System Integrations

This category contains integration scenarios that use IBM Data Security products.

System Integrations Courses:

Guardium Universal Connectors

Are you looking for a quick and simple way to add support for new data sources?  The Guardium Universal Connector creates an easy to use, robust mechanism to add new data sources to Guardium. The Universal Connector supports filtering and parsing capabilities, on-premise and cloud platforms, and many data source types. 

This session, led by IBM experts, includes the following topics:

  • Universal Connector flow and architecture
  • A demonstration 
  • Configuring Universal Connectors
  • Installing plugins
  • GIM Bundles
  • Universal Connector APIs
  • Implementation considerations
  • Diagnostic procedures

Universal Connectors are supported by Guardium 11.3 and higher.

Guardium and Resilient integration: Email Connector

In this video, you will see how to set up IBM Guardium email alerts in an IBM Resilient incident response workflow using the Resilient Email Connector.

Configuring Guardium Universal Connectors

In this video, Nataliya Geimakher demonstrates how to enable and configure Universal Connectors and run queries that pull data from a variety of sources into Guardium. You also learn how to view data from Universal Connectors in Guardium's QuickSearch and reports. 

Universal Connectors are supported by Guardium 11.3 and higher.

Configuring the Guardium Universal Connector for MongoDB

New in IBM Security Guardium 11.3, the universal connector allows you to configure a connection from native database activity logs to the Guardium collector. This allows Guardium to monitor data sources such as cloud database implementations that are not suited to running an S-TAP agent.  The Guardium Universal Connector includes support for MongoDB®, MySQL, and Amazon S3, requiring minimal configuration. Users can easily develop plug-ins for other data sources.

In this course, you learn to use the Guardium Universal Connector functionality to monitor activity from a MongoDB data source. 

Sending Guardium events to IBM QRadar

IBM Security Guardium is a data security and data privacy solution that helps ensure the integrity of data that is stored on servers. Guardium uses policies to monitor data servers and act when it detects suspicious database activity, such as:

  • Failed logins
  • Unauthorized access
  • SQL Error codes such as SQL injection attacks
  • Users trying to escalate their privileges
  • Users trying to indirectly access sensitive data

The Guardium S-TAP agent monitors the data servers that host the sensitive data and report database activity to a Guardium Collector. The Guardium Collector applies policies to the database activity. When a policy rule is triggered, the Guardium Collector can use the system log to send an alert to IBM Security QRadar security information and event management (SIEM). QRadar receives the alert through a connector, which is called the Guardium device support module (DSM), and displays it in a console. 

In this lab, you integrate Guardium and QRadar to display an event in the QRadar SIEM console when a suspicious user attempts to read or manipulate sensitive data.