Only a partial course catalog displayed. Please click here to log in to see the complete catalog.

Course Search Results

Found 85 courses for "Guardium".

This is a commercial course that is available through our training partners. Please follow the link below to enroll in this course. 


 Are you getting ready to administer database security policies? Learn how to configure Guardium to discover, classify, analyze, protect, and control access to sensitive data. You learn to perform vulnerability assessment, and how to monitor data and file activity. This course teaches you how to create reports, audits, alerts, metrics, and compliance oversight processes. 


 Database administrators, security administrators, security analysts, security technical architects, and professional services using IBM Guardium. 


Before taking this course, make sure that you have the following skills: 

  • Working knowledge of SQL queries for IBM DB2 and other databases
  • Working knowledge of UNIX commands 
  • Familiarity with data protection standards such as HIPAA and CPI

Click on this link to go to the IBM Training Website to find a training partner for this course.

View enrollment options

This IBM Redbooks® publication provides a guide for deploying the Guardium solutions.

This book also provides a roadmap process for implementing an InfoSphere Guardium solution that is based on years of experience and best practices that were collected from various Guardium experts. We describe planning, installation, configuration, monitoring, and administrating an InfoSphere Guardium environment. We also describe use cases and how InfoSphere Guardium integrates with other IBM products.

This covers Directory Integrator Integrations with several different IBM products.

  • Directory Integrator and PIM - Learn how to Integrate PIM and Directory Integrator, Suspend and Restore PIM Users and Resources based on QRadar Events.
  • Directory Integrator and Guardium - Learn how to integrate Guardium and Directory Integrator. Update Guardium policies based on Events from Qradar.
  • Closed Loop Integrations using IBM XGS and IBM QRadar SIEM and QRadar Vulnerability Manager (QVM)

Guardium processes large amounts of information about database access. In this video, you will learn to take steps to prevent your Guardium internal database filling up, troubleshoot when it is filling up and take action to reduce the space when needed.

Patching your Guardium installation is a periodic administrative task. In this video, you learn how to download a Guardium patch from IBM Fix Central, upload it to your IBM Guardim appliance, and use the API to install the patch.

This course covers:

  • How to capture must gathers from Guardium
  • Collecting a guard_diag for a Guardium S-TAP installed on UNIX
  • How to Upload Data to a Support Ticket (PMR)
  • Using Guardium cli commands iptraf and tcpdump to troubleshoot network issues

IBM Guardium version 10 includes functionality to monitor file activity. In this video, you will view the discovery and classification capabilities of the file activity monitoring tools and learn how to set up a blocking rule to prevent someone from deleting files in a directory as well as logging the attempt.

This self-paced learning content represents an integration scenario that uses IBM Privileged Identify Manager (PIM), IBM Guardium, IBM Network Protection (XGS), IBM QRadar, and IBM Directory Integrator (IDI). The course includes three videos that depict a database administrator interacting with the system. Watch the videos in the following order:

1)     Testing Initial PIM and Guardium Setup – This video shows the basic functionality of PIM and Guardium without implementing integration between them.

2)     Testing PIM and Guardium Integration – This video shows the benefits of integrating PIM and Guardium. There is no direct integration path between the two products. QRadar and IDI are used to bridge integration gaps between PIM and Guardium.

3)     Testing a Complete Integration Solution– This video shows a fully integrated security solution. It includes the XGS appliance that terminates any existing connection from the database administrator workstation to the database server.

This course also includes an Integration Guide that documents the configuration steps necessary to integrate the products. It also includes the file that contains the custom files, including developed IDI assembly lines, necessary to successfully implement this integration scenario.

File activity monitoring (FAM) includes two major components: the first component discovers and classifies files stored in the file system and the second component is the activity monitor. It extracts the security policy from the appliance and enforces it on file activity in real time.

In this lab, you view the settings necessary to perform file access monitoring, create a dashboard and add a file entitlement report, and then perform some file operations to view how the FAM functionality reacts to changes.

Using IBM Guardium, you can create policies to monitor access to unstructured data, such as that found in files, as well as structured data, such as that found in databases. In this lab, you learn how to create and install policies to monitor files. Then you modify the FAM policy and add a rule that prevents a group of users from copying a file.

The Guardium Vulnerability Assessment application enables organizations to identify and address database vulnerabilities in a consistent and automated fashion. The assessment process in Guardium evaluates and recommends actions to improve the health of your database environment. In this lab, you learn how to configure and run a database vulnerability assessment.

This video demonstrates the 5 different areas within the GDPR accelerator for IBM Guardium.  The accelerator is used to implement and manage many of the processes you will need for GDPR compliance.

The video provides details on IBM Guardium release 10.1.3. This release helps to speed compliance and simplify deployments.

The Guardium Vulnerability Assessment application enables organizations to identify and address database vulnerabilities in a consistent and automated fashion. The assessment process in Guardium evaluates and recommends actions to improve the health of your database environment. In this demonstration, you learn how to configure and run a database vulnerability assessment.

IBM Guardium uses data activity monitoring, file activity monitoring, and vulnerability assessment to help ensure the security, privacy, and integrity of your data. Guardium can be deployed on various cloud environments, including Amazon AWS EC2, Google, IBM SoftLayer, and Microsoft Azure. The following guides provide instructions you can use to deploy a Guardium instance in a specific cloud.

S-TAP and K-TAP are Guardium components that can intercept database communications between clients and the database server. This course includes the following materials:

  • IBM Guardium: Linux S-TAP installation guidance
  • Troubleshooting the Guardium S-TAP Verification Process
  • How can a SLON capture be created on an InfoSphere Guardium Appliance

IBM Guardium released an upgrade patch that allows you to upgrade your Central Manager, aggregators, and collectors from version 9.X to version 10.1.3. In this video series, you learn how to prepare your environment and apply the upgrade patch to your Central Manager and managed units.

This Open Mic discusses how to troubleshoot underlying problems causing you to receive Sniffer restart and High CPU correlation alerts.

This learning module demonstrates the integration of IBM Guardium and IBM IGI products to support the GDPR compliance initiative on structure data. The solution provides a custom developed AssemblyLine that runs in IBM Directory Integrator (IDI), and an IBM Identity Governance and Intelligence (IGI) Custom Adapter that requires IBM Directory Server and IDI to run.

The integration goal is to identify GDPR sensitive data using a provided sample database using IBM Guardium. Guardium then exports a report that contains users who have access to tables with GDPR relevant data. Then, the IGI Custom Adapter imports these reports into IGI for further compliance and access management.

The course provides a lab environment where the integration can be tested and demonstrated.

Also, if you do not have time to run the lab, you can review the videos that demonstrate all steps in the lab.

The additional learning section provides a custom AssemblyLine and a custom IGI adapter as-is with no IBM support. You can provide feedback to the Security Learning Academy if you have any issues with the code.

During this Tech Talk, Guardium experts discuss hints and tips for a successful upgrade to v10

IBM Guardium 10.1.4 has new functionality to protect Oracle 11 databases that reside on Amazon AWS. In this video series, you will learn how to discover cloud databases. Then you will see how to classify and audit sensitive objects.

In this Guardium tech talk series, you will learn about IMS Implementation, cryptographic hardware, CKDS creation, and master key rotation.

In this video, you will see how to use specific Guardium GUI reports to check the data being logged on a Guardium Appliance .

In this Guardium Open Mic, the following topics are discussed:  Shared Secrets, ID's and Passwords, Ports and Firewalls, Backups and Archives, Supportability Options

This Guardium Open Mic discusses the usage of ATAP and EXIT. ATAP allows interception of encrypted traffic at the database server application level, and EXIT functionality makes it possible to intercept any traffic while eliminating the need for loading the KTAP module into the kernel.

This video provides an example of installing a Guardium GPU patch; highlighting good practices and tips for the install.

In this Tech Talk, Guardium experts provide an overview of what is new in Guardium 10.1.4, including enhancements in compliance, ease of use, agents, and platform.

In this Tech Talk, Guardium experts discuss the new Guardium Data Encryption v3.0.

Guardium technical support commonly analyzes the Buffer Usage Monitor Report & Sniffer must_gather to determine problems occurring with in the Guardium environment. This Open Mic explores those reports and information commonly analyzed.

IBM Guardium  provides tools to discover, classify, and build policies for files. 

In this lab, you will use the quick search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This hands-on lab is targeted to IBM Guardium users and administrators who need to create policies to control access to files which contain sensitive information.

Guardium 10.1.4 provides a new group builder application which provides powerful tools for populating group members and allows you to see which resources use a given group.

In this exercise, you learn to how to build and populate the Guardium groups.

This hands-on lab is targeted for IBM Guardium users and administrators who need create and maintain groups. The lab will take approximately 30 minutes to complete.

Guardium Data Security policies help flag suspicious database activity. By configuring policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units.

In this lab, you create a policy with rules to discard trusted activity and to flag untrusted activity.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.

Guardium Data Security policies help flag suspicious database activity and events.

In this lab, you create a policy with rules to flag events where a database user has failed at multiple attempts to login during a short duration of time.

This hands-on lab is targeted towards Guardium users and administrators who maintain database security policies. It will take approximately 30 minutes to complete.

IBM Guardium gathers a large amount of data about your database environment. Queries probe this data, while reports display this data in an easily viewable format.

In this lab, you will create a simple query and a report based on that query.

This hands-on lab is targeted towards Guardium users and administrators who create and maintain reports. It will take approximately 30 minutes to complete.

This lab demonstrates bidirectional integration of IBM® QRadar® SIEM and IBM® Guardium®.  QRadar SIEM collects the logs from various devices in enterprise networks.  The logs are received through connectors called Device Support Module (DSM).  QRadar has a DSM for Guardium. That DSM enables QRadar to receive and process logs from Guardium.

Alternatively, Guardium has an API that provides an option for QRadar to react to certain events detected by QRadar, and send Guardium those commands to adjust the database policy to properly react to the event.  For example, if QRadar detects that the source IP from an internal network is communicating with an IP address classified as the Botnet Server, it can send a command to Guardium to block any access to the database from the same IP address.  The call from QRadar to Guardium can be done using the Custom Actions feature of QRadar or using IBM Security Directory Integrator® (IDI) that acts as the proxy; transforming various events from QRadar into Guardium API calls.

This IDI solution uses custom developed code that IBM provides as-is without any support and maintenance commitments. You can download the code from the Security Learning Academy in the Additional Resources section of this course.

In this set of videos, we introduce the powerful capabilities of IBM QRadar SIEM.

  • The first video depicts how data is ingested into the QRadar environment by collecting log information, network flow data, and vulnerability information. You learn about the asset model, and how the QRadar rules are used to create actionable offenses. In addition, the video explains the integration with IBM BigFix, as well as QRadar Risk and Vulnerability Manager.
  • The second video starts off by explaining the concepts of QRadar Reference Sets and how to use them. It then takes a look at the forensic capabilities, and briefly introduces the deployment architecture.
  • The third video focuses on integration capabilities between QRadar and IBM BigFix, IBM Guardium, network intrusion prevention systems, IBM Trusteer, IBM Identity Manager, and IBM mainframe SMF records,
  • After a brief recap of the QRadar fundamentals, the fourth video explains many of the new capabilities that have been recently added to QRadar. These include the new appliances QRadar Network Insights, the Data Node, and the App Node. It then provides an overview of the QRadar API and the App Exchange, and takes a closer look at some of the available app extensions, including the BigFix App, User Behavior Analytics, Sysmon integration, and the QRadar Advisor with Watson. Finally, it introduces the new DSM Editor.
  • Collecting and investigating network flows is one of the outstanding QRadar capabilities. The final video explains how QRadar approaches network flows, and how the security analysts benefit from this in their daily investigations.

IBM Guardium 10.1.4 introduces the capability for all managed units, agents, and clients to communicate by using Transport Layer Security (TLS) Protocol version 1.2. This capability enhances security in your data center.

In this series of three videos, you learn how to enable TLS1.2 in your IBM Guardium environment.

Duration: 15 minutes

This Open Mic Live session was originally broadcast from Think 2018 19-March-2018

John Adams from Guardium Technical Support delivers this Open Mic LIVE at the 2018 Think conference. Part fire extinguisher, part lifejacket, and part how to avoid getting burned in the first place, the information in this Open Mic will help keep you out of trouble and possibly rescue you in the case of full appliance issues.


  • Introduction
  • Detection
  • First Response
  • Getting to Root Cause
  • Questions & Answers

A follow up to John Adams Open Mic on Full Guardium Appliances, John spends time answering audience questions on that and other topics: Rebooting the appliance, issues with fixes, vulnerabilities, the Discovery engine, high CPU, and various other issues.

This IBM Guardium Open Mic discusses the following topics:

  • How to tell if KTAP will install directly on a kernel version? (i.e how to use ktaposmatch)
  • Options to build KTAP for unlisted kernel versions (flex_loading, and custom ktap build), including examples of each case, with GIM and non-GIM installs.

IBM Guardium provides over 600 preconfigured reports. As well as being useful in themselves, these reports can serve as templates to create a report customized to your specific needs. This saves time and effort.

In this 30 minute course, you will clone a Guardium query. You will customize the fields and conditions of this query, then generate a report from this new query.

IBM Guardium policies are powerful resources to monitor your data environment. However, due to the large amount of data activity in a database production environment, you must configure your policy carefully to filter out innocent traffic.

In this course, you learn the differences between selective and non-selective audit policies.

In this Open Mic, you will learn about IBM Guardium distributed reports. This Central Manager feature provides a way to automatically gather data from all or a subset of the Guardium managed units that are associated with this particular Central Manager. Distributed reports are designed to provide a high-level view, to correlate data from across data sources, and to summarize views of the data.

With Guardium, you can set up rules that automatically terminate database sessions when Guardium detects improper data access, limiting the damage from hostile attacks on your database.

In this videos, you learn how to configure the S-TAP agent and create policy rules to take advantage of S-GATE functionality.

Guardium Big Data Intelligence complements existing Guardium deployments with the ability to quickly integrate an optimized security data lake.

Part 1 covers architecture, reporting, and data retention.

Part 2 takes a deeper look at the solution and its benefits, which includes: noise-reduction analytics, data integrations for enrichment and automation, workflow and orchestration, trusted connections, and Database User Entity Behavior Analytics.

When you create Guardium policies with multiple rules, you might want to ensure that processing does not stop when one rule is triggered. 

In this hands-on lab, you investigate the Continue to Next Rule check box and how it affects policy processing.

The prerequisite for this course is basic knowledge of configuring IBM Guardium Policy.

Guardium S-TAP is a lightweight software agent installed on database servers. S-TAP agents collect the data that are used by traffic reports, alerts, and visualizations. S-TAP agents also enact certain policy rules.

In this hands on exercise, you install the S-TAP agent using the Guardium Installation Manager (GIM) and the Guardium GUI.

Regular upkeep of your data security environment is required to keep the system aligned with the ever-changing IT environment, including new data servers, new uses of sensitive data, new users, and new applications. Organizations that use IBM Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner.

In this course, you learn how Guardium APIs can speed deployment and automate repetitive tasks such as creating a datasource, updating users, or modifying groups.

During this Open Mic session, Carolina Leme from Guardium Level 2 support discusses user management and roles and responsibilities.  The bookmarks in the video will take you to the following topics:

  • Administrator responsibilities
  • Root user
  • GUI users
  • CLI access
  • Roles and permissions

The IBM Security Guardium Data Protection v10.5 platform continues to evolve to support a wider variety of use cases, both by adding new functionality and by opening up the platform to support application integration.  In this tech talk, you will get an overview of the new and updated Guardium features, including:

  • An apps ecosystem that enables integration of your own functionality into Guardium 
  • An expansion of file discovery and classification to more deployment models 
  • Updates to Vulnerability Assessment, including support for SAP HANA 
  • Enhanced integration to support Guardium Big Data Intelligence use cases 
  • Platform enhancements for currency, security, and manageability

Bookmarks in the video take you to the following topics:

  • Guardium App Exchange (Ecosystem)
  • File Access Monitoring (FAM) for SharePoint and NAS
  • Platform / OS changes
  • CyberArk integration
  • Currency updates
  • Sniffer updates
  • Guardium Big Data Intelligence (GBDI) integration
  • STAP, ATAP, and GIM updates
  • Vulnerability Assessment (VA)
  • IBM License Metric Tool (ILMT)

In this video, you learn how to configure the Guardium archive.

IBM Guardium provides powerful functions to monitor and control database access. IBM Guardium can terminate sessions performing suspicious database access commands, and even quarantine suspicious users.

In this lab, you will explore the session termination and quarantine functionality.

IBM Guardium policy rules fall into three categories:

  • Access rules
  • Extrusion rules
  • Exception rules

In this video series, you  learn about the three types of rules , what criteria and actions are associated with each type, and some of the uses for each type of rule.

In this course, you will become familiar with the IBM Guardium v10 user and command line interfaces.  You see how the Guardium user interface allows easy access to commonly used features and applications.  The Guardium CLI allows you to automate and script frequently used functions. You see how to search for commands and list applicable options.

In the hands-on lab, you will explore the interface and learn how to classify data in your database environment.

The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers.  In this course, you will learn about GIM Agent installation planning, installation steps and validation, and installation troubleshooting.  This is Part 1 of a two-part series.

In Guardium, you may have a situation where the database user name in a report is blank, or there is a question mark, or may be a string of random characters. In this course, you will learn how to import the new missing DB user dashboard and use it to troubleshoot and take actions to resolve the problem.

Peak database traffic periods can overload monitoring solutions. IBM Guardium flat log policy provides a way to defer analysis and logging of traffic to off-peak periods. In this video series, you will learn about flat log policy and how it can help you avoid resource overload.

IBM Guardium provides tools for helping meet the requirements of the Payment Card Industry (PCI) data security standard.

In this video series, you become familiar with Guardium features that pertain to the PCI data security standard. You see a demonstration of how the features are configured.

The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers.  In this course, you will learn about GIM deployment and usage, and includes GIM reports, registration and authentication, and troubleshooting.  This is Part 2 of a two-part series.

MongoDB is a free and open-source cross-platform document-oriented database program.  In this video, you will see a detailed demonstration of Guardium Vulnerability Assessment for MongoDB, including the process to set up and run the test, and what happens after you harden the database per recommendations from the assessment.

Global enterprises are discovering the rigorous task of becoming GDPR compliant. IBM Security Guardium Analyzer can help with your GDPR impact assessment plan by answering the question of "Where is my GDPR- relevant data?" It enables you to efficiently identify risk associated with personal and sensitive personal data that falls under the GDPR. 

In this course, you will learn how to:
  • Analyze on-prem and cloud-based databases to find GDPR relevant data 
  • Use next generation data classification and vulnerability scanning
  • Surface data exposures through dynamic dashboards; providing information, such as, the number of databases affected, severity breakdown, and geographic breakdown
  • Take steps to minimize risk based on the information provided

Guardium 10.5 includes an ecosystem to extend and enhance your current Guardium deployment with new capabilities. Guardium apps are the centerpiece of the ecosystem, allowing you to augment and enrich your current Guardium system. You can create your own Guardium apps or download and install shared apps created by IBM, business partners, or other Guardium customers.

In this tech talk, John Haldeman from Information Insights will share his experiences using the Guardium Ecosystem and demonstrate how to:

- Create a Guardium app using the Software Development Kit (SDK)

- Deploy your app on your Guardium appliance

- Share your app on the IBM Guardium App Exchange

In this video, you will see how to check available disk space in Guardium. This is important information to have to prevent database full issues.

In this video, you learn how to check the Guardium purge period.  This is important information in helping to prevent database full issues.

In this video, you see how to check that the latest Guardium GPU patch is installed.  This is an important task and can be particularly helpful in preventing database full issues.

In this video, you will see how to check the Aggregation/Archive log for errors.  This could be particularly helpful in preventing database full issues.

In this video, you will see how to set Guardium notifications to alert you when your database reaches a specified threshold.  This is particularly useful in preventing database full issues.

In this video, you will see how to check Guardium database usage and how much data is in the top tables.  This is critical information to prevent database full issues.

In this video, you see how to check the Guardium policy for actions that can fill the database.  This is an important step in preventing database full issues.

In this video, you will see how to use Guardium reports to show how data is spread across tables and across time.  This is important information to help prevent database full issues.

In this video, you will see how to check and turn auto_stop_services on in Guardium.  This is important to help prevent database full issues.

In this video, you will see how to set up IBM Guardium email alerts in an IBM Resilient incident response workflow using the Resilient Email Connector.

In this video, you will see how to set up an IBM Guardium instance in Microsoft Azure.

In this video, you will see the steps to create an IBM Guardium instance in Amazon Web Services (AWS).


There is a new and improved policy builder user interface in IBM Guardium 10.6.  This video provides a detailed description and demo of the changes.

In this Open Mic video, Avi Walerius from Guardium Technical Support discusses different aspects of appliance patches: differences between patch types, advice on the health check patch, and best practices for installing GPU patches.

This Open Mic covered different aspects of IBM Guardium certificates, including the prerequisite for installing certificates, how to create request certificates, converting certificates in the format that Guardium supports, and the hierarchy of certificates.


In IBM Guardium 10.6, the new query-report builder combines the legacy report and query builders into a simplified workflow, where each query represents one corresponding report.  In this video, you will learn about and a see a demo of this new feature.


New in IBM Guardium 10.6, alerts are sent when the system predicts that a DB size or files on disk (/var) will reach 50% in the next 14 days. Alerts detail the predicted size and the largest tables or files. Alerts are also shown in the deployment health dashboard of the central manager.  In this course, you will see a quick overview of this feature and then a deeper dive into the function and its architecture.


New in IBM Guardium 10.6, File Activity Monitor (FAM) adds a new feature to monitor and audit Microsoft SharePoint servers and network attached storage devices.


Starting with version 10.6, IBM Guardium has a new query and report builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, as well as an intuitive, step-by-step guide to create and configure the query and report. The report is automatically generated from the query. If the query is modified, the report is automatically regenerated when the query is saved.

In these exercises, you create a query and report that shows SQL commands. Then you generate data to test the report and view the results.


A policy is a key component of data security. To keep your data secure, you must be able to implement rules on how data access is monitored, logged, and controlled.  In this course, you will learn how to create, install, and update IBM Guardium policies on data access.


In this course, you will create Guardium groups made up of different users. You will also add some objects to a pre-defined built-in group.


In this video, you will learn about some major performance improvements and stability improvements in the Guardium Windows S-TAP V10 series.

badge logo graphic

Badge earner has demonstrated the skill to configure Guardium V10 to discover, classify, analyze, protect, and control access to sensitive data. The badge earner can also demonstrate skills to perform a vulnerability assessment; to monitor data, file activity, and create reports; and to perform audits, alerts, metrics and compliance oversight processes.