Systems Integration Courses:
This is a recording of the 10 June 2020 Open Mic about IBM Security Information Queue (ISIQ) installation and configuration. It also tells about the integration of IBM Security Identity Manager (ISIM) and IBM Security Identity Governance and Intelligence (IGI) using ISIQ.
IBM Security Guardium is a data security and data privacy solution that helps ensure the integrity of data that is stored on servers. Guardium uses policies to monitor data servers and act when it detects suspicious database activity, such as:
- Failed logins
- Unauthorized access
- SQL Error codes such as SQL injection attacks
- Users trying to escalate their privileges
- Users trying to indirectly access sensitive data
The Guardium S-TAP agent monitors the data servers that host the sensitive data and report database activity to a Guardium Collector. The Guardium Collector applies policies to the database activity. When a policy rule is triggered, the Guardium Collector can use the system log to send an alert to IBM Security QRadar security information and event management (SIEM). QRadar receives the alert through a connector, which is called the Guardium device support module (DSM), and displays it in a console.
In this lab, you integrate Guardium and QRadar to display an event in the QRadar SIEM console when a suspicious user attempts to read or manipulate sensitive data.