Basic data security monitoring policy
Use the basic data security monitoring policy to get started with Guardium SQL traffic monitoring.
Guardium ships with a pre-defined policy installed by default: Default - Ignore Data Activity for Unknown Connections [template]. This default captures session-level information such as client and server IP addresses, database type, operating system user, source program, and database session start and end times, but it does not capture actual SQL activity.
Compared to the default policy, the basic data security monitoring policy allows you to starting monitoring SQL traffic right out of box. Using predefined groups of privileged users, privileged commands, and error codes for some of the most common use cases, the basic monitoring policy provides rules that address common data access and attack patterns. Although it is not a comprehensive auditing policy, the basic monitoring policy offers a secure foundation while you develop database activity monitoring policies specific to your environment and needs.