- #GUARDIUM USER ACTIVITY AUDIT TRAIL INSTALL#
- #GUARDIUM USER ACTIVITY AUDIT TRAIL FULL#
- #GUARDIUM USER ACTIVITY AUDIT TRAIL SERIES#
The filter plug-in parses, filters, and modifies event logs into a Guardium-digestible format. This plug-in filters the events captured by the input plug-in. Depending on the type of plug-in, there are settings to either pull events from APIs or receive a push of events.įilter plug-in.
#GUARDIUM USER ACTIVITY AUDIT TRAIL SERIES#
Under the hood, the universal connector is a Logstash pipeline comprised of a series of three plug-ins:
#GUARDIUM USER ACTIVITY AUDIT TRAIL FULL#
Please refer available plugins to see the full list. Our latest product version for Guardium Insights is 3.2 Supported data sourcesĬonnecting a data source to Guardium requires a designated plug-in. Our latest product version for Guardium Data Protection is 11.5. It is recommended to use our latest product versions for Guardium Data Protection and Guardium Insights. You can apply policies, view reports, monitor connections, for example. For more information, see Enabling Load-Balancing and Fail-Over.Ĭonnections to databases that are configured with the Guardium universal connector are handled the same as all other datasources in Guardium. The load-balancing mechanism distributes the events sent from the data source among a collection of universal connector instances installed on the Guardium endpoints (i.e., Guardium Data Protection collectors or Guardium Insights pods). It provides load-balancing and fail-over mechanisms among a deployment of universal connector instances, that either conform to Guardium Data Protection as a set of Guardium Collectors, or to Guardium Insights as a set of universal connector pods. The Guardium universal connector is scalable. The Guardium policy, as usual, determines whether the activities are legitimate or not, when to alert, and the auditing level per activity. The output of the Guardium universal connector is forwarded to the Guardium sniffer on the collector, for policy and auditing enforcements. The Guardium universal connector identifies and parses the received events, and converts them to a standard Guardium format. The open architecture enables reuse of prebuilt filters and parsers, and creation of shared library for the Guardium community. For the data sources with pre-defined plug-ins, you configure Guardium to accept audit logs from the data source.įor data sources that do not have pre-defined plug-ins, you can customize the filtering and parsing components of audit trails and log formats. It supports pull and push modes, multi-protocols, on-premises, and cloud platforms. The Guardium universal connector supports many platforms and connectivity options. Guardium universal connector architectureĭata flow from input plugin to guardium sniffer The incoming events received by the universal connector can be configured to arrive either encrypted or as plain text.įigure 1. That includes: information and administrative system logs (e.g.: login logs, various data lake platform native plug-in related data), DDLs and DMLs, errors of varying subtypes, etc. The captured events embed messages of any type that is supported by the configured data source.
#GUARDIUM USER ACTIVITY AUDIT TRAIL INSTALL#
You can easily develop plug-ins for other data sources and install them in Guardium. It includes support for various plug-in packages, requiring minimal configuration.
The Guardium universal connector enables Guardium Data Protection and Guardium Insights to get data from potentially any data source's native activity logs without using S-TAPs.
0 kommentar(er)
