Enabling security monitoring

Enable security monitoring so that IBM® Cloud Pak System Software for x86 can send security related events to the console in real time. Sending events in real time allows you to learn about potential security breaches as soon as they occur on the system.

Before you begin

You must be assigned the Auditing role with permission to Manage auditing (Full permission) to perform these steps. Administrators who are assigned the Auditing role with permission to View all auditing reports (Read-only) can only view security monitoring configurations.

About this task

When you enable security monitoring, you can select to monitor specific events from various categories of events types, for example events related to users, user groups, user roles, user tokens, and group membership. You can also enable security monitoring for individual users on the system.

When enabled, you can view security events on the System > Events page (or Problem determination > System > Events page if on 2.3.3.3 or later) in the console.

You can use the console, the command line interface, or the REST API to complete this task. For the command line and REST API information, see the Related information section.

Perform the following steps in the console.

Procedure

  1. Click System > Auditing. If you are on 2.3.3.3 or later, click Security and access > Auditing.
  2. Expand Security Monitoring.
  3. To enable a security event in the table, perform the following steps:
    Note: The Monitored User and Actions columns are empty by default. Those columns are populated with content only when security events are associated with individual users. You can add events for individual users in the next step.
    1. In the Category column, locate the security event that you want to monitor.
    2. Select the check box in the Enable column.
    3. To refresh the table, click the Refresh icon above the table.
    4. To reset the table to its default content, select the Reset icon above the table.
  4. To add an event for an individual user, perform the following steps:
    1. Click the plus sign icon above the table.
    2. In the Create a monitoring configuration to track a specific user window, select a user from the Select user field.
    3. Add a description of the event in the Description field.
    4. Select the user action that you want to monitor from the User action field.
    5. Select Enable to enable the security monitoring event.
    6. Click OK. Details about the new event are added to the table.