Monitoring user activity with auditing in Data Virtualization

To monitor and record user activities that occur at the Data Virtualization database level, you can use the built-in Db2 audit logging feature, which seamlessly integrates with the IBM® Software Hub Audit Logging facility.

For more information, see Auditing IBM Software Hub.

Important: Audited events in Data Virtualization are asynchronously streamed to the IBM Software Hub centralized audit service. The asynchronous nature of log streaming does not guarantee the delivery of the events to and acceptance by the downstream services, including the IBM Software Hub audit service.

Overview of audit logs

You can use Data Virtualization audit logs to solve security challenges in the following ways:

  • You can capture detailed information about user access to specific objects, including whether the access was granted or denied. Detailed information about user access can help you identify potential security threats and to take appropriate action to mitigate these threats. To view all auditable events, see Db2 audit events for Data Virtualization.

    • Audit logging captures both successful and failed events in the following audit event categories: AUDIT, VALIDATE, CHECKING, SECMAINT, and OBJMAINT.
      Note: Audit artifacts, such as configuration, stored procedures, and temporary tables are created in the AUDIT schema

  • You can trace audit logs to actions that lead up to a particular issue. This feature lets you pinpoint concerning behaviors that are performed on a database or user interactions that might require further troubleshooting.

    Audit logs are streamed to the Software Hub Audit Logging facility every 6 minutes.

  • You can feed audit logs into an SIEM (Security Information and Event Management) system to receive alerts when abnormal activity is detected. SIEM systems can help you achieve compliance with organizational and governmental activity monitoring requirements.