Auditing Guardium Insights

Auditing is the process of recording the activity that occurs on databases or applications. Auditing can help you detect and prioritize security threats and data breaches.

Auditing provides accountability, traceability, and regulatory compliance that relates to access to and modification of data. Enterprises are often subject to industry requirements for regulatory auditing compliance. Therefore, a complete auditing solution that works with Guardium® Insights requires contributions and coordination of solutions from OpenShift®, Guardium Data Protection, and Guardium Insights.

There are several mechanisms that you can use to audit IBM Guardium Insights:
What can I audit? Requirements Learn more
System access To use this mechanism, you must have security information and event management (SIEM) software, such as:
  • LogDNA (IBM Cloud)
  • Splunk (on premises)
  • QRadar (on premises)

Configure Guardium Insights Audit Logging to forward audit records to your security information and event management (SIEM) solutions. .

Note: Some Guardium Insights components and services do not support audit logging. For more information, see Services that support audit logging.
Sensitive data on remote databases To use this mechanism, you must have the following software:
  • An existing Guardium Data Protection system
  • The Watson Knowledge Catalog service
Identify which assets you want to audit from the Watson Knowledge Catalog interface.

After you tell Guardium Data Protection to audit an asset, Guardium Data Protection audits any access to the asset.

Database traffic To use this mechanism, you must have the following software:
  • An existing Guardium Data Protection system
  • The Guardium External S-TAP service
Audit your databases for compliance monitoring and data security.

After you install the Guardium External S-TAP service, provision an instance of the service for each database that you want to audit.

The service intercepts TCP/IP traffic between Guardium Insights and the database. The intercepted traffic is sent to the Guardium Data Protection collector for parsing, policy enforcement, logging, and reporting.