Use groups to quickly specify rule conditions in a policy.
About this task
Each policy is composed of one or more rules. Specify which conditions will enact a rule,
and then choose one or more actions to take when that rule is triggered. This example shows you how
to use groups to identify unauthorized users, log details of their access on a group of sensitive
objects, and send an alert indicating that the access occurred.
Procedure
-
Login to your Guardium system, and open the Policy Builder by clicking .
-
Create a new policy by clicking the icon to open the Policy Definition window.
-
Define the policy definition, then click Apply to save the policy.
-
Click Edit Rules to open the Policy Rules window
and begin adding rules to the policy.
-
Click to add a new rule to the policy.
-
Begin by providing a Description for the rule. Optionally provide
Category and Classification labels.
-
Specify where to look for data. From the Server IP row, select the
(Public) PCI Authorized Server IPs group.
The rule will apply to all activity from all PCI servers.
Note: You can view the members of any
group or modify any group by going to the Group Builder.
-
Specify unauthorized users. From the DB User row, mark the
Not check box and select the (Public) Authorized Users
group.
The rule will apply to all users who are not in the (Public) Authorized Users
group.
-
Specify sensitive objects. From the Object row, select the
(Public) PCI Cardholder Sensitive Objects group.
The rule will now apply to all unauthorized users on PCI servers looking to access PCI
sensitive objects.
-
Add an action to the rule by clicking Add Action and selecting from the menu. Click Apply to save the rule.
This action logs details of the access, including an exact timestamp of the access.
-
Add another action to the rule by clicking Add Action and selecting from the menu. Specify an alert destination, then click Apply
to save the rule.
This action sends or logs an alert indicating that the rule was triggered.
- Click Save to save the rule.
- Install the policy.
- Find the policy that you created. Click Back twice,
or click Policy Builder to get to the and browse the
list of policies.
- With the policy selected, choose from the installation action menu.
- Click OK to confirm the policy
installation, and then check Latest Logs and Violations to
verify the policy was installed.
The policy is now installed and active. Any person not in the (Public) Authorized Users
group attempting to access an object in the (Public) PCI Cardholder Sensitive Objects groups
will have their session logged and will trigger an alert indicating the access.