Integrating IBM DB2 Audit Events
The IBM® DB2® DSM allows you to integrate your DB2 audit logs into IBM QRadar® for analysis.
The db2audit command creates a set of comma-delimited text files with a .del extension that defines the scope of audit data for QRadar when auditing is configured and enabled. Comma-delimited files created by the db2audit command include:
- audit.del
- checking.del
- context.del
- execute.del
- objmaint.del
- secmaint.del
- sysadmin.del
- validate.del
To integrate the IBM DB2 DSM with QRadar, you must:
- Use the db2audit command to ensure the IBM DB2 records security events. See your IBM DB2 vendor documentation for more information.
- Extract the DB2 audit data of events contained in the instance to a log file, depending on your version of IBM DB2.
- Use the Log File protocol source to pull the output instance log file and send that information back to QRadar on a scheduled basis. QRadar then imports and processes this file.