This ensures that the mainframe is not burdened with incremental storage or processing requirements, network traffic is limited, and a full audit trail is stored securely. I'm assuming that's the specific audit process that I updated, but I can't find any way to translate 20033 in an actual audit process name. Each S-TAP sends information specified by user-defined audit policies to an IBM Security Guardium Collector for z/O S appliance. This restriction should not impact new Guardium deployments. When working with an existing deployment, considering uninstalling your existing policies before working with the quick start policies. However, I can't find any entity that has the APP_OBJECT_ID value that will tell me the name of what was edited. Selective audit trail: enabled Installation of quick start security policies will fail if any preexisting policies have conflicting settings. The audit process can export audit results to external repositories for additional forensic analysis such as Syslog, CSV or CEF files, or external feed. I can run a report against the "Guardium Applications" entity to get the APP_OBJECT_TYPE_ID(5 = Audit Process Builder) and I can run another report against the "Guardium Roles" entity to the ROLE_ID(20007 = The role I added). Guardium audit processes provide the following capabilities: Audit processes support company privacy and governance requirements, such as PCI-DSS, SOX, Data Privacy, and HIPAA. Which shows I messed with a role, but the "All Values" section is a bit cryptic. CEF and CSV file output can be written to syslog. IBM Security Guardium needs to provide better run books and guides for helping with the implementation. When exporting to CEF or CSV files, keep in mind the following details, Each record in the CSV or CEF file represents a row on the report. As I test, I modified the permissions on one of my audit processes and ran the report, which returns the following(formatted for posting)Įntity Key Used=ALLOWED_ROLE.ALLOWED_ROLE_IDĪLLOWED_ROLE.TIMESTAMP = Thu May 23 15:54: You can export report, entity audit trail, and privacy task output to CSV files, and export database activity reports to a CEF file. IBM TechXchange Community Partner Programĭoes anyone know how to translate the ALLOWED_ROLE.APP_OBJECT_ID value from a Guardium user activity report into an actual value?Īs an example, I have a report with the main entity of "Guardium User Activity Audit" which returns all activities by my users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |