Guardium

Guardium 10.6 query-report builder
NEW

IBM Guardium 10.6 has a new query and report builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, as well as an intuitive, step-by-step guide to create and configure the query and report. Additionally, the report is automatically generated from the query, rather than requiring an additional step. If the query is modified, the report is automatically regenerated when the query is saved.

In this set of exercises, you will create a query and report which show SQL commands. Then you will generate data to test the report and view the results.

Objectives

  • Create a query and report which shows SQL commands executed on a monitored database server
  • Test the query and report, viewing the results

Guardium 10.6 improved policy builder
NEW

Starting with version 10.6, IBM Guardium has a new policy builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, and an intuitive, step-by-step guide to create and configure the policy.

Objectives

  • Describe the differences between the new and legacy user interfaces
  • Create a policy that logs any attempt by a group of privileged users to run an INSERT command on a sensitive database table
  • Generate data to test the policy
  • View the results

Introduction to the IBM Guardium User and Command Line Interfaces

In this course, you will become familiar with the IBM Guardium v10 user and command line interfaces.  You see how the Guardium user interface allows easy access to commonly used features and applications.  The Guardium CLI allows you to automate and script frequently used functions. You see how to search for commands and list applicable options.

In the hands-on lab, you will explore the interface and learn how to classify data in your database environment.

IBM Guardium session-level policy

IBM Guardium v10.6 introduces session-level policy. This feature allows you to create policies that use database session information to make key decisions about actions, and makes Guardium database monitoring more efficient.

In this lab, you create and test a session-level policy.

Using IBM Guardium to Quarantine Database Access

IBM Guardium provides powerful functions to monitor and control database access. IBM Guardium can terminate sessions performing suspicious database access commands, and even quarantine suspicious users.

In this lab, you will explore the session termination and quarantine functionality.

Creating an IBM Guardium report with drill-down capabilities

IBM Guardium contains a powerful tool that links related reports. Users can click report entries and view a list of other reports that provide more granular information related to the entry.

In this lab, you create a drill-down report to extend the capabilities of existing reports. Then, you test your new report.


Deploying the Guardium S-TAP Agent

Guardium S-TAP is a lightweight software agent installed on database servers. S-TAP agents collect the data that are used by traffic reports, alerts, and visualizations. S-TAP agents also enact certain policy rules.

In this hands on exercise, you install the S-TAP agent using the Guardium Installation Manager (GIM) and the Guardium GUI.

Using IBM Guardium APIs to Speed Deployment and Automate Repetitive Tasks

Regular upkeep of your data security environment is required to keep the system aligned with the ever-changing IT environment, including new data servers, new uses of sensitive data, new users, and new applications. Organizations that use IBM Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner.

In this course, you learn how Guardium APIs can speed deployment and automate repetitive tasks such as creating a datasource, updating users, or modifying groups.


Cloning an IBM Guardium Query and Report

IBM Guardium provides over 600 preconfigured reports. As well as being useful in themselves, these reports can serve as templates to create a report customized to your specific needs. This saves time and effort.

In this 30 minute course, you will clone a Guardium query. You will customize the fields and conditions of this query, then generate a report from this new query.

IBM Guardium Policy: The Continue to Next Rule Functionality

When you create Guardium policies with multiple rules, you might want to ensure that processing does not stop when one rule is triggered. 

In this hands-on lab, you investigate the Continue to Next Rule check box and how it affects policy processing.

The prerequisite for this course is basic knowledge of configuring IBM Guardium Policy.

Create a Guardium query and report
NEW

Guardium gathers a large amount of data about your database environment. You use reports and queries to learn the details of your data security environment. In this virtual lab, you create a dashboard, simple query, and report that is used to examine user data you generate.

Franklin Almonte

Detect database login failures with Guardium
NEW

Guardium data security policies help flag suspicious database activity and events. In this virtual lab, you create a policy that will detect and alert on database login failures that occur multiple times over a short time period.

Franklin Almonte


Creating and Populating an IBM Guardium Group

Guardium 10.1.4 provides a new group builder application which provides powerful tools for populating group members and allows you to see which resources use a given group.

In this exercise, you learn to how to build and populate the Guardium groups.

This hands-on lab is targeted for IBM Guardium users and administrators who need create and maintain groups. The lab will take approximately 30 minutes to complete.

Using IBM Guardium to Create a Policy from File Activity Discovery and Classification Results

IBM Guardium  provides tools to discover, classify, and build policies for files. 

In this lab, you will use the quick search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This hands-on lab is targeted to IBM Guardium users and administrators who need to create policies to control access to files which contain sensitive information.

Creating a Guardium Policy that Ignores Trusted User Session Database Activity

Guardium Data Security policies help flag suspicious database activity. By configuring policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units.

In this lab, you create a policy with rules to discard trusted activity and to flag untrusted activity.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.

Assessing Database Vulnerabilities using IBM Guardium

The Guardium Vulnerability Assessment application enables organizations to identify and address database vulnerabilities in a consistent and automated fashion. The assessment process in Guardium evaluates and recommends actions to improve the health of your database environment. In this lab, you learn how to configure and run a database vulnerability assessment.

Creating a IBM Guardium Policy to Log File Activity

Using IBM Guardium, you can create policies to monitor access to unstructured data, such as that found in files, as well as structured data, such as that found in databases. In this lab, you learn how to create and install policies to monitor files. Then you modify the FAM policy and add a rule that prevents a group of users from copying a file.

Using IBM Guardium to Create a File Activity Monitoring Dashboard and Report

File activity monitoring (FAM) includes two major components: the first component discovers and classifies files stored in the file system and the second component is the activity monitor. It extracts the security policy from the appliance and enforces it on file activity in real time.

In this lab, you view the settings necessary to perform file access monitoring, create a dashboard and add a file entitlement report, and then perform some file operations to view how the FAM functionality reacts to changes.

Click roadmap title to expand/collapse roadmap

Guardium Administrator

As a Guardium Administrator you will learn how to implement and manage data security solutions using IBM Guardium


Guardium Foundations

These courses introduce you to basic Guardium concepts

Deployment

These courses teach you how to deploy a central manager, aggregators, collectors, and S-TAP agents

Configuration

These courses teach you how to configure Guardium

Administration

These courses teach you how to administer and patch a Guardium environment

Troubleshooting

These courses teach you how to gather information on basic Guardium issues and work with support to remediate them

Commercial courses

Commercial courses cover a broad range of tasks that are described in the course summary of each course.

Click roadmap title to expand/collapse roadmap

Guardium User

As a Guardium User you will learn how to configure Guardium resources to discover, harden, monitor, and protect your database environment


Guardium Foundations

These courses introduce you to basic Guardium concepts

Configuration

These courses teach you how to configure Guardium

Vulnerability Assessment

These courses teach you how to discover vulnerabilities in your data environment

Commercial courses

Commercial courses cover a broad range of tasks that are described in the course summary of each course.