The Guardium solution combines an appliance-based solution with light-weight software probes that are installed on database servers combined with a application code base that allows for a highly comprehensive and customizable set of policies to control and secure corporate databases. These combined mechanisms allows the Guardium solution to see not only traditional client server and web based application communications, but also threats that might originate on database servers--enabling Guardium to take action on all unauthorized access attempts. The Guardium solution is able to secure and limit attacks to a database through monitoring of all database access points (local and remote). Because the Guardium architecture is both network-based and host-based through appliances and software probes respectively--continually monitoring network and servers for database messages, the Guardium solution can be deployed in a variety of operational modes to provide flexibility and complete coverage for all database traffic. With such complete coverage, it follows that Guardium’s solution must take advantage of self-monitoring.
In order to comply with the strict requirements set forth by Guardium to self-monitor its own solution, there exists a four pronged approach to ensuring the Guardium solution is available, functioning properly, has not been tampered with, and alerts users of problems.
Reports--Whether textual or graphical, reports are at the core of the Guardium solution. By using Guardium’s Query Builder and Report Builder a user can effectively report on any of the self-monitoring data collected through associated domains and entities. Many of the predefined reports can be enhanced through more detailed effort to provide higher levels of granularity.
Alerts--In addition to building reports, a user can define an alert against those reports through defined thresholds--indicating an exception or policy rule violation. These alerts can either be real-time or determined through historical analysis. These alerts can then trigger notification to users through SMTP, SNMP, syslog, or a custom Java class.
Self-Monitoring Utility--Guardium has implemented an internal self-monitoring demon (always running) service utility on collectors and aggregators that wakes up every 5 minutes and does system scan--checking components for optimal configuration, operational effectiveness, and repairs when necessary. For example if the utility finds the Web Server down, it will first validate a complete shutdown of the service, restart the service, and then alerts an administrative user.
Report: Select Guardium Monitor > Current Status Monitor, or
See Predefined admin Reports for report : Current Status Monitor for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Self-Monitoring: Is in use
Report: Select Guardium Monitor > Current Status Monitor, or
Select Guardium Monitor > Buffer Usage Monitor, or
See Predefined admin Reports for report : Current Status Monitor for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Self-Monitoring: Is in use
Report: Select Guardium Monitor > Current Status Monitor, or
Select Guardium Monitor > Buffer Usage Monitor, or
See Predefined admin Reports for report : Current Status Monitor for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Report: Select Guardium Monitor > Current Status Monitor, or
Select Guardium Monitor > Buffer Usage Monitor, or
See Predefined admin Reports for report : Current Status Monitor for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Report:
Report: See Predefined admin Reports for report : Logins to Guardium for more information, or
See Predefined admin Reports for report : Admin User Logins for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Guardium Login domain and Guardium Users Login entity to create alerts
Self-Monitoring: Is in use
Report: Select Guardium Monitor > Buffer Usage Monitor
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Self-Monitoring: Is in use
Report: Select Guardium Monitor > Buffer Usage Monitor, or
See Predefined admin Reports for report : CPU Usage for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Report: Select Guardium Monitor > Buffer Usage Monitor
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Self-Monitoring: Is in use
Report: Select Guardium Monitor > Buffer Usage Monitor
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Report: Select Guardium Monitor > Buffer Usage Monitor
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Self-Monitoring: Is in use
Report: See Daily Monitor > Dropped Requests, or
See Predefined admin Reports for report : Dropped Requests for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Exceptions domain and Exceptions entity to create alerts
Self-Monitoring: Is in use
Report: See Daily Monitor > Databases by Type, or
See Predefined admin Reports for report : Databases by Type for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Auto-discovery domain and Host Configuration entity to create alerts
Report: See Daily Monitor > Values Changed, or
See Predefined admin Reports for report : Values Changed for more information
Alert: See Viewing an Audit Process Definition for alert: Data Source Changes - alert on any data source changes
Report: Select Guardium Monitor > Buffer Usage Monitor
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Report: Select Guardium Monitor > Buffer Usage Monitor, or
See Predefined admin Reports for report : Request Rate for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Report: Select Guardium Monitor > Buffer Usage Monitor
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Self-Monitoring: Is in use
Report: Select Guardium Monitor > Scheduled Jobs Exceptions, or
See Predefined admin Reports for report : Scheduled Job Exceptions for more information, or
See Predefined admin Reports for report : Scheduled Jobs for more information, or
See Predefined admin Reports for report : Cls/Asmt Job Queue for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Exceptions domain and Exception Type entity to create alerts
Report: Select Guardium Monitor > Number of Active Audit Processes, or
See Predefined admin Reports for report : Number of Active Audit Processes for more information, or
See Predefined admin Reports for report : Outstanding Audit Process Reviews for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Audit Process domain and Audit Process entity to create alerts
Report: See Tap Monitor > S-Tap Configuration Change History
Alert: See Viewing an Audit Process Definition for alert: Inspection Engines and STAP - alert on any activity related to inspection engine and stap configuration
Report: See S-TAP Reports
Alert: See Viewing an Audit Process Definition for alert: Policy Changes Alert - alert once a day on policy related changes
Report: Select Administration Console > Policy Installation
Alert: You can use the Queries and Correlation Alerts, utilizing the Installed Policy domain and Installed Policy entity to create alerts
Report: Select Guardium Monitor > Logins to Guardium, or
See Predefined admin Reports for report : Logins to Guardium for more information, or
See Predefined admin Reports for report : Admin User Logins for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Guardium Login domain and SQL Guard Login entity to create alerts
Report: Select Guardium Monitor > Logins to Guardium, or
See Predefined admin Reports for report : Logins to Guardium for more information, or
See Predefined admin Reports for report : Admin User Logins for more information
Alert: See Viewing an Audit Process Definition for alert: Failed Logins To Guardium - alert if have more than 5 failed logins in the last 11 minutes, or
Select Tools > Report Building > drop-down Report Title: Guardium Logins, See Reports for additional information
Report: Select Guardium Monitor > User Activity Audit Trail, or
See Predefined admin Reports for report : User Activity Audit Trail for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Guardium Activity domain and SQL Guard User Activity Audit entity to create alerts
Report: Select Guardium Monitor > User Activity Audit Trail, or
See Predefined admin Reports for report : User Activity Audit Trail for more information
Alert: See Viewing an Audit Process Definition for alert: Guardium - Add/Remove Users - alert on any Addition or Removal of Guardium User
Alert: See Viewing an Audit Process Definition for alert: Guardium - Credential Activity - alert on any Credential changes including LDAP configuration Changes
Report: Select Guardium Monitor > Guardium Users, or
Select Guardium Monitor > Guardium Roles, or
Select Guardium Monitor > Guardium Applications, or
See Predefined admin Reports for report : Guardium Group Details for more information, or
See Predefined admin Reports for report : Guardium Users for more information, or
See Predefined admin Reports for report : Guardium Roles for more information
Alert: You can use the Queries and Correlation Alerts, utilizing the Application domain and Application Data entity to create alerts
Report: See Reporting on Aggregation and Archiving Activity
Alert: See Viewing an Audit Process Definition for alert: Aggregation/Archive Errors - alert on any aggregation/archive error, runs once a day
Report: See Reporting on Aggregation and Archiving Activity
Alert: See Viewing an Audit Process Definition for alert: Aggregation/Archive Errors - alert on any aggregation/archive error, runs once a day
Report: You can use Reports, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to build a report
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Self-Monitoring: Is in use
Report: You can use Reports, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to build a report
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Self-Monitoring: Is in use
Report: You can use Reports, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to build a report
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Report: You can use Reports, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to build a report
Alert: You can use the Queries and Correlation Alerts, utilizing the Sniffer Buffer domain and Sniffer Buffer Usage entity to create alerts
Report: You can use Reports, utilizing the Access domain and Full SQL entity to build a report
Report: You can use Reports, utilizing the Access domain and Full SQL entity to build a report
Report: See S-TAP Reports, or
See Predefined admin Reports for report : STAP Status Monitor for more information
Alert: See Viewing an Audit Process Definition for alert: Inactive STAPs Since - alert if have inactive staps
Report: See S-TAP Reports
Alert: See Viewing an Audit Process Definition for alert: Inspection Engines and STAP - alert on any activity related to inspection engine and stap configuration
Report: See S-TAP Reports
Alert: See Viewing an Audit Process Definition for alert: Inspection Engines and STAP - alert on any activity related to inspection engine and stap configuration
Report: See S-TAP Reports
Alert: See Viewing an Audit Process Definition for alert: Inspection Engines and STAP - alert on any activity related to inspection engine and stap configuration
Report: See CAS Status
Report: See Tap Monitor > CAS > Changes
Alert: See Viewing an Audit Process Definition for alert: CAS Template Changes - alert on any CAS Tempalce configuration
Report: See Tap Monitor > CAS > Changes
Alert: See Viewing an Audit Process Definition for alert: CAS Instance Config Changes - alert on any CAS Instance configuration
Report: You can use Reports, utilizing the CAS Host History domain and Host Event entity to build a report
Report: See External Data Connector
After logging into the Guardium interface as the admin user:
Click on the Tools tab
Click on the Config & Control tab
Click on the Audit Process Builder link in the left hand column menu to bring up the Audit Process Finder panel
From the drop-down Process Selection List, select Appliance Monitoring
Use the radio buttons to select show all, active only, or inactive only processes for Appliance Monitoring
Click on the Modify button to bring up the Audit Process Definition panel
See Compliance Workflow Automation for more information