How to create an Audit Workflow

Create an audit process workflow that generates a pre-defined report on a pre-set schedule, assigns the report to the database administrator for review and sign-off, and facilitates the reviewed report being sent to a supervisor for an additional review and signoff.

1. Open the Audit Process Finder by navigating to Comply > Tools and Views > Audit Process Builder.
2. Click the New button to open the Audit Process Definition panel.

   The Audit Process Definition panel is divided into three sections: General, Receiver Table, and Audit Tasks.

   

   Audit Process Builder menu screen

3. Go to the General section. Enter a name in the Description box. Do not include apostrophe characters.
4. Check the Active box to associate a schedule with the process. At least one audit task must be defined before you can save the process.
5. Mark the Archive Results box if you want to store the results offline after the retention period has expired. When results have been archived, you can restore them to the appliance for viewing again, later.
6. In the Keep for a minimum of (n) days or (n) runs boxes, specify how long to keep the results, as either a number of days (0 by default) or a number of runs (5 by default). After that, the results will be archived (if the archive box is marked) and purged from the appliance.
7. If one or more tasks create CSV or CEF files, you can optionally enter a label to be included in all file names, in the CSV/CEF File Label box. These files can also be compressed, or Zipped, by clicking on the Zip CSV for mail box to add a checkmark.
8. The Email Subject field in the Audit Process definition is used in the emails for all receivers for that audit process. The subject may contain one (or more) of the following variables that will be replaced at run time for the subject:
   • %%ProcessName will be replaced with the audit process description
   • %%ExecutionStart will be replaced with the start date and time of the first task.
   • %%ExecutionEnd will be replaced with the end date and time of the last task.

   Upon entering a subject, it will check whether any variable (starting with %% is present) and will ensure all are valid variables.

9. Go to the Receivers section. Open the drop-down box and add the receivers for the process. See Add Receivers in the Compliance Workflow Automation topic for further information. Checkoffs are needed to determine action required, additions to To-do list, notification via email notifications and continuous distribution. Again, see Add Receivers for complete information in setting these choices. In this example, do not check the continuous boxes for the receivers. If the Continuous checkbox is marked, distribution continues to the next receiver on the list without interruption. If the Continuous checkbox is cleared, distribution to the next receiver is held until the current receiver performs the required action (review or sign). In this example, the DBA needs to view and sign the report before it goes to the Supervisor.
10. Go to the Tasks section. You must define at least one audit task before you can save the process.
11. Define a Report Task.
    1. If the Add New Task pane is not open, click Add Audit Task (see illustration).
    2. Click the Report button.
    3. Optionally create CSV or CEF file output and write to Syslog.
    4. Enter all parameter values in the Task Parameters pane. The parameters will vary depending on the report selected.
    5. Click Apply.
    

    Audit Task – Report

12. Optionally assign security roles.
    1. Open or select the item to which you want to assign one or more security roles (a report definition, for example).
    2. Click the Roles button.
    3. In the Assign Security Roles panel, mark all of the roles you want to assign (you will only see the roles that have been assigned to your account).
    4. Click Apply.
13. Optionally add comments
14. Click the appropriate buttons to Schedule or Run an Audit Workflow Process (see link)
15. Click Apply.
16. Schedule or Run a Compliance Workflow Automation Process
    Open the Audit Process Finder by navigating to Comply > Tools and Views > Audit Process Builder.

    1. Select the process from the Process Selection List.
    2. Click Modify to open the Audit Process Definition panel.
    3. To run the process once, click Run Once Now, or to define a schedule for the process, click Modify Schedule.
    Note: After a schedule has been defined for a process, the process runs according to that schedule only when it is marked active.
    
17. Sign-off and Review of Report

    After the report has run, distribution status can be observed from the report. In the example, the DBA has viewed and signed the report and the supervisor has not.

    

    Distribution Status

    The Audit Process Log report shows a detailed activity log for all tasks including start and end times. This report is available by navigating to Reports > Guardium Operational Reports > Audit Process Log. Audit tasks show start and end times.

    

    Example of Audit Process Log