InfoSphere Guardium Tech Talk - IBM · PDF fileExamples (other than the Mainframe/IBM i STAPs...
53
© 2015 IBM Corporation InfoSphere Guardium Tech Talk Data In/Data Out Integration Options in Guardium John Haldeman, Practice Lead, Information Insights, LLC
Transcript of InfoSphere Guardium Tech Talk - IBM · PDF fileExamples (other than the Mainframe/IBM i STAPs...
copy 2015 IBM Corporation
IBM Security
1copy 2015 IBM Corporation
InfoSphere Guardium Tech Talk
Data InData OutIntegration Options in Guardium
John Haldeman Practice Lead Information Insights LLC
copy 2015 IBM Corporation
IBM Security
2
This tech talk is being recorded If you object please hang up and
leave the webcast now
Wersquoll post a copy of slides and link to recording on the Guardium
community tech talk wiki page httpibmcoWh9x0o
You can listen to the tech talk using audiocast and ask questions in
the chat to the Q and A group
Wersquoll try to answer questions in the chat or address them at
speakerrsquos discretion
ndash If we cannot answer your question please do include your email
so we can get back to you
When speaker pauses for questions
ndash Wersquoll go through existing questions in the chat
Logistics
copy 2015 IBM Corporation
IBM Security
3
Guardium community on developerWorks
bitlyguardwiki
Right nav
copy 2015 IBM Corporation
IBM Security
4
Link to more information about this and upcoming tech talks can be found on the Guardium
developerWorks community httpibmcoWh9x0o
Please submit a comment on this page for ideas for tech talk topics
Next tech talk The best kept secrets of Guardium supportability
Speaker Abdiel Santos L3 Engineering ManagerDate and time Thursday August 13th
1130 AM US EasternRegister here httpsibmbizBdXAQr
Reminder Next Guardium Tech Talk
copy 2015 IBM Corporation
IBM Security
5
Overview of data in
Overview of data out
IBM Security Privileged Identity
Manager Integration (ISPIM) example
use case
Agenda
httpxkcdcom1201
copy 2015 IBM Corporation
IBM Security
6
Overview of Data In
ndash Enterprise Integrator
ndash LDAP
ndash Universal Feed
ndash APIs (eg group member changes)
Data In
copy 2015 IBM Corporation
IBM Security
7
Import data from databases and hosted flat files
Enterprise Integrator ndash Overview
copy 2015 IBM Corporation
IBM Security
8
Enterprise Integrator ndash Process in a Nutshell
1) Datasource 2) Custom Table (Auto Create or Manual)
4) To Use the Data ndash Add it to a Domain (and join if you wantcan)
3) Upload
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
2
This tech talk is being recorded If you object please hang up and
leave the webcast now
Wersquoll post a copy of slides and link to recording on the Guardium
community tech talk wiki page httpibmcoWh9x0o
You can listen to the tech talk using audiocast and ask questions in
the chat to the Q and A group
Wersquoll try to answer questions in the chat or address them at
speakerrsquos discretion
ndash If we cannot answer your question please do include your email
so we can get back to you
When speaker pauses for questions
ndash Wersquoll go through existing questions in the chat
Logistics
copy 2015 IBM Corporation
IBM Security
3
Guardium community on developerWorks
bitlyguardwiki
Right nav
copy 2015 IBM Corporation
IBM Security
4
Link to more information about this and upcoming tech talks can be found on the Guardium
developerWorks community httpibmcoWh9x0o
Please submit a comment on this page for ideas for tech talk topics
Next tech talk The best kept secrets of Guardium supportability
Speaker Abdiel Santos L3 Engineering ManagerDate and time Thursday August 13th
1130 AM US EasternRegister here httpsibmbizBdXAQr
Reminder Next Guardium Tech Talk
copy 2015 IBM Corporation
IBM Security
5
Overview of data in
Overview of data out
IBM Security Privileged Identity
Manager Integration (ISPIM) example
use case
Agenda
httpxkcdcom1201
copy 2015 IBM Corporation
IBM Security
6
Overview of Data In
ndash Enterprise Integrator
ndash LDAP
ndash Universal Feed
ndash APIs (eg group member changes)
Data In
copy 2015 IBM Corporation
IBM Security
7
Import data from databases and hosted flat files
Enterprise Integrator ndash Overview
copy 2015 IBM Corporation
IBM Security
8
Enterprise Integrator ndash Process in a Nutshell
1) Datasource 2) Custom Table (Auto Create or Manual)
4) To Use the Data ndash Add it to a Domain (and join if you wantcan)
3) Upload
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
3
Guardium community on developerWorks
bitlyguardwiki
Right nav
copy 2015 IBM Corporation
IBM Security
4
Link to more information about this and upcoming tech talks can be found on the Guardium
developerWorks community httpibmcoWh9x0o
Please submit a comment on this page for ideas for tech talk topics
Next tech talk The best kept secrets of Guardium supportability
Speaker Abdiel Santos L3 Engineering ManagerDate and time Thursday August 13th
1130 AM US EasternRegister here httpsibmbizBdXAQr
Reminder Next Guardium Tech Talk
copy 2015 IBM Corporation
IBM Security
5
Overview of data in
Overview of data out
IBM Security Privileged Identity
Manager Integration (ISPIM) example
use case
Agenda
httpxkcdcom1201
copy 2015 IBM Corporation
IBM Security
6
Overview of Data In
ndash Enterprise Integrator
ndash LDAP
ndash Universal Feed
ndash APIs (eg group member changes)
Data In
copy 2015 IBM Corporation
IBM Security
7
Import data from databases and hosted flat files
Enterprise Integrator ndash Overview
copy 2015 IBM Corporation
IBM Security
8
Enterprise Integrator ndash Process in a Nutshell
1) Datasource 2) Custom Table (Auto Create or Manual)
4) To Use the Data ndash Add it to a Domain (and join if you wantcan)
3) Upload
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
4
Link to more information about this and upcoming tech talks can be found on the Guardium
developerWorks community httpibmcoWh9x0o
Please submit a comment on this page for ideas for tech talk topics
Next tech talk The best kept secrets of Guardium supportability
Speaker Abdiel Santos L3 Engineering ManagerDate and time Thursday August 13th
1130 AM US EasternRegister here httpsibmbizBdXAQr
Reminder Next Guardium Tech Talk
copy 2015 IBM Corporation
IBM Security
5
Overview of data in
Overview of data out
IBM Security Privileged Identity
Manager Integration (ISPIM) example
use case
Agenda
httpxkcdcom1201
copy 2015 IBM Corporation
IBM Security
6
Overview of Data In
ndash Enterprise Integrator
ndash LDAP
ndash Universal Feed
ndash APIs (eg group member changes)
Data In
copy 2015 IBM Corporation
IBM Security
7
Import data from databases and hosted flat files
Enterprise Integrator ndash Overview
copy 2015 IBM Corporation
IBM Security
8
Enterprise Integrator ndash Process in a Nutshell
1) Datasource 2) Custom Table (Auto Create or Manual)
4) To Use the Data ndash Add it to a Domain (and join if you wantcan)
3) Upload
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
5
Overview of data in
Overview of data out
IBM Security Privileged Identity
Manager Integration (ISPIM) example
use case
Agenda
httpxkcdcom1201
copy 2015 IBM Corporation
IBM Security
6
Overview of Data In
ndash Enterprise Integrator
ndash LDAP
ndash Universal Feed
ndash APIs (eg group member changes)
Data In
copy 2015 IBM Corporation
IBM Security
7
Import data from databases and hosted flat files
Enterprise Integrator ndash Overview
copy 2015 IBM Corporation
IBM Security
8
Enterprise Integrator ndash Process in a Nutshell
1) Datasource 2) Custom Table (Auto Create or Manual)
4) To Use the Data ndash Add it to a Domain (and join if you wantcan)
3) Upload
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
6
Overview of Data In
ndash Enterprise Integrator
ndash LDAP
ndash Universal Feed
ndash APIs (eg group member changes)
Data In
copy 2015 IBM Corporation
IBM Security
7
Import data from databases and hosted flat files
Enterprise Integrator ndash Overview
copy 2015 IBM Corporation
IBM Security
8
Enterprise Integrator ndash Process in a Nutshell
1) Datasource 2) Custom Table (Auto Create or Manual)
4) To Use the Data ndash Add it to a Domain (and join if you wantcan)
3) Upload
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
7
Import data from databases and hosted flat files
Enterprise Integrator ndash Overview
copy 2015 IBM Corporation
IBM Security
8
Enterprise Integrator ndash Process in a Nutshell
1) Datasource 2) Custom Table (Auto Create or Manual)
4) To Use the Data ndash Add it to a Domain (and join if you wantcan)
3) Upload
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
8
Enterprise Integrator ndash Process in a Nutshell
1) Datasource 2) Custom Table (Auto Create or Manual)
4) To Use the Data ndash Add it to a Domain (and join if you wantcan)
3) Upload
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
9
The Text Import Uses the HXTT
CSV Library - Provides
Undocumented (by Guardium at
least) Options
For Example
ndash _CSV_Separator JDBC Property to
change the CSV Separator
ndash Reveals that for Samba Shares You
can Use Domain Users by Specifying
the domain before ldquordquo in the
Username
Credit to Jonas Hirner at IBM
Germany for Pointing HXTT Outndash httpswwwibmcomdeveloperworksmydevelop
erworksblogsdscoentryguardium_enterprise_in
tegrator_advanced_features_of_the_text_databa
se_driver16lang=en
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
10
Recently added you can run DML after the upload to help clean things
up
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
11
You can use certain
variables to only import
new data and skip the
restndash ^FromDate^ Date of previous
upload
ndash ^ToDate^ Date of currently
running upload
ndash ^fromID max(ID) of previous
upload
ndash ^toID max(ID) of current upload
Enterprise Integrator ndash Internals and Useful Things you Might Not Know About
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
12
Using it for Change Ticket Integration is Common
Using it for External Group Population is Fairly Common
A good method for importing Progress DB audit data into Guardium (and
used to be the method to get iSeries journal entries into it as well before
the iTap)
Windows System Event Imports with Snare
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_1_cas_or_snare30lang=en
ndash httpswwwibmcomdeveloperworkscommunityblogsDSCOTechentrywind
ows_system_events_in_guardium_part_2_configuring_snare_backlog_and_g
uardium_to_work_together15lang=en
Enterprise Integrator ndash Some Examples of Use
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
13
Import data from enterprise directories to populate groups
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
14
LDAP ndash Overview
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
15
LDAP ndash Useful Tips on LDAP Imports
Guardiumrsquos interaction with ADLDAP is as simple as it gets ndash because of that it
makes use simple low level tools to help develop your queries ndash ldp for instance
Common Problem SQL Server Accounts ndash Need to add a domain prefix to the
accounts before you can use them in reportspolicies Use Parameterized LDAP
imports (details on next slide courtesy of Joe DiPietro)
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
16
LDAP ndash Useful Tips on LDAP Imports
Create a group called ldquo-Test1rdquo (type is USER)
Create another group ldquo-Test1_bindValuesrdquo (type OBJECT)
with the same groupname but add ldquo_bindValuesrdquo to name
This will identify what LDAP Bind Values can be
parameterized to the member names when importing
these elements into the group
Put your domain first then put in the groups that
the users are associated with In my case the ldquodomain
is vm and the groups are userGroup and
WINS Users
Domain ldquoVMrdquo is first position in the group definition
ldquouserGrouprdquo andldquoWINS usersrdquo are the groups to search as the second position
This will be your results with ldquodomainrdquordquoLDAP Attributerdquo
ldquo-Test1rdquo Group definition
Special case for SQL Server authentication with full domain name
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
17
Translate a feed to the Universal Feed Protocol
Big Difference with data imports Real Time Looks like a new STAP
A Good Question to Ask Yourself When Choosing UF or Enterprise
Integrator ndash If Irsquom polling anyway would batch imports be bettersimpler
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
18
The UF feature is an externalized and documented protocol
Documentationndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1210universalfeed
ndash httpwwwibmcomdeveloperworksdatalibrarytecharticledm-1211universalfeed2
Examples (other than the MainframeIBM i STAPs which implement a UF variant as well)
ndash NECrsquos Elastic Relational Store implements the UF to work with Guardium
ndash Denodo is actively working on providing a UF implementation for its data virtualization
product
ndash Bateleur Software developed something for Adabas
bull httpwwwbateleurcozaproductsadaguard
ndash UF Feed Proxy for Guardium Data EncryptionVormetric Transparent Encryption
bull httpsgithubcomjohnhaldemanGuardDETap
bull Has been adapted on at least one occasion to show SYSLOG forwarding to Guardium
(but it may not be wise to try make Guardium a SIEM or log aggregator)
ndash UF Feed Proxy for MongoDB (donrsquot use this to monitor MongoDB ndash STAPs do that now)
bull httpsgithubcomjohnhaldemanmongoTap
Universal Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
19
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
20
grdAPIs are primarily used to speed up repetitive tasks not integration
REST APIs provide a more convenient interface for applications
Good use case is pushing group changes to Guardium rather than having
Guardium pull in the changes through the enterprise integrator
We already did some tech talks on the APIsndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageInfoSphere20Guardium20Tech20Talk20-
20Using20Guardium20APIs20to20speed20deployment20and20automate20repetitive20tasks
ndash httpswwwibmcomdeveloperworkscommunitywikishomelang=enwikiWf32fc3a2c8cb_4b9c_83e4_09b3c6f60e46p
ageTake20a20RESTful20look20at20InfoSphere20Guardium20APIs
Interesting Use Case for REST APIs ndash Modifying Guardium Policies with QRADAR
through SDI
ndash httpsibmbizBdXMsK
grdAPI and REST APIs
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
21
Overview of Data Out
ndash CSV Exports
ndash External Feed
ndash SYSLOG
ndash REST API
Data Out
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
22
Generate the CSV file with an audit process then export it
CSV Exports ndash Overview
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
23
CSV Exports ndash CSV File Generation
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
24
CSV Exports ndash CSV File Export
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
25
CSV Exports ndash Resultant File
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
26
Run a audit process and pipe the audit process results to a JDBC
connection
Psssthellip Not to be confused with the Universal Feed ndash also itrsquos not really a
feed
External Feed ndash Overview
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
27
Define a feed with a grdAPI
ndash grdapi create_ef_mapping reportName=Sessions List
Start the Guardium fileserver and in the logs section retrieve the provided
table template
External Feed ndash Setup
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
28
Adjust the template (comes built for MySQL ndash so it may require changes)
Create the table in your target database
Create a datasource for the target database
In the audit process builder task specify the external feed and the datasource
If required (eg using a different table name) adjust the feed mapping with ndash grdapi modify_ef_mapping
External Feed ndash Setup Continued
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
29
SYSLOG ndash Overview
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
30
CLI Command store remotelog
SYSLOG ndash Registering Receivers
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
31
Customize Message Format
SYSLOG
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
32
Policies
SYSLOG ndash Three Ways to Send Data
Threshold Alerts
Audit Processes
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
33
REST Querying ndash Overview
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
34 copy 2015 IBM Corporation
ISPIM Use Case
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
35
IBM Security Privileged Identity Manager Integration (ISPIM) Example
Use Cases
ndash Context What is ISPIM anyway
ndash Integration Use Case Track and Identify Ownership for Shared Credentials
ISPIM Primary Features
ndash Shared Credential Management and Password Vault
ndash Application Identity Management
ndash Session Recording
ndash Single Sign On
Use Case with ISPIM
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
36
ISPIM ndash Components and How it Works Check Out
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
37
ISPIM ndash Components and How it Works Check In
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
38
Integration Use Case ndash Track and Identify Ownership for Shared Credentials
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
39
In ISPIM shared credentials are kept in the IBM Security Directory Server
In our lab environment that falls under the DN
ou=credentialsou=credCatalogerglobalid=00000000000000000000ou=iidc=com
We know that by browsing to it in ldp
Populating privileged user (shared credential) groups using LDAP
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
40
Configuring the LDAP query
Search filters can be used to limit what shared credentials are pulled in (limiting on credential
tag probably makes the most sense for ISPIM)
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
41
Imported Users
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
42
Usage of group in shared account report
Importing the Shared Credentials into Guardium
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
43
Configuring the Enterprise Integrator Import
Importing Shared Credential Checkouts
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
44
Not a simple join ndash based on ownership after checkout ndash Instead Create a Custom Column
grdapi create_computed_attribute
SQL Statement for column (Imported table is in CUSTOM MySQL database and can be
referenced)
Correlating Checkout Events to Sessions
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
45
Shared Account Ownership in Guardium Reports
Result ndash Ownership of shared account when connection is initiated is reported on
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
46
Direct Export of Data to ISPIMrsquos DB2 Database
External Feed Definition
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
47
Direct Export of Data to ISPIMrsquos DB2 Database
Audit Process Audit Task
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
48
Queries without export
Uses this tool that takes Guardium REST calls and translates them into XML that Cognos can
understand
ndash httpsgithubcomjohnhaldemanguardiumReportWrapperForCognos
Notes on how to use it
ndash httpinfoinsightsllcblogspotca201504querying-live-guardium-data-with-cognoshtml
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
49
Queries without export - Example httplthostgtltportgtGuardiumJSONtoXMLxmlReportreportName=Sessions20ListampQUERY_FROM_DATE=NOW+-
1+weekampQUERY_TO_DATE=NOWampSHOW_ALIASES=YESampREMOTE_SOURCE=25
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
50
Queries without export ndash Configuration in Cognos
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
51
Direct Export of Data to ISPIMrsquos DB2 Database or Direct Query through the XML Wrapper
The Data in Cognos
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
5252
Information training and community cheat sheet
Guardium Tech Talks ndash at least one per month Suggestions welcome
InfoSphere Guardium YouTube Channel ndash includes overviews technical demos tech talk replays
developerWorks forum (very active)
Guardium DAM User Group on Linked In (very active)
Community on developerWorks (includes discussion forum content and links to a myriad of sources developerWorks articles tech talk materials and schedules)
Guardium on IBM Knowledge Center (was Info Center)
Deployment Guide for InfoSphere Guardium Red Book
Technical training courses (classroom and self-paced- provided by Business Partners)
InfoSphere Guardium Virtual User Group Open technical
discussions with other users Not recorded
Send a note to krzeideusibmcom if interested
52
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
copy 2015 IBM Corporation
IBM Security
53
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
