Activating the audit process workflow for threat analytics

This procedures describes how to schedule and distribute the audit processes required for using Guardium threat diagnostic tools.

About this task

There are two preconfigured audit processes that control the distribution of threat analytics reports to the appropriate reviewers:

Each process pulls out the suspected cases on one attack type. You can customize these processes, or copy and create your own.

Navigate to Comply > Tools and Views > Audit Process Builder. Optionally filter the available audit processes by clicking the Inactive only radio button or typing Suspected in the Filter box.
The default task for this process is the corresponding report (Suspected Malicious STP Cases or Suspected SQL Injection Cases). Do not modify the runtime parameters of these reports. However, you can add additional tasks to this same audit process. For example, you can add both the threat reports into a single audit process.

If you are defining these audit processes from a central manager, define a task for each collector for which you want to see threat data and use the Remote Data Source option.
Click Send results to define the audit process receivers who will receive reports on suspected malicious stored procedures.
Select the default receiver (user) and then click the icon to define the appropriate receiver or receivers for your organization. When you are finished, click OK.
Click Schedule audit process and review the schedule for the audit process.
The recommendation is to run the process every day, every hour starting at 12:30 AM (after both outliers and threat detection usually run). Note that the check box Auto run dependent jobs has no effect for this task.

Important: Make sure the Activate schedule check box is checked.
Click Next and then click Save to finish working with the audit process.