Auditing Guardium Data Security Center

Auditing is the process of recording the activity that occurs on databases or applications. Auditing can help you detect and prioritize security threats and data breaches.

Auditing provides accountability, traceability, and regulatory compliance that relates to access to and modification of data. Enterprises are often subject to industry requirements for regulatory auditing compliance. Therefore, a complete auditing solution that works with Guardium Data Security Center requires contributions and coordination of solutions from OpenShift®, Guardium Data Protection, and Guardium Data Security Center.

There are several mechanisms that you can use to audit IBM Guardium Data Security Center:

What can I audit?	Requirements	Learn more
System access	To use this mechanism, you must have security information and event management (SIEM) software, such as: LogDNA (IBM Cloud) Splunk (on premises) QRadar (on premises)	Configure Guardium Data Security Center Audit Logging to forward audit records to your security information and event management (SIEM) solutions. . Note: Some Guardium Data Security Center components and services do not support audit logging.
Sensitive data on remote databases	To use this mechanism, you must have the following software: An existing Guardium Data Protection system The Watson Knowledge Catalog service	Identify which assets you want to audit from the Watson Knowledge Catalog interface. After you tell Guardium Data Protection to audit an asset, Guardium Data Protection audits any access to the asset.
Database traffic	To use this mechanism, you must have the following software: An existing Guardium Data Protection system The Guardium External S-TAP service	Audit your databases for compliance monitoring and data security. After you install the Guardium External S-TAP service, provision an instance of the service for each database that you want to audit. The service intercepts TCP/IP traffic between Guardium Data Security Center and the database. The intercepted traffic is sent to the Guardium Data Protection collector for parsing, policy enforcement, logging, and reporting.

What can I audit?

Requirements

Learn more

System access

To use this mechanism, you must have security information and event management (SIEM) software, such as:

LogDNA (IBM Cloud)
Splunk (on premises)
QRadar (on premises)

Configure Guardium Data Security Center Audit Logging to forward audit records to your security information and event management (SIEM) solutions. .

Note: Some Guardium Data Security Center components and services do not support audit logging.

Sensitive data on remote databases

To use this mechanism, you must have the following software:

An existing Guardium Data Protection system
The Watson Knowledge Catalog service

Identify which assets you want to audit from the Watson Knowledge Catalog interface.

After you tell Guardium Data Protection to audit an asset, Guardium Data Protection audits any access to the asset.

Database traffic

To use this mechanism, you must have the following software:

An existing Guardium Data Protection system
The Guardium External S-TAP service

Audit your databases for compliance monitoring and data security.

After you install the Guardium External S-TAP service, provision an instance of the service for each database that you want to audit.

The service intercepts TCP/IP traffic between Guardium Data Security Center and the database. The intercepted traffic is sent to the Guardium Data Protection collector for parsing, policy enforcement, logging, and reporting.