IBM Security Guardium Insights

IBM Security Guardium® Insights is a modern data security solution. It is built to adapt to changing environments, connect to critical IT and security tools, streamline compliance and audit processes, and intelligently respond to data threats.

The IBM® Security Guardium Insights DSM collects rules alerts that are forwarded from IBM Security Guardium Insights.

IBM QRadar collects informational, error, alert, and warnings from IBM Guardium by using syslog. QRadar receives IBM Guardium Policy Builder events in the Log Event Extended Format (LEEF).

QRadar can only automatically discover and map events of the default rules that are included with IBM Security Guardium Insights. Any user-configured events that are needed are displayed as unknowns in QRadar and you must manually map the unknown events.

To integrate IBM Security Guardium Insights with QRadar, complete the following steps:
  1. In IBM Security Guardium Insights, configure a syslog alert Integration that Includes the QRadar LEEF header in templates. For more information, see Configuring syslog alerts (https://www.ibm.com/docs/en/guardium-insights/3.2.x?topic=integrations-configuring-syslog-alerts).
  2. Create a policy rule action in IBM Security Guardium Insights that uses the syslog alert integration. For more information, see Creating a custom policy (https://www.ibm.com/docs/en/guardium-insights/3.2.x?topic=policies-creating-custom-policy).
  3. Configure an IBM Security Guardium Insights log source in QRadar. For more information, see Syslog log source parameters for IBM Security Guardium Insights.
  4. Identify and map unknown events for IBM Security Guardium Insights in QRadar . For more information, see Creating an event map for IBM Guardium events.
  5. You can use sample event messages to verify a successful integration with QRadar. For more information, see IBM Security Guardium Insights sample event messages.