a database vulnerability assessment.

Creating a IBM Guardium Policy to Log File Activity

Using IBM Guardium, you can create policies to monitor access to unstructured data, such as that found in files, as well as structured data, such as that found in databases. In this lab, you learn how to create and install policies to monitor files. Then you modify the FAM policy and add a rule that prevents a group of users from copying a file.

Using IBM Guardium to Create a File Activity Monitoring Dashboard and Report

File activity monitoring (FAM) includes two major components: the first component discovers and classifies files stored in the file system and the second component is the activity monitor. It extracts the security policy from the appliance and enforces it on file activity in real time.

In this lab, you view the settings necessary to perform file access monitoring, create a dashboard and add a file entitlement report, and then perform some file operations to view how the FAM functionality reacts to changes.

Click roadmap title to expand/collapse roadmap

Guardium Administrator

As a Guardium Administrator you will learn how to implement and manage data security solutions using IBM Guardium


Guardium Foundations

These courses introduce you to basic Guardium concepts

Deployment

These courses teach you how to deploy a central manager, aggregators, collectors, and S-TAP agents

Configuration

These courses teach you how to configure Guardium

Administration

These courses teach you how to administer and patch a Guardium environment

Troubleshooting

These courses teach you how to gather information on basic Guardium issues and work with support to remediate them

Commercial courses

Commercial courses cover a broad range of tasks that are described in the course summary of each course.

Click roadmap title to expand/collapse roadmap

Guardium User

As a Guardium User you will learn how to configure Guardium resources to discover, harden, monitor, and protect your database environment


Guardium Foundations

These courses introduce you to basic Guardium concepts

Configuration

These courses teach you how to configure Guardium

Vulnerability Assessment

These courses teach you how to discover vulnerabilities in your data environment

Commercial courses

Commercial courses cover a broad range of tasks that are described in the course summary of each course.

Click roadmap title to expand/collapse roadmap

Getting Started with Guardium

This roadmap outlines fundamental courses that are intended for someone new to IBM Guardium who will focus on deployment. These courses describe the architecture, explain deployment options, and help you to deploy. This roadmap also introduces the how to apply upgrades to Guardium, and work with certificates. It discusses the Guardium installation management (GIM) agent and discusses S-TAP deployment to database servers, as well as using Guardium to manage a database hosted in Amazon AWS or Microsoft Azure.


Planning

These courses prepare the student to plan a Guardium deployment.

Deployment

These courses teach the student to deploy a Guardium environment.