Including or excluding failed accesses and negative SQL code
IBM® Security Guardium® S-TAP® for Db2 enables you to include or exclude failed accesses and negative SQL code on a per-policy basis.
In the Guardium appliance interface, create a list of SQL codes to include of exclude during data collection. A policy can contain either all values to be included, or all values to be excluded. In an include list, any SQL activity that fails within the SQLCODE list will be collected. In an exclude list, any SQL activity that does not fail within the SQLCODE list will be collected.
- No other filtering criteria will be ANDed with the SQLCODE filter rule when determining the collection status of the event.
- Failed access events are streamed to the appliance if the negative SQL code is:
- Included in the list of negative SQLCODE to be captured
- Not based on ALL FAILED AUTHORIZATIONS being included in the COMMANDS filter setting for the policy. ALL FAILED AUTHORIZATIONS can be removed from the COMMANDS filter setting.