IBM Support

IBM Security Guardium Vulnerability Assessment Test Exceptions

Product Documentation


Abstract

Test exceptions reference

Content

The Guardium vulnerability assessment test exception groups are prepopulated with the default members, schema, objects, or privileges created when a database is installed. Use these groups to avoid false-positives when running vulnerability assessments. If an assessment fails, link the appropriate exception group to the test to exclude the default members and run the test again: if the test now runs without violations, this indicates that the initial violations were due to the default members, schema, objects, or privileges created when the database was installed.

The exception group names are documented either in the short description or recommendation of the test, depending on the test logic.

Key to Exception Types:

HARDCODE_IN_SQL: The group name is inbuilt in the test query and cannot be modified.

EXCEPTION_GROUP: When tuning the test, the group name may be added as an exception.

VERSION_OR_PATCH: This is updated via quarterly DPS and can be modified.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"Vulnerability Assessment","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"Guardium 10.x","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
13 December 2018

UID

ibm10788161