Auditing Guardium Insights
Auditing is the process of recording the activity that occurs on databases or applications. Auditing can help you detect and prioritize security threats and data breaches.
Auditing provides accountability, traceability, and regulatory compliance that relates to access to and modification of data. Enterprises are often subject to industry requirements for regulatory auditing compliance. Therefore, a complete auditing solution that works with Guardium® Insights requires contributions and coordination of solutions from OpenShift®, Guardium Data Protection, and Guardium Insights.
What can I audit? | Requirements | Learn more |
---|---|---|
System access | To use this mechanism, you must have security information and event management (SIEM)
software, such as:
|
Configure Guardium Insights Audit Logging to forward audit records to your security information and event management (SIEM) solutions. . Note: Some Guardium Insights components and services do not
support audit logging. For more information, see Services that support audit logging.
|
Sensitive data on remote databases | To use this mechanism, you must have the following software:
|
Identify which assets you want to audit from the Watson Knowledge
Catalog interface. After you tell Guardium Data Protection to audit an asset, Guardium Data Protection audits any access to the asset. |
Database traffic | To use this mechanism, you must have the following software:
|
Audit your databases for compliance monitoring and data security. After you install the Guardium External S-TAP service, provision an instance of the service for each database that you want to audit. The service intercepts TCP/IP traffic between Guardium Insights and the database. The intercepted traffic is sent to the Guardium Data Protection collector for parsing, policy enforcement, logging, and reporting. |