System Integrations

This category contains integration scenarios that use IBM Data Security products.

System Integrations Courses:

Integrating Guardium with Active Directory

Active Directory provides central authentication and other services to Microsoft Windows networks. Organizations that use Active Directory for centralized authentication usually require that all applications integrate with it, so users can be centrally managed across the enterprise.

Guardium integrates with Active Directory in two ways:

  • Populate a Guardium group with Active Directory users and integrate into your security policies
  • Authenticate Guardium users with Active Directory

In this course, you learn how to integrate Guardium with Active Directory.

Populating Guardium group members with Active Directory users

Active Directory provides central authentication and other services to Microsoft Windows networks. Guardium groups consolidate similar data and uses them in creating query, policy, and classification definitions. As a Guardium administrator, you can integrate both these functionalities to streamline the experience across products.

In this lab, you create a Guardium group and populate the members with Active Directory users.

Franklin Almonte

Integrating Guardium authentication with Active Directory

Active Directory provides central authentication and other services to Microsoft Windows networks. In order to maintain centralized authentication and access controls, organizations that use Active Directory often require applications to use this service. As a Guardium administrator, you can change the Guardium authentication to use Active Directory and import users directory from the Active Directory structure.

In this lab, you change the Guardium authentication to use Active Directory, import Active Directory users via Access Management, and validate that one of the users can log into the Guardium GUI.

Franklin Almonte

Integrating Guardium with ServiceNow

You can configure IBM Security Guardium to use an external ticketing system such as ServiceNow® to track incidents, problems, and tasks discovered by Guardium. The integration between these two products is useful because Guardium can create tickets manually or automatically within ServiceNow, which can aid in centralized and collaborative incident investigation. Your security team or Security Operations Center (SOC) staff can investigate the tickets that Guardium generates.

In order to take advantage of this integration, Guardium 11.1 or higher is required.
Franklin Almonte

Protecting sensitive data from privileged users

This self-paced learning content represents an integration scenario that uses IBM Privileged Identify Manager (PIM), IBM Guardium, IBM Network Protection (XGS), IBM QRadar, and IBM Directory Integrator (IDI). The course includes three videos that depict a database administrator interacting with the system. Watch the videos in the following order:

1)     Testing Initial PIM and Guardium Setup – This video shows the basic functionality of PIM and Guardium without implementing integration between them.

2)     Testing PIM and Guardium Integration – This video shows the benefits of integrating PIM and Guardium. There is no direct integration path between the two products. QRadar and IDI are used to bridge integration gaps between PIM and Guardium.

3)     Testing a Complete Integration Solution– This video shows a fully integrated security solution. It includes the XGS appliance that terminates any existing connection from the database administrator workstation to the database server.

This course also includes an Integration Guide that documents the configuration steps necessary to integrate the products. It also includes the file that contains the custom files, including developed IDI assembly lines, necessary to successfully implement this integration scenario.

Guardium and Resilient integration: Email Connector


In this video, you will see how to set up IBM Guardium email alerts in an IBM Resilient incident response workflow using the Resilient Email Connector.

IBM Guardium and IBM QRadar SIEM Closed Loop integration

This lab demonstrates bidirectional integration of IBM® QRadar® SIEM and IBM® Guardium®.  QRadar SIEM collects the logs from various devices in enterprise networks.  The logs are received through connectors called Device Support Module (DSM).  QRadar has a DSM for Guardium. That DSM enables QRadar to receive and process logs from Guardium.

Alternatively, Guardium has an API that provides an option for QRadar to react to certain events detected by QRadar, and send Guardium those commands to adjust the database policy to properly react to the event.  For example, if QRadar detects that the source IP from an internal network is communicating with an IP address classified as the Botnet Server, it can send a command to Guardium to block any access to the database from the same IP address.  The call from QRadar to Guardium can be done using the Custom Actions feature of QRadar or using IBM Security Directory Integrator® (IDI) that acts as the proxy; transforming various events from QRadar into Guardium API calls.

This IDI solution uses custom developed code that IBM provides as-is without any support and maintenance commitments. You can download the code from the Security Learning Academy in the Additional Resources section of this course.

Integrating IBM Guardium and IBM Identity Governance and Intelligence to support the GDPR initiative on structured data

This learning module demonstrates the integration of IBM Guardium and IBM IGI products to support the GDPR compliance initiative on structure data. The solution provides a custom developed AssemblyLine that runs in IBM Directory Integrator (IDI), and an IBM Identity Governance and Intelligence (IGI) Custom Adapter that requires IBM Directory Server and IDI to run.

The integration goal is to identify GDPR sensitive data using a provided sample database using IBM Guardium. Guardium then exports a report that contains users who have access to tables with GDPR relevant data. Then, the IGI Custom Adapter imports these reports into IGI for further compliance and access management.

The course provides a lab environment where the integration can be tested and demonstrated.

Also, if you do not have time to run the lab, you can review the videos that demonstrate all steps in the lab.

The additional learning section provides a custom AssemblyLine and a custom IGI adapter as-is with no IBM support. You can provide feedback to the Security Learning Academy if you have any issues with the code.

Guardium integration with Cloudera Distribution of Hadoop (CDH)

In this video, Leila Johannesen demonstrates a Guardium integration with Cloudera Distribution of Hadoop (CDH).