Auditing Cloud Pak for Data

Auditing is the process of recording the activity that occurs on databases or applications. Auditing can help you detect and prioritize security threats and data breaches.

Auditing provides accountability, traceability, and regulatory compliance that relates to access to and modification of data. Enterprises are often subject to industry requirements for regulatory auditing compliance. Therefore, a complete auditing solution that works with Cloud Pak for Data requires contributions and coordination of solutions from OpenShift®, Guardium®, and Cloud Pak for Data.

There are several mechanisms that you can use to audit IBM® Cloud Pak for Data:

What can I audit?	Requirements	Learn more
System access	To use this mechanism, you must have security information and event management (SIEM) software, such as: LogDNA (IBM Cloud) Splunk (on premises) QRadar (on premises)	Configure IBM Cloud Pak for Data Audit Logging to forward audit records to your security information and event management (SIEM) solutions. For more information, see Exporting Cloud Pak for Data audit records to your security information and event management solution. Note: Some Cloud Pak for Data components and services do not support audit logging. For more information, see Services that support audit logging.
Sensitive data on remote databases	To use this mechanism, you must have the following software: An existing IBM Guardium system The Watson™ Knowledge Catalog service	Identify which assets you want to audit from the Watson Knowledge Catalog interface. After you tell IBM Guardium to audit an asset, IBM Guardium audits any access to the asset. For more information, see Auditing your sensitive data with IBM Guardium.
Database traffic	To use this mechanism, you must have the following software: An existing IBM Guardium system The Guardium External S-TAP® service	Audit your databases for compliance monitoring and data security. After you install the Guardium External S-TAP service, provision an instance of the service for each database that you want to audit. The service intercepts TCP/IP traffic between Cloud Pak for Data and the database. The intercepted traffic is sent to the Guardium collector for parsing, policy enforcement, logging, and reporting. For more information, see the Guardium External S-TAP service documentation.

What can I audit?

Requirements

Learn more

System access

To use this mechanism, you must have security information and event management (SIEM) software, such as:

LogDNA (IBM Cloud)
Splunk (on premises)
QRadar (on premises)

Configure IBM Cloud Pak for Data Audit Logging to forward audit records to your security information and event management (SIEM) solutions. For more information, see Exporting Cloud Pak for Data audit records to your security information and event management solution.

Note: Some Cloud Pak for Data components and services do not support audit logging. For more information, see Services that support audit logging.

Sensitive data on remote databases

To use this mechanism, you must have the following software:

An existing IBM Guardium system
The Watson™ Knowledge Catalog service

Identify which assets you want to audit from the Watson Knowledge Catalog interface.

After you tell IBM Guardium to audit an asset, IBM Guardium audits any access to the asset.

For more information, see Auditing your sensitive data with IBM Guardium.

Database traffic

To use this mechanism, you must have the following software:

An existing IBM Guardium system
The Guardium External S-TAP® service

Audit your databases for compliance monitoring and data security.

After you install the Guardium External S-TAP service, provision an instance of the service for each database that you want to audit.

The service intercepts TCP/IP traffic between Cloud Pak for Data and the database. The intercepted traffic is sent to the Guardium collector for parsing, policy enforcement, logging, and reporting.

For more information, see the Guardium External S-TAP service documentation.