System Integrations Courses:
Active Directory provides central authentication and other services to Microsoft Windows networks. Organizations that use Active Directory for centralized authentication usually require that all applications integrate with it, so users can be centrally managed across the enterprise.
Guardium integrates with Active Directory in two ways:
a Guardium group with Active Directory users and integrate into your security policies
Guardium users with Active Directory
In this course, you learn how to integrate Guardium with Active Directory.
Active Directory provides central
authentication and other services to Microsoft Windows networks.
Guardium groups consolidate similar data and uses them in creating
query, policy, and classification definitions. As a Guardium
administrator, you can integrate both these functionalities to
streamline the experience across products.
Active Directory provides central authentication and other services to Microsoft Windows networks. In order to maintain centralized authentication and access controls, organizations that use Active Directory often require applications to use this service. As a Guardium administrator, you can change the Guardium authentication to use Active Directory and import users directory from the Active Directory structure.
In this lab, you change the Guardium authentication to use Active Directory, import Active Directory users via Access Management, and validate that one of the users can log into the Guardium GUI.
This lab demonstrates bidirectional integration of IBM® QRadar® SIEM and IBM® Guardium®. QRadar SIEM collects the logs from various devices in enterprise networks. The logs are received through connectors called Device Support Module (DSM). QRadar has a DSM for Guardium. That DSM enables QRadar to receive and process logs from Guardium.
Alternatively, Guardium has an API that provides an option for QRadar to react to certain events detected by QRadar, and send Guardium those commands to adjust the database policy to properly react to the event. For example, if QRadar detects that the source IP from an internal network is communicating with an IP address classified as the Botnet Server, it can send a command to Guardium to block any access to the database from the same IP address. The call from QRadar to Guardium can be done using the Custom Actions feature of QRadar or using IBM Security Directory Integrator® (IDI) that acts as the proxy; transforming various events from QRadar into Guardium API calls.
This IDI solution uses custom
developed code that IBM provides as-is without any support and
maintenance commitments. You can download the code from the Security
Learning Academy in the Additional Resources section of this course.
This learning module demonstrates the integration of IBM Guardium and IBM IGI products to support the GDPR compliance initiative on structure data. The solution provides a custom developed AssemblyLine that runs in IBM Directory Integrator (IDI), and an IBM Identity Governance and Intelligence (IGI) Custom Adapter that requires IBM Directory Server and IDI to run.
The integration goal is to identify GDPR sensitive data using a provided sample database using IBM Guardium. Guardium then exports a report that contains users who have access to tables with GDPR relevant data. Then, the IGI Custom Adapter imports these reports into IGI for further compliance and access management.
The course provides a lab environment where the integration can be tested and demonstrated.
Also, if you do not have time to run the lab, you can review the videos that demonstrate all steps in the lab.The additional learning section provides a custom AssemblyLine and a custom IGI adapter as-is with no IBM support. You can provide feedback to the Security Learning Academy if you have any issues with the code.
New in IBM Security Guardium 11.3, the universal connector allows you to configure a connection from native database activity logs to the Guardium collector. This allows Guardium to monitor data sources such as cloud database implementations that are not suited to running an S-TAP agent. The Guardium Universal Connector includes support for MongoDB®, MySQL, and Amazon S3, requiring minimal configuration. Users can easily develop plug-ins for other data sources.
In this course, you learn to use the Guardium Universal Connector functionality to monitor activity from a MongoDB data source.
IBM Security Guardium is a data security and data privacy solution that helps ensure the integrity of data that is stored on servers. Guardium uses policies to monitor data servers and act when it detects suspicious database activity, such as:
- Failed logins
- Unauthorized access
- SQL Error codes such as SQL injection attacks
- Users trying to escalate their privileges
- Users trying to indirectly access sensitive data
The Guardium S-TAP agent monitors the data servers that host the sensitive data and report database activity to a Guardium Collector. The Guardium Collector applies policies to the database activity. When a policy rule is triggered, the Guardium Collector can use the system log to send an alert to IBM Security QRadar security information and event management (SIEM). QRadar receives the alert through a connector, which is called the Guardium device support module (DSM), and displays it in a console.
In this lab, you integrate Guardium and QRadar to display an event in the QRadar SIEM console when a suspicious user attempts to read or manipulate sensitive data.