OPTIM to Guardium Interface

An OPTIM to Guardium interface, using Protobuf (Universal Feed Agent), sends Optim activity logs to Guardium.

The objective of this interface is to use Guardium auditing capabilities for OPTIM activities. The auditing capabilities include: Reporting tools (user-defined queries and reports); Audit Processes (workflow automation that enables assigning a task to a role/user/group, user-defined status-flow process, escalation, export...): and, Thresholds Alerts.

The Optim-audit activity information includes the access details, session number, activity type (verb), table (object), details (fields), execution time (response time) and number of errors (records affected).

The data is mapped to the Guardium standard object model.

Enabling OPTIM auditing requires enabling via OPTIM and the steps required in Guardium are: (1) link user to Optim Audit Role; (2) add the predefined reports to the appropriate pane; (3) enable sniffer; and, (4) set policy action to Log Data With Values.

This interface includes an optim-audit role, a default layout (psml file) for the optim-audit role, and seven predefined reports.

These reports are:
  • Optim - Failed Request Summary per Optim Server
  • Optim - Request Execution per User
  • Optim Server Optim - Table Usage Details
  • Optim - Request Log
  • Optim - Table Usage Summary
  • Optim - Request Summary
Note: When creating the optim-audit role and user, only one tab OPTIM Audit will display. Similar to roles with custom layouts that customers can generate, this is a role layout that is meant to be used alone (the optim-audit user has no interest in the other user role tabs) but since the user role is required, layout merging has been turned off when the user has the optim-audit role so that they get only the items of optim interest. Other roles that work in this same way are "review-only" and "inv".
Note: After creating and saving the optim-audit role, click the Generate Layout selection within the User Browser menu and click Reset to get the layout associated with the role. Do this again if changing roles within the User Browser.