InfoSphere Guardium V9 Technical Training, ERC - 2.1 Student Excercises

InfoSphere Guardium V9
Technical Training
Student Exercises
GU202G, ERC: 2.1
3721, Version 001-1
GU2022XSTUD
InfoSphere Guardium V9
Technical Training
Student Exercises
GU202G, ERC: 2.1
3721, Version 001-1
GU2022XSTUD
V8.2
cover
IBM Training Front cover

Student Exercises
InfoSphere Guardium V9 Technical Training
Course code GU202 ERC 2.1
Student Exercises
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide:
AIX
DB2
InfoSphere
Tivoli
AS/400
Guardium
S-TAP
z/OS
DB
Informix
System z
Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in

the United States, and/or other countries.
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other
countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks
of Oracle and/or its affiliates.
VMware and the VMware "boxes" logo and design, Virtual SMP and VMotion are registered
trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other
jurisdictions.
Netezza is a trademark or registered trademark of IBM International Group B.V., an IBM
Company.
Other product and service names might be trademarks of IBM or other companies.
August 2014 edition

The information contained in this document has not been submitted to any formal IBM test and is distributed on an as is basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customers ability to evaluate and integrate them into the customers operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.
Copyright International Business Machines Corporation 2011, 2014.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
V8.2
Student Exercises
TOC
Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Exercises description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Exercise 1. Using the Guardium CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Exercise 2. Creating Guardium Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Exercise 3. Archiving Collected Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Exercise 4. Installing GIM and S-TAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Exercise 5. Creating Guardium Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Exercise 6. Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Exercise 7. Updating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Exercise 8. Installing and Configuring CAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Exercise 9. Running a Vulnerability Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Exercise 10. Creating a Simple Query and Report . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Exercise 11. Creating a Query with Drill-down . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Exercise 12. Creating Multiple Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Exercise 13. Creating a Compliance Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Copyright IBM Corp. 2011, 2014

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Contents
iii
Student Exercises
iv

V8.2
Student Exercises
TMK
Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide:
AIX
DB2
InfoSphere
Tivoli
AS/400
Guardium
S-TAP
z/OS
DB
Informix
System z
Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in

the United States, and/or other countries.
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other
countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks
of Oracle and/or its affiliates.
VMware and the VMware "boxes" logo and design, Virtual SMP and VMotion are registered
trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other
jurisdictions.
Netezza is a trademark or registered trademark of IBM International Group B.V., an IBM
Company.
Other product and service names might be trademarks of IBM or other companies.

Trademarks
Student Exercises
vi

V8.0
Student Exercises
pref
Exercises description
This course includes the following exercises:
Using the Guardium CLI
Creating Guardium Users
Archiving Collected Data
Installing GIM and S-Tap
Creating Guardium Groups
Creating a Policy
Updating a Policy
Running a Vulnerability Assessment
Creating a Simple Query and Report
Creating a Query with Drill-down
Creating Multiple Queries
Creating a Compliance Workflow
In the exercise instructions, you can check off the line before each
step as you complete it to track your progress.
Most exercises include required sections which should always be
completed. It might be necessary to complete these sections before
you can start later exercises. Some exercises might also include
Exercises description

vii
Student Exercises
optional sections that you might want to complete if you have sufficient
time and want an extra challenge.
viii

V8.2
Student Exercises
EXempty
Exercise 1. Using the Guardium CLI

What this exercise is about
In this first exercise, you will spend a little time familiarizing yourself
with the virtual machines, followed by some short activities using the
Guardium Command Line Interface (CLI) to inspect the current
Guardium configuration (there will be nothing for you to change here
since the actual product configuration was performed when Guardium
was first installed).

1-1
Student Exercises
Exercise instructions
Follow these instructions to perform the exercise. Ask your instructor for assistance if
necessary.
Warning
Remember that Linux commands and arguments are case sensitive. Type commands,
usernames, and passwords exactly as shown.
__ 1. Access the Guardium Red Hat Linux image:

a. In the elab portal, double click on the Putty icon. The PuTTY Configuration
window will open.
b. Under Saved Sessions, select collector and click on the Load button. Then
click on the Open button.
c. At the login prompt, enter the username cli (all lower case letters) and press
Enter. The password will be provided by your instructor.
Information
You will often see the IBM InfoSphere Guardium product referred to as SQL Guard (or
SQLGuard). SQL Guard is the old name of the product before it was changed to IBM
InfoSphere Guardium not all references have yet been updated. In these materials, we
will just refer to the product as Guardium.
1-2

V8.2
Student Exercises
EXempty
__ 2. Following a successful login, you will arrive at the CLI prompt as shown below:
The prompt is made up of the machine hostname and domain name - these were
configured when Guardium was installed. You can inspect these directly by entering
the following CLI commands (press Enter at the end of each command to view the
results):
v9collector01.ibm.com> show system hostname
v9collector01.ibm.com> show system domain
Information
Most Guardium CLI commands consist of a command word followed by one or more
arguments. The argument can be a keyword or a keyword followed by a variable value (for
example, an IP address, subnet mask, date, and so on). Commands and keywords are not
case sensitive, but element names are.
In the above example, which just uses the show command and subsequent
keywords, entering SHOW SYSTEM HOSTNAME would work just as well.
__ 3. The basic show command can be used to inspect many different configuration
parameters. For example, enter the following commands to inspect the network
configuration:
v9collector01.ibm.com> show network interface all
Guardium CLI commands may also be abbreviated if required - usually to a

minimum of 3 characters (to ensure no ambiguity). For example the above
command can be abbreviated to:
v9collector01.ibm.com> sho net int all

1-3
Student Exercises
__ 4. If you cannot remember all the command arguments, then the Guardium CLI will list
them for you. For example, just enter the show command by itself (or show ?):
This lists all the possible arguments that can follow the show command.
Similarly, just entering show network will list the possible arguments that can follow
the show network command:
__ 5. Entering ? at the CLI prompt will list all possible commands:
Information
All Guardium CLI commands are documented in the CLI Reference Appendix. This is
included in the IBM InfoSphere Guardium Version 9.0 Appendices document (available in
pdf format) that accompanies the product software.
Enter the following command to exit from the Guardium CLI.

v9collector01.ibm.com> exit
1-4

V8.2
Student Exercises
EXempty
__ 6.
Information
In a real world situation, it is likely that you will be accessing the Guardium CLI remotely via
something like ssh, rather than directly using the console as you have been doing so far
(ssh or Secure Shell is a network protocol that allows data to be exchanged using a secure
channel between two networked devices).
In this step, we will launch the second VMware image (which also fulfills the
database server role) and use that to access Guardium.
Access the SUSE Linux image:
a. In the elab portal, double click on the Xming icon. The SUSE Linux window
will open.
b. At the login prompt, enter the username root (all lower case letters) and
press Enter. Enter the password guardium (all lower case letters) and press
Enter.
__ 7. Right-click in an open area of the Windows desktop and select Open Terminal
from the pop-up menu.
Test the connection to the Guardium image using the ping command:
dbserver01:~ # ping 192.168.169.9
Verify that you can ping successfully. Press CTRL-c to terminate the ping command.
__ 8. From the terminal window, login to the Guardium image as the cli user using ssh:
dbserver01:~ # ssh cli@192.168.169.9
When prompted (it takes around 30 seconds initially), enter the same password as
before. If you are prompted about the authentication of the host, respond yes to
continue.
__ 9. When you are successfully logged in to the Guardium CLI, use the CLI ping
command to ping the database server (there needs to be two-way communication
between Guardium and the database server):
v9collector01.ibm.com> ping 192.168.169.8
Verify that you can ping successfully. Press CTRL-c to terminate the CLI ping
command.
__ 10. For the remaining activities in this class, we will use the Guardium Console Web
application rather than the CLI to configure Guardium. To make life a little easier, the
Web application's password validation has been disabled, and password expiration
and Web session timeouts have been extended. Verify this as follows:

1-5
Student Exercises
v9collector01.ibm.com> show password validation

Confirm that password validation is set to off.
v9collector01.ibm.com> show password expiration gui
Confirm that password expiration is set to 90 days. The CLI refers to the Guardium
Console Web application as the "GUI".
Enter the show timeout command for the cli_session:
- v9collector01.ibm.com> show timeout cli_session
- Confirm the cli timout is set to 600 seconds.
- Repeat this process to determine the timeout value for fileserver_session and
for db_connection.
__ 11. Enter the exit command to exit the Guardium CLI and the ssh session:
Close the terminal window (use the exit command again).
__ 12. The SUSE Linux image functions as an IBM DB2 database server. You will now
inspect the DB2 setup on this virtual machine. It is easier if we do this as the DB2
administrative user rather than root. Follow the instructions below to logoff the root
user and logon as the DB2 administrator.
In the SUSE Linux image, click Computer (in the task bar at the bottom left of the
screen) and choose Log Out from the pop-up menu. Click OK to confirm the log
out.
Log back on with the username db2inst1, password guardium.
__ 13.
Information
To be able to explore Guardium's functionality, we need at least one active database
instance and an actual database to monitor for activity.
Open a terminal window (right-click and Open Terminal) and enter the command
db2cc & to start the IBM DB2 Control Center application in a separate window.
Select Advanced and click OK to dismiss the startup configuration dialog.
Expand the tree view on the left of the application by selecting
All Systems->GUARDIUM
TRAINING->Instances->db2inst1->Databases->SAMPLE->Tables.
The display will look similar to the screenshot shown.
1-6

V8.2
Student Exercises
EXempty
Notice that there is a running DB2 instance called db2inst1 with a single database
called SAMPLE which contains a number of tables. It is this instance and database
that we will subsequently monitor.

1-7
Student Exercises
__ 14. Under the SAMPLE database, expand the User and Group Objects node and click
DB Users.
Notice that a number of database users have been defined (9 in total). We will refer
to these in subsequent activities.
__ 15. Close the DB2 Control Center application and the terminal window. Log out the
db2inst1 user and log back on as root (password guardium).
__ 16.
Information
It will greatly assist you in understanding Guardium's capabilities if the database instance
you are monitoring is in constant use preferably with multiple users performing a variety
of different tasks. We have simulated this in our training environment using a continuously
running Linux cron job that is constantly executing a number of different database scripts.
You will briefly inspect these scripts so that you are aware of the nature of this activity.
Open a terminal window and navigate to the /home/db2inst1/db2scripts directory:

dbserver01:~ # cd /home/db2inst1/db2scripts/
__ 17. Inspect the shell script cron-01.sh stored in this directory using the cat command:
dbserver01:/home/db2inst1/db2scripts # cat cron-01.sh
1-8

V8.2
Student Exercises
EXempty
sleep 10
/home/db2inst1/db2scripts/db2-priv-users1.sh 1
sleep 60
/home/db2inst1/db2scripts/db2-dml-nonpriv.sh 1
sleep 60
sleep 60
/home/db2inst1/db2scripts/db2-select.sh 2
sleep 60
/home/db2inst1/db2scripts/db2-storedprox.sh 1
sleep 60
/home/db2inst1/db2scripts/db2-exceptions.sh 1
sleep 60
sleep 60
/home/db2inst1/db2scripts/db2-setup.sh 1
This script is being constantly run as a cron job. Cron is a time-based job scheduler
in UNIX operating systems. cron enables users to schedule jobs commands or
shell scripts to run periodically at certain times or dates. Our cron job executes a
number of other scripts (which reside in the same directory) between specified sleep
intervals. It is these scripts which actually perform a variety of tasks against the DB2
database.
Inspect one or two of these scripts using the cat command. Do not worry about the
exact commands that these scripts are running just satisfy yourself that they are
indeed performing a variety of different database tasks using a number of different
users (those you saw earlier in the DB2 Control Center).
__ 18. Close any terminal windows that you have open.
End of exercise

1-9
Student Exercises
1-10 InfoSphere Guardium V9 Technical Training

V8.2
Student Exercises
EXempty
Exercise 2. Creating Guardium Users

In this exercise, you will use the Guardium Console Web application to
create Guardium users and assign them to appropriate roles. We will
use these users in later activities.

2-1
Student Exercises
__ 1. In the SUSE Linux image, start the Firefox Web browser (either enter the command
firefox https://192.168.169.9:8443 &
in a terminal window or click Computer in the task bar and choose Firefox from the
list of Favorite Applications).
__ 2. Firefox's home page is set to the Guardium Console web application's url https://192.168.169.9:8443. Click OK to accept the certificate warning and progress
to the Guardium login page.
Enter the user name accessmgr, password guardium.
2-2

V8.2
Student Exercises
EXempty
You will be prompted to change the password. Set the new password to ibm.
Information
Guardium comes with two built-in users that you can use to access the Guardium Console
Web application administratively:
accessmgr: A member of the accessmgr role. Use this user to create other users
and roles, and to set role memberships.
admin: A member of the admin role. Use this user for all other administrative
functions.
You cannot delete these users, nor can you remove them from their default roles.
__ 3. Once you have successfully logged on as accessmgr, you will be presented with
two tabs Access Management and Data Security. Access Management should be
selected by default (if it is not, then select it).
Click the User Browser link to see the list of current Guardium users. There will be
only two users defined so far - the built-in accessmgr and admin users.

2-3
Student Exercises
Click the Add User button and enter the following information:
Username
User01
Password
guardium
First Name
Henry
Last Name
Xavier
Email
henry@ibm.com
Disabled
Un-checked
Remember to uncheck the Disabled check box (it will be checked by default). You
can disregard the text about the password characteristics since, as we saw in the
previous activity, password validation has been disabled.
Click Add User.
__ 4. Repeat this process to create the remaining three users (all with password set to
guardium):
User02, Tracy Yuen, tracy@ibm.com
User03, Dan Charles, dan@ibm.com
User04, Pat Deacy, pat@ibm.com
__ 5. When you are done adding the users, the display on your browser should look
something like this:
2-4

V8.2
Student Exercises
EXempty
Click the Roles link for User01 and add the user to the infosec role by checking the
appropriate checkbox (you will see that User01 is already a member of the user role
leave this checked).
Click Save to persist the change.

Add further role memberships as follows:
User02 Roles infosec and user
User03 Roles dba and user
User04 Roles audit and user
__ 6. Click the User & Role Reports link to display summary information about user and
role memberships.

2-5
Student Exercises
Double-click on individual users or roles and then select Record Details from the
pop-up menu. This will show you further information about that users role
memberships or the users assigned to a specific role. This report does not display
details of the admin user or role.
2-6

V8.2
Student Exercises
EXempty
__ 7. Logout of the Guardium Console Web application and close the browser.
End of exercise

2-7
Student Exercises
2-8

V8.2
Student Exercises
EXempty
Exercise 3. Archiving Collected Data

In this exercise, you will use the Guardium Console Web application to
archive some pre-existing data stored previously by the Guardium
collector. Since there is no external permanent storage mechanism
available to you in this training environment, you will simply archive the
data to a flat file on the SUSE Linux image to allow you to see how to
setup the mechanism and easily view the result.

3-1
Student Exercises
necessary.
__ 1. In the SUSE Linux image, log on as root. Start Firefox and log on to the Guardium
Console Web application as admin. The beginning password is guardium. You will
be prompted to change the password; change it to ibm.
Information
Notice that the screen is very different from the previous exercise where you logged in as
accessmgr. The accessmgr user is a member of the accessmgr role and is restricted to the
few tabs and pages related mostly to user and role access to Guardium. The admin user is
a member of the admin role which exposes all the administrative functions available
(except for those associated with user and role access management). There are numerous
tabs and pages associated with these functions.
__ 2. Before we look at data archiving, let us enable IP to hostname aliasing for this setup
(this will tell Guardium to show the actual hostname corresponding to an IP address
if available). This will not actually have much effect in this training environment
because we do not have a DNS (Domain Name Server); however, it is an example
of something that you would normally do in a real world installation.
Click the Administration Console tab to access the Adminstration
Console pane, and then expand Configuration and click
IP-to-Hostname Aliasing.
Check both checkboxes (as shown). Click OK to accept the warning

about existing aliases being overridden.
Click Apply to commit the change.
3-2

V8.2
Student Exercises
EXempty
__ 3.
Information
Simply applying this configuration setting does not actually do much (other than saving the
setting to the Guardium database, of course). You still need to instruct Guardium to actually
do the aliasing. You can either do this immediately by clicking the Run Once Now button or
schedule the activity on a periodic basis. Let us do both options.
Click the Define Schedule button.
Set the activity to start at 10 pm every day (this is the start time recommended by
the Guardium Implementation Best Practices Guide to avoid potential conflicts with
other scheduled activities).
Save your changes (click the Save button).


3-3
Student Exercises
Notice that the traffic light symbol has now turned green to indicate a scheduled
activity.
Click the Run Once Now button to execute the process immediately. A dialog box
will tell you the process may take some time to perform; click OK to acknowledge
this. You will get a confirmation message when the process is complete. Click OK to
continue.
__ 4.
Information
Now let us get to the data archiving part. In this exercise, you will configure the system to
archive data to a folder on the SUSE Linux image. You would normally archive data older
than 1 day and ignore data older than 2 days to just archive the previous day's activity;
however, in this training environment, it is likely that this would result in nothing being
archived. So to see some effect from this activity, you will extend the archive data set well
into the past to pick up some previously collected data.
You will also disable any purging of collected data for the purposes of this exercise
(it will be useful to you in later exercises to have some past data to work on). Again,
this is not something you would normally do. Usually collected data should be
regularly purged from the system once it has been archived to save space.
In the Administration Console, click Data Management, then Data

Archive.
Check the Archive checkbox and change the settings to archive data
older than 1 day and to ignore data older than 60 days (you might need
to go further back than this - check with your instructor).
3-4

V8.2
Student Exercises
EXempty
Select the SCP protocol (we are just sending the data to a file system)
and enter the following data:
Host
192.168.169.8
Directory
/root
Username
root
Password
guardium
Uncheck the Purge checkbox if checked.
Apply your changes (click the Apply button).

Wait until you see this message before moving on:
Click on OK to continue.

3-5
Student Exercises
__ 5.
Information
At this point, you would normally want to schedule the archive and purge activity to run
overnight on a regular basis (the Guardium Implementation Best Practices Guide
recommends a 1:30 am start time dependent on your specific requirements); however, that
is a long time to wait to see some effect. You will run the activity immediately so you can
observe the result.
Click the Run Once Now button (it should have become active once the Apply
completed) to execute the activity immediately.
When the system prompts you that the operation is complete, click OK to continue.
__ 6. To see what is going on, use the Guardium Monitor pages to report on the activity.
Click the Guardium Monitor tab to access the Guardium Monitor pane, and then
click the Aggregation / Archive Log link.
3-6

V8.2
Student Exercises
EXempty
This built-in report shows activity by default from the previous week. After a short
delay, you should see messages similar to those shown indicating that archiving has
successfully completed.
__ 7. Confirm that the data has been successfully filed in the specified /root folder.
Minimize the web console window. Open a terminal window if one is not already
open. Since you are logged on to the SUSE Linux machine as the root user this
should take you directly to the /root folder.
Enter the following command to list any archived data files:
# dbserver01:~ # ls *.enc
In this example, the archive activity resulted in the creation of a total of 11 files
corresponding to 11 days of archived data. Data is always collected and archived on
a daily basis. Your number of files may vary.
For reference, the file naming convention is as follows:
Close the terminal window and maximize the web console window.
__ 8. Guardium maintains a catalog of archived data files. The catalog can be used if you
ever need to restore any archived data to the system. Let us check that your
archived data files show up in the Guardium catalog.

3-7
Student Exercises
Access the Administration Console pane

Click Data Management, then Catalog Archive
The Catalog Archive Search Criteria will initially be blank. You can leave the Host
Name field empty (it will automatically return cataloged data for all known Guardium
collectors); however, you must enter both start and end date criteria (From/To).
You can enter absolute dates (for example, 2013-07-19) directly or pick them using
the usual Calendar icon; however, Guardium also supports relative dates which can
also be typed in directly or picked using the Relative date selector.
In the example below, the previous 2 months of cataloged data files are being
searched.
Click the Search button to return a list of archived data files:
Verify that your archived data files are present in the Guardium catalog.
__ 9. Logout of the Guardium Console and close the browser. Exit any open terminal
sessions.
3-8

V8.2
Student Exercises
EXempty
End of exercise

3-9
Student Exercises

V8.2
Student Exercises
EXempty
Exercise 4. Installing GIM and S-TAP

The database server image you are using (the SUSE Linux one) does
not currently have any Guardium software installed. Although we have
a running Guardium collector, it is not currently collecting any data
from the database server. In this exercise, you will first install the
Guardium Installation Manager tool (the GIM), and then use that to
install the S-TAP which will monitor local and network database traffic
and forward it to the Guardium collector.
As a further part of this exercise, you will also use GIM to install the
Database Instance Discovery module and subsequently use it to
automatically configure an inspection engine.

4-1
Student Exercises
necessary.
__ 1. Open the SUSE Linux image and log on as user root / password guardium. First,
you will apply the license keys and install the GIM.
__ 2. Open the console web interface, and log in as admin / ibm.
__ 3. Navigate to Administration Console Configuration System.
__ 4. Minimize the console web interface window. On the desktop, locate the Keys folder.
Double click on the Keys folder to open it.
__ 5. In the Keys folder, locate the file named Collector V9 Base Key. Open this file by
double clicking on it.
__ 6. In the gedit window that opens, highlight the collector key value and select EDIT
COPY.
4-2

V8.2
Student Exercises
EXempty
__ 7. Close the gedit and Keys folder windows, and maximize the console web interface
window. Paste the Collector license key into the License Key prompt area using
EDIT PASTE.
__ 8. Scroll to the bottom of the screen and click on the Apply button. Nothing may appear
to happen, but if you scroll back up you should see that the License Key prompt area
is blank.
__ 9. Repeat this process for the DAM Standard V9 append key and also for the DAM
Advanced V9 append key.
__ 10. Scroll to the bottom of the screen and click on the Restart button. At the Are you
sure prompt, answer by clicking the OK button. It will take about 5 minutes for your
Guardium appliance to reboot. You will know it is complete when the web console
interface launches properly. After the reboot is done, log back on to the console web
interface as admin/ibm.
__ 11. First, you will install the GIM. The installation media has already been copied to a
folder on the SUSE Linux image.
Open a terminal window on the SUS Linux image and navigate to the /root/GIM
folder:
dbserver01:~ # cd /root/GIM
List the folder contents:

4-3
Student Exercises
dbserver01:~/GIM # ls
guard-bundle-CAS-v81_r24276_1-suse-10-linux-i686.gim
guard-bundle-DISCOVERY-v81_r24276_1-suse-10-linux-i686.gim
guard-bundle-GIM-v81_r24276_1-suse-10-linux-i686.gim.sh
guard-bundle-STAP-v81_r24276_1-suse-10-linux-i686.gim
The GIM installation media is highlighted above. This folder also contains
installation media for the S-TAP, the instance DISCOVERY module and the
Configuration Auditing System (CAS) module. You will use GIM to install the first two
of these shortly (and the third in a later exercise).
__ 12. You will install the GIM into the folder /usr/guardium - this folder already exists. To
install the GIM, you will enter a command with the following syntax:
./guard-bundle-GIM-guard-<OS Version>.sh -- --dir <install directory> --sqlguardip
<collector or Central Manager IP address> --tapip <database server IP address>
In this exercise, you will install GIM into the /usr/guardium directory. The collector IP is
192.168.169.9 and the database server IP is 192.168.169.8. So your command will
appear as follows:
dbserver01:~/GIM # ./guard-bundle-GIM-v81_r24276_1-suse-10-linux-i686.gim.sh ---dir /usr/guardium/ --sqlguardip 192.168.169.9 --tapip 192.168.169.8
Warning
Be careful that you type this command correctly it is easy to make a mistake here.
4-4

V8.2
Student Exercises
EXempty
After scrolling through the license agreement (or press q to skip to the end), you will
see the following messages:
Installing modules ....
Installation completed successfully
The installation should complete very quickly.
__ 13. There should now be two running processes created and started by the installation.
The GIM client process (gim_client.pl) and the GIM supervisor (guard_supervisor).
Verify that these processes are running using the following command:
dbserver01:~/GIM # ps -ef | grep guard
/usr/bin/perl /usr/guardium/modules/GIM/8.1.00_r24276_1-1298979196/gim_client.pl
/usr/guardium/modules/perl
/usr/guardium/modules/SUPERVISOR/8.1.00_r24276_1-1298979201/guard_supervisor
These processes are maintained by the Linux init process. Entries should have been
added to the /etc/inittab file to enable this.
Enter the following command and verify their presence:
dbserver01:~/GIM # tail -5 /etc/inittab
__ 14. After successfully completing the GIM installation, the two GIM processes should be
visible from the Guardium Console.
Exit the terminal window and maximize Firefox. You should still be logged
into the console web interface as admin/ibm.

4-5
Student Exercises
Click the Administration Console tab and select Module Installation >
Process Monitoring.
You should see a GIM process and a SUPERVISOR process running on your
database server.
__ 15.
Information
It is your objective in this exercise to use GIM to install the S-TAP and DISCOVERY
modules on the database server. You saw earlier that the installation media for these
modules reside in the /root/GIM folder. For GIM to be able to install these modules, they
must first be uploaded to the Guardium collector.
Click the Upload link under Administration Console > Module

Installation.
Click Browse and browse to the /root/GIM folder.
Select guard-bundle-STAP-v81_r24276_1-suse-10-linux-i686.gim and
click Open.
Click Upload to upload the file to the Guardium collector.
Repeat this for the
guard-bundle-DISCOVERY-v81_r24276_1-suse-10-linux-i686.gim file.
4-6

V8.2
Student Exercises
EXempty
Your screen should look like the above screenshot at this point.
Click the checked icon (import this module) for each of the uploaded files. Click OK
to accept the import and OK (again) to confirm its completion.
__ 16.
Information
The next step is to actually install the S-TAP and DISCOVERY modules on the database
server. The tool provides two (very similar) ways of doing this; Setup By Client choose
one or more client systems and then install a selected module on those clients; or Setup By
Module choose a specific module and then install on one or more client systems.
In the following steps, you will install the S-TAP module using Setup By Client and
the DISCOVERY module using Setup By Module so that you can see both
mechanisms.

4-7
Student Exercises
Click the Setup By Client link and then click Search (you can leave all
the search criteria fields empty - since we only have one client we do not
need to refine the search in any way).
Check the box for your database server (there will be only one in this case - if
you have multiple servers, you can select as many as you like).
Click Next.
Highlight the module you want to install

(BUNDLE-STAP_8.1.00_r24276_1)
4-8

V8.2
Student Exercises
EXempty
__ 17. Now, uncheck the box for Display Only Bundles.

Information
Notice that the two modules you uploaded are visible here (BUNDLE-DISCOVERY and
BUNDLE-STAP), along with their individual components. Although you can choose
install individual components, by far the simplest, safest, and quickest way to install or
uninstall modules is by using bundles; guaranteeing automatic dependency and order
resolution.

4-9
Student Exercises
Click Next.
Information
The next page allows you to enter a set of parameters to configure the module that you are
about to install. The screen is split into two sections a set of common module parameters
(this would be applied to all clients if you had selected multiple database servers
previously) and a set of Client Module Parameters to allow you to set parameters for a
specific client.
You will be changing settings under the Client Module Parameters section.
You will only need to enter values into three of the parameters.
a) Set KTAP_LIVE_UPDATE to Y.
Hint
Scroll to the right. KTAP_LIVE_UPDATE will be the first field highlighted in a yellow-orange
color.

V8.2
Student Exercises
EXempty
This setting allows subsequent upgrades to S-TAP without the necessity of

re-booting the database server (not something that will bother you in this training
environment but a good habit to get into in the real world).
b) Scroll further to the right and set STAP_SQLGUARD_IP to 192.168.169.9 (this is
the IP address of the Guardium Collector).
Hint
You can use CTRL+F to access the Linux FIND feature.
c) Nearby to the right, set STAP_TAP_IP to 192.168.169.8 (the IP address of the

database server).
After making these changes, click Apply to Clients (click OK to confirm the
change).
__ 18. Next click Install/Update. A scheduling window will appear:

4-11
Student Exercises
Schedule the install immediately by entering NOW into the Schedule Date and click
Apply.
Click OK to dismiss the confirmation dialog.
__ 19. You can monitor progress using the GIM Event List page under the Guardium
Monitor tab.

V8.2
Student Exercises
EXempty
Installation will normally take a minute or so. Verify successful installation in the GIM
Event List.
Hint
The refresh button is an icon with two yellow arrows.
__ 20. Your S-TAP should now be up and running and recognized by the Guardium
Collector. You can verify this by clicking the System View tab.
You should see the running S-TAP highlighted in green.

4-13
Student Exercises
Information
Although your S-TAP is running, it will not be doing very much as it is not yet aware of any
database instances running on your database server. It needs to have one or more
inspection engines configured. This can be done manually; however, you will use the
DISCOVERY module to automate this.
__ 21. Click the Administration Console tab and go to Module Installation > Setup By
Module.
There is no need to enter any search criteria, just click the Search button.
__ 22. Highlight the BUNDLE-DISCOVERY_8.1.00_r24276_1 module from the list of
modules and click Next.

V8.2
Student Exercises
EXempty
__ 23. Select the database server on which you would like to install by checking the box
(an easy choice as there is only one) and click Next.
__ 24. As before, the module parameter page is split into two - Common Module
Parameters and Client Module Parameters. You will change just one Client Module
Parameter.
Set DISCOVERY_JAVA_DIR to /opt/ibm/db2/V9.7/java/jdk32/jre.To help you
avoid typing errors, this path is stored in a Java setting file on your Linux Desktop so you should be able to copy/paste the path.
Hint
You can access a typing area by clicking on the pencil icon to the right of the value box.
Click Apply after entering the value in this typing area.
Click Apply to Clients to save the change (click OK to confirm).


4-15
Student Exercises
__ 25. As we did before, click Install/Update. A scheduling window will appear:
Schedule the install immediately by entering NOW into the Schedule Date and click
Apply.
Click OK to dismiss the confirmation dialog. Installation will take a minute or so.
__ 26. Using the BACK button, return to the Client selection window. Click on the i to the
right of the checkbox.

V8.2
Student Exercises
EXempty
__ 27. The Installation Status box will be displayed. Scroll down to locate Discovery, and
look at its status. If it is INSTALLED, the installation is complete. If it is anything else,
click the Refresh button until it is installed or it generates an error message.
__ 28. Using the BACK button, return to the Client selection window.

4-17
Student Exercises
__ 29. To confirm that the DISCOVERY module has installed successfully, go to the
Guardium Monitor tab and click GIM Events List.
__ 30. To view any database instances found by the DISCOVERY module, click the Daily
Monitor tab and click the Discovered Instances link (this might take an additional 5
minutes or so).
You should see the single DB2 database instance running. From here, you can
quickly create an S-TAP Inspection Engine based on the newly discovered instance.

V8.2
Student Exercises
EXempty
Double-click the database instance and choose Invoke from the

pop-up menu.
Select create_stap_inspection_engine.
On the next page, confirm that the settings appear correct (you do not need to change any
in this case) and click Invoke now.
__ 31. When the task in complete, you will see this completion page:

4-19
Student Exercises
Close this and any other open dialogs.

__ 32. Confirm the Inspection Engine creation. Click the Administration Console tab and
select Local Taps > S-TAP Control.
Expand the Inspection Engines node to see the newly created engine.

V8.2
Student Exercises
EXempty
__ 33. Let us review what you have done here. You first installed the GIM on the database
server and used that to install both an S-TAP module and a DISCOVERY module.
You then used the DISCOVERY module to discover any running database
instance (one was found), and to create and configure an inspection engine for that
database instance.
The Guardium Collector should now be receiving database traffic from the S-TAP.
This can be verified using the SYSTEM VIEW tab on the Administrative Console.
The existing S-TAP / Inspection Engine should be displayed in green under the
S-TAP Status Monitor section. Additionally, the S-TAP numbers for DB2 under the
Current Status Monitor section should no longer be 0, but should be an
ever-increasing value. (Remember, there is a continuously running cron job
generating a variety of database activity from multiple users. The S-TAP / Inspection
Engine are monitoring this traffic.)
__ 34. Logout of the Guardium Console, close the browser and any open terminal
windows.
End of exercise

4-21
Student Exercises

V8.2
Student Exercises
EXempty
Exercise 5. Creating Guardium Groups

In this exercise, you will create a couple of Guardium groups made up
of different users that we will make use of in later exercises. You will
also add some objects to a pre-defined built-in group.

5-1
Student Exercises
Follow these instructions to perform the exercise. Ask your instructor for assistance, if
necessary.
__ 1. In the SUSE Linux image, start Firefox and log on to the Guardium Console as
admin/ibm.
__ 2. Click the Tools tab and select Group Builder from the list of tools.
You do not need to supply any Group Filter parameters, just click Next.
__ 3. You are going to create a new group using manual entry rather than modify one of
the existing groups. Enter the following information in the Create New Group area of
the screen. (You may need to scroll down to find this area.):
Application Type
Group Description
Group Type Description
Public
-tr Trusted Users
USERS
Information
It is good practice to identify the groups that you create with some sort of prefix (in this
case, we have used -tr) to distinguish user added groups from the built-in ones. In addition,
the '-' character at the beginning means that your groups appear at the top of the list of
groups and are consequently easier to find and select.
5-2

V8.2
Student Exercises
EXempty
Click the Add button to add your new group.

__ 4. Add the users HR and APPUSER to your new -tr Trusted Users group. You should
be able to pick them from the Add an existing Member to Group drop-down:

5-3
Student Exercises
Note: You may have to click the refresh button (two yellow arrows) to the right of Add
an existing Member to Group to populate the drop down list.
Click Back to return to the group list (you should see your new group at the top).
__ 5. Add a second new group called -tr Privileged Users:
Application Type
Group Description
Group Type Description
Public
-tr Privileged Users
USERS
Do not add any new users to the group; click the Add button to create the group,
and then just click the Back button where you should see your new (but empty)
group at the top of the list.
__ 6. Highlight your new -tr Privileged Users group and click the Populate from Query
button.
5-4

V8.2
Student Exercises
EXempty
__ 7. Select a pre-existing query called Detailed Sessions List from the query
drop-down (we will look at how to build queries later).
Select DB User Name from the Fetch Member from Column drop-down
Set the Date parameters to NOW -1 DAY and NOW (the query will just
scan your recently collected data for DB users)
Enter a wildcard search character '%' for the Server IP (as shown)
Click Save to save the query parameters
Finally, execute the query by clicking Run Once Now

5-5
Student Exercises
__ 8. The query will run and return a list of recent database users. From the results list,
just check the A2840 user and the SCOTT user:
Click Import to add the select member to the Group. Click OK to accept the import
confirmation.
Click Back to return to the Group list.
Click the Back button to return to the Group list.
__ 9. For your final group, you will add some new members to a built-in group called
Sensitive Objects.
Highlight the Sensitive Objects group and click the Populate from Query button.
This time select a query called Objects List.
5-6

V8.2
Student Exercises
EXempty
Select Object Name from the Fetch Member from Column drop-down and set the
date parameters as before.
Save your query parameters (click the Save button) and execute the query by
clicking Run Once Now.
From the list of query results, select the following objects:
db2inst1.cc_numbers
db2inst1.G_EMPLOYEES
db2inst1.G_PRODUCTS
v_cc
Click Import to add the selected objects to the group. Click OK when prompted with the
successful dialog.
Click Back to return to the Group list.

5-7
Student Exercises
__ 10. The Guardium Monitor tab features a Guardium Group Details page which you
can use to view your new groups.
By default, the page will show all group details. To narrow it down to the ones that
you have just created, click the pencil icon on the top right of the page to customize
the portlet.
__ 11. Change the wildcard selection for the group description to read -tr% (as shown
below).
Click Update to return to the Group Details page.
__ 12. Logout of the Guardium Console and close the browser.
End of exercise
5-8

V8.2
Student Exercises
EXempty
Exercise 6. Creating a Policy

So far, you have successfully configured the setup to collect database
activity from the database server; however, at this point, Guardium
isn't really collecting anything and storing it in its database. It hasn't
been told WHAT to collect yet. You might want to be fairly selective
about what it collects. For example you might decide that you can
safely ignore database activity originating from a group of trusted
users. In addition, you might want to be specifically alerted to unusual
database activity, such as access to a pre-defined group of sensitive
database tables.
In Guardium, this is achieved by creating a Policy. A policy is made up
of one or more rules which allow you to control exactly what sort of
database activity is stored by Guardium and, if required, what sort of
actions to take if a rule's conditions are triggered.
In this exercise, you will create a Policy containing two rules:
Rule 1: Ignore S-TAP Session for Trusted Users
This rule will instruct the sniffer process (running on the Guardium
Collector) to ignore activity originating from members of this group.
When triggered, the sniffer process will instruct the S-TAP to stop
sending traffic for that particular session. Only session logouts for
these users will subsequently be captured.
Rule 2: Alert on Access to Sensitive Objects
This rule will be triggered whenever any privileged user touches
one of the sensitive database objects listed in the group. When the
rule is triggered, Guardium will also log this as a Policy Violation
which will be viewable in Guardium's Incident Management
application.

6-1
Student Exercises
necessary.
__ 1. In the SUSE Linux image, start Firefox, and log on to the Guardium Console as
admin/ibm.
__ 2. Before you create any policies, you should notice that there is no default policy
created or installed. (We are using an out-of-the-box Guardium system.) To verify
this:
- Click the Administration Console tab and choose the Policy Installation link.
- Notice that the Currently Installed Policy is empty no policy is currently
being enforced.
__ 3.
Information
In the work you are about to perform, you will create a policy of your own, which will
become the currently installed and enforced policy for your Guardium system.
Click the Tools tab and choose Policy Builder from the list of tools.
6-2

V8.2
Student Exercises
EXempty
You will see the list of existing policies - ignore these and create your own by clicking
the New button.
__ 4. Enter a Policy description of -Exercise 6 (the leading '-' character just keeps your
policy at the top of the list for convenience) and a Policy category of Training.
Click the Apply button to save your new (but still empty) policy.

6-3
Student Exercises
__ 5. Next click the Edit Rules button to see the policy rules - there, of course, will not
be any listed yet.
Click the Add Access Rule button.
6-4

V8.2
Student Exercises
EXempty
__ 6. Enter a Description of Ignore S-TAP session for trusted users (good practice to
make rule descriptions sensible as they can show up in subsequent reports) for your
rule and select -tr Trusted Groups from the DB User Group drop-down.
__ 7. Click the Add Action button and select the IGNORE S-TAP SESSION action from
the drop-down.
Click Apply.

6-5
Student Exercises
__ 8. At this point, your rule should look like this:
Click the Save button to save your rule and return to the rules list for your policy.
__ 9. Add a second access rule to your policy by clicking the Add Access Rule button
again.
__ 10. Enter a Description for your rule Alert on access to sensitive objects, select -tr
Privileged Users from the DB User Group drop-down and Sensitive Objects from
the Object drop-down.
6-6

V8.2
Student Exercises
EXempty
Also change the Severity to HIGH (this will make it easier to see in the incident log
later).
__ 11. Click Add Action and select ALERT PER MATCH from the action drop-down.
Select SYSLOG as the Notification Type (we do not have any configured SNMP or
SMTP servers).

6-7
Student Exercises
Click Add (to add the SYSLOG notification receiver) and then click Apply.
__ 12. This rule has two actions. Add the second one now.
Click Add Action a second time to add another action. This time select LOG FULL
DETAILS from the action drop-down and click Apply.
Your rule should look like this:
6-8

V8.2
Student Exercises
EXempty
__ 13. Click Save to save your rule and return to the rules list for your policy.

6-9
Student Exercises
__ 14. Click the Back button twice to see your new policy at the top of the list of available
policies:
__ 15. It is time to replace the currently installed policy with your new one.
Click the Administration Console tab and select the Policy Installation link.
In the Policy Installer section, make sure that your new policy, -Exercise 6, is
highlighted and select Install from the drop-down:

V8.2
Student Exercises
EXempty
Click OK. You should see your policy shown as the currently installed policy.
__ 16. Now it is time to admire your results! Let us start with the privileged users rule. Click
on the Incident Management tab. Database usersScott and A2840 are privileged
users (that is, members fo the -tr Privileged User group that you created earlier). In
your policy, you configured the Alert to write to SYSLOG. However, an Alert also
shows up as a policy violation, which is displayed here on the Incident Management
pane.

6-11
Student Exercises
You might need to wait a few minutes for some results to show up (remember that
continuously running cron job?).
You might also need to sort by Session Start time (click the Session Start column
title) to see the latest sessions on the first page of the report.
__ 17. The rule for ignoring trusted user access will be harder to track, since there is no
built in report that includes that information. Instead, you will need to create your
own query and report processes we will cover in the upcoming lab exercises.
__ 18. Logout from the Guardium Console and close the browser.
End of exercise

V8.2
Student Exercises
EXempty
Exercise 7. Updating a Policy

In this exercise, you will update your new policy to make it a little more
complex. Your objective will be to implement the logic described by
means of the following flow chart, where the incoming database traffic
will be evaluated as follows:
Have there been three failed logins within 5
minutes from a singe user? If yes, alert. If not
go to the next rule.
Note, because this rule is an exception

rule and the remaining rules are access
rules, this rule could have been placed
anywhere.
Does the session information match the
Trusted Connection group? If yes, Ignore
STAP Session. If no, go to the next rule.
This should be the first access rule

because all of the trusted connections
should be ignored. If placed lower in the
rule order, some rules might fire
inappropriately.
Is the user in the Privileged User group? If
yes, Log Full Details and Continue to next
rule.
If the Cont. box is not checked, the policy

would stop at this rule for all privileged
user activity. So, in order to ensure that
rule number 4 is processed for privileged
users, you must check the Cont. box.
Is the object in the Sensitive Objects group
and is the command in the DML Commands
group? If yes, Log Masked Details and Alert
Per Match.
If the user is a privileged user, the Log

Full Details action from rule number 3 will
take precedence.
If none of the above are matched, then log
traffic normally.

7-1
Student Exercises
necessary.
__ 1. In the SUSE Linux image, start Firefox and log on to the Guardium Administration
Console as admin/ibm.
__ 2. Since you are making a change to a policy that is already installed, the easiest way
to do this is to use the Currently Installed Policy page.
Click the Administration Console tab and choose the Policy Installation link. You
will see your installed policy displayed.
Click the Edit Installed Policy button.

__ 3.
Information
Of the two existing rules in your policy, the Ignore S-TAP session for trusted users rule
will not need to be changed (you will have to create a new rule immediately before and
after it, but let us do that later). The Alert on access to sensitive objects rule will need a
little modification - let us do that now.
Edit the Alert on access to sensitive objects rule by clicking the Edit icon (circled
in the screenshot).
7-2

V8.2
Student Exercises
EXempty
__ 4. Previously, we restricted the Alert access to sensitive objects rule to members of

the -tr Privileged Users Group. Remove that restriction using the DB User group
drop down as shown below.
We do want to add a new restriction though (in addition to the existing Sensitive
Objects). Select the group DML Commands from the Command group drop-down.
__ 5. Remove the existing LOG FULL DETAILS action by clicking the Delete icon.

7-3
Student Exercises
Add a new LOG MASKED DETAILS action and use the directional icons to move it
to the top of the action list.
So that your action list looks like this:
Save your modified rule by clicking the Save button and returning to the rules list for
your policy.
__ 6. Add a new exception rule to your policy by clicking the Add Exception Rule
button. Enter the following data:
Description
Severity
DB User
Exception Type
Minimum Count
Reset Interval
Failed login alert

MED
.
LOGIN_FAILED
3
5
Warning
Be sure to enter the period character '.' in the DB User field. This tells Guardium to apply
the rule to the same user. If you omit the period, then failed logins from completely different
users might trigger the rule.
7-4

V8.2
Student Exercises
EXempty
Add the ALERT PER MATCH action with SYSLOG notification and Save your rule.
__ 7. Use the directional icons to move your new rule to the top of the list, so that your rule
list looks like this:

7-5
Student Exercises
__ 8. To implement the original plan, you need to add one final rule to log details of what
any privileged users are up to.
Click the Add Access Rule button.
Enter the following data:
Description
DB User Group
Continue to next rule
Privileged users log everything

-tr Privileged Users
Check box
Warning
Remember to check the Cont. to next rule checkbox. If you do not do this rule processing
will stop at this rule.
7-6

V8.2
Student Exercises
EXempty
Add a LOG FULL DETAILS action and Save your rule.

__ 9. Finally, adjust the rule order so that the rule you just added is third in the list. Your list
of rules should look like this:
__ 10. Click Back to return to the Policy Installation page.

Although you have successfully edited your policy, the new version is not actually
installed (look carefully at the time part of the Date Installed field on the page and
the number of installed rules).
To install your modified policy, click the Run Once Now button (observe the
installation time and the number of installed rules changes).
__ 11. Use the Incident Management application and the existing report to check that your
policy is working properly. You might have to wait several minutes before enough
data is collected.
For example, you should now be able to see two sorts of policy violation logged in
the Incident Management page - Alert on access to sensitive objects and Failed
login alert, as shown below:

7-7
Student Exercises
End of exercise
7-8

V8.2
Student Exercises
EXempty
Exercise 8. Installing and Configuring CAS

In this exercise, you will install the Configuration Auditing System
(CAS) agent on your database server and configure it to monitor a set
of operating system and database files based on some pre-defined
templates.

8-1
Student Exercises
necessary.
admin/ibm.
__ 2. Your first task is to upload and install the Configuration Auditing System (CAS)
license key. Navigate to Administration Console Configuration System, and
then minimize the Web window to return to the Windows desktop.
On the desktop, locate the Keys folder. Double click on the Keys folder to open it.
In the Keys folder, locate the file named CAS Key.txt. Open this file by double
clicking on it.
In the gedit window that opens, highlight the CAS key value and select EDIT
COPY.
Close the gedit and Keys folder windows, and maximize the console web interface
window. Paste the CAS license key into the License Key prompt area using EDIT
PASTE.
Scroll down and click Apply.
interface launches properly. After the reboot is done, log back on to the console
web interface as admin / ibm.
__ 4. Your next task is to install the CAS Agent software on the database server. You will
use GIM to do this the process is similar to the S-TAP installation you performed
earlier.
Click the Administration Console tab and navigate to the Module Installation >
Upload page.
8-2

V8.2
Student Exercises
EXempty
Browse to the /root/GIM folder and locate the

guard-bundle-CAS-v81_r24276_1-suse-10-linux-i686.gim file. Click Open (to
select it), then Upload (to upload to the Guardium collector).
Click the circled icon to import the module to the Guardium database. Click OK to
confirm the import and OK (again) to acknowledge a successful import.
__ 5. Click Setup By Client and then click the Search button to locate all database
servers (there will be only one).
Select your database server (check the box) and click Next.

8-3
Student Exercises
__ 6. Highlight the BUNDLE-CAS_8.1.00_r24276_1 module and click Next.
__ 7.
Information
The only module parameter you need to set is the Java runtime directory (in the same way
that you did earlier for the DISCOVERY module). Remember the directory path is saved in
the Java setting file on your Desktop to enable you to copy/paste the value.
Set the CAS_JAVA_DIR parameter to /opt/ibm/db2/V9.7/java/jdk32/jre.
8-4

V8.2
Student Exercises
EXempty
Click Apply to Clients and then click OK to acknowledge the application. Next, click
Install/Update.
Hint
You may need to move the cursor to another field to activate the necessary buttons.
When prompted, enter a Schedule Date of NOW. Click Apply to start the
installation, and select OK to acknowledge the application.
__ 8. Click the Guardium Monitor tab and select GIM Events List to check the status of
the installation (might take a few minutes to complete). Use the refresh button to
update the display.

8-5
Student Exercises
__ 9.
Information
You will perform the remainder of this exercise as a normal Guardium user - User01 which
you created earlier (it is easier to get to the CAS tools as a non-administrative user). First,
though, you need to give User01 access to the CAS tools.
Logout of the Administration Console. Log back on as the accessmgr user

(password ibm).
Click the Roles link for User01.
8-6

V8.2
Student Exercises
EXempty
Add the CAS role to User01.

Click Save and then logout of the Administration Console.
__ 10. Login as User01 (password guardium). When prompted, change the password to
ibm. The console screen will look quite a bit different from the administrative view
that you are used to seeing.
Click the Assess/Harden tab and choose Config. Change Control.

8-7
Student Exercises
Click the Configure CAS templates button.

__ 11.
Information
For each operating system and database type supported, Guardium provides
pre-configured, default template sets for monitoring a variety of databases on either UNIX
or Windows platforms. A default template set is one that will be used as a starting point for
any new template set defined for that template-set type. A template-set type is either an
operating system alone (UNIX or Windows), or a database management system (DB2,
Informix, Oracle, and so on), which is always qualified by an operating system type; for
example, UNIX-Oracle, or Windows-Oracle.
You cannot modify a Guardium default template set, but you can clone it and modify the
cloned version.
In this step, you will just take a look at an existing template - you won't actually change
anything.
8-8

V8.2
Student Exercises
EXempty
Under the CAS Configuration Navigator, choose UNIX and DB2 under List Filtering.
Let's take a look at one of these. Highlight the first template (Default Unix/DB2
Template Set Unix DB2) and click Modify.
__ 12. Review the type of information monitored with this template.

8-9
Student Exercises
Click Back when complete.

__ 13. Click the Config. Change Control tab again and click the Configure CAS hosts
button (the system will take 30 seconds or so to respond).

V8.2
Student Exercises
EXempty
__ 14. Highlight the CAS host (there will be only one) and click Modify.

8-11
Student Exercises
__ 15.
Information
For a given CAS host, this page allows you to configure one or more templates that CAS
will use to monitor your database server. You can see that a default template for the UNIX
operating system has already been added for you (this needs no further configuration).
However, the database (DB2, in this case) templates need to be configured specifically,
they need to be told how to access a given database. This is achieved by creating a
Datasource for use by each template (multiple templates can share the same datasource).
Select Default UNIX/DB2 Template Set: UNX DB2 from the drop-down and click
Add Datasource

V8.2
Student Exercises
EXempty
__ 16. There are no datasources yet created. So click New.
__ 17. Enter the following information:

Name
Share Datasource
Save Password
Login Name
Password
Port
Database Name
Database Instance Account
Database Instance Directory
SLES10
check
Checked
db2inst1
guardium
50001
Sample
db2inst1
/home/db2inst1
Hint
Be sure to use the appropriate upper / lower case letters.

8-13
Student Exercises
Click Apply and then OK to save the data. This will expose a Test Connection
button.
Click the Test Connection button. Verify that the datasource can connect.
Click OK to acknowledge the confirmation.

V8.2
Student Exercises
EXempty
__ 18. Click Back to return to the Datasource selection page:
Then click Add to add the datasource to the template. Be patient it might take a
minute or so.
__ 19. You will see your new datasource/template combination listed.
Select a second template from the drop down Default UNIX/DB2 Template Set
V8.0: UNX-DB2 and add the same datasource to that template (do not create a new
datasource - just re-use the one you just created).
Your CAS Host Instance Definitions list should now look like this:

8-15
Student Exercises
Hint
You may have to click the REFRESH button if one of the entries is in a pending state.
__ 20. At this point, CAS is up and running and monitoring your database server for
changes. To see what it is looking at, click Assess/Harden > Change Reports.
There will be a lot of information shown initially in these reports as when CAS is
newly configured and started it will pretty much report everything as being changed.
After a period of time, it becomes easier to interpret the results. For example, wait a
few minutes and then open a terminal window and touch one of the files that CAS is
monitoring:

V8.2
Student Exercises
EXempty
dbserer01:~ # touch /home/db2inst1/.bashrc

Return to the Web interface, and select Customize (the pencil circled in the following
image).
Set the Monitored_Item value from % (all items) to %bashrc (the file you touched).
Scroll down and click the Update button.
You should begin to be able to see how CAS tracks changes to your system:

8-17
Student Exercises
__ 21. Logout of the Guardium Console and close the browser and exit any open terminal
windows.
End of exercise

V8.2
Student Exercises
EXempty
Exercise 9. Running a Vulnerability Assessment

In this short exercise, you will run a brief database Vulnerability
Assessment so that you understand the process involved in setting
one of these up. The results will not be very meaningful in this training
environment.

9-1
Student Exercises
necessary.
__ 1. Log on to the SUSE / Linux image as root / guardium. Start Firefox and log on to
the Guardium Console as admin / ibm.
__ 2. You will need to upload and install the Vulnerability Assessment (VA) license key.
Navigate to Administration Console Configuration System, and then
minimize the Web window to return to the Windows desktop.
On the desktop, locate the Keys folder. Double click on the Keys folder to open it.
In the Keys folder, locate the file named VA Key.txt. Open this file by double clicking
on it.
In the gedit window that opens, highlight the VA key value and select EDIT COPY.
Close the gedit and Keys folder windows, and maximize the console web interface
window. Paste the VA license key into the License Key prompt area using EDIT
PASTE.
Scroll to the bottom of the screen and click on the Apply button. Nothing may appear
to happen, but if you scroll back up you should see that the License Key prompt area
is blank.
interface launches properly. After the reboot is done, log back on to the console web
interface as User01 / ibm.
__ 4. Click the Assess/Harden > Vulnerability Assessment tab and click the Define
what database you want assessed button.
9-2

V8.2
Student Exercises
EXempty
__ 5. On the Security Assessment Finder page, click New to create a new assessment
(none exist at this time).
__ 6. Enter a name for your assessment in the Description field: DB2 Security
Assessment.
Click Add Datasource and add the datasource that you created in the previous
exercise (there is no need to create a new one here).

9-3
Student Exercises
Click Apply to save your changes.

__ 7.
Information
At this point, you have created a Security Assessment and told it what database to use;
however, you have not told it specifically what tests to perform. You will do that now.
Click the Configure Tests button.
9-4

V8.2
Student Exercises
EXempty
Click the DB2 tab and highlight one or more tests from the (lengthy) list. You may
choose the ones shown in the screenshot or pick your own. Limit your selections to
no more than 6 or 7 tests (you want all this to run quickly so you can see the effect).
Click the Add Selections button to add your selections to the list at the top of the
page. You might need to use the scroll bar at the bottom of the page to see the Add
Selections button.
__ 8. Click the Back button to return to the Security Assessment Builder page and again
to return to the Security Assessment Finder page.
__ 9. You are now ready to run the assessment. Click the Run Once Now button.

9-5
Student Exercises
Click OK to accept the successfully queued confirmation.
__ 10. The Guardium Job Queue report on the right of the page shows you the status of
your assessment. Refresh the report to see the current status.
9-6

V8.2
Student Exercises
EXempty
When you see the status marked as COMPLETED, click the View Results button to
see the results of the assessment tests.
Depending on exactly what tests you selected, your report should look something
like this:
__ 11. Close the report, logout of the Guardium Console and close the browser.
End of exercise

9-7
Student Exercises
9-8

V8.2
Student Exercises
EXempty
Exercise 10.Creating a Simple Query and Report

This is the first of three exercises focused on creating your own
Guardium queries and reports. In this exercise, you will create your
own Console tab to display your report. Then you will create a simple
query and a report that uses that query and place that report on your
new reports page.
The query that you will create will return details of all trusted sessions
(sessions open by database users who are members of the -tr Trusted
Users group that you created previously). The query will return
Database User Name, Client and Server IP addresses and Source
Program name.
Exercise 10. Creating a Simple Query and Report

10-1
Student Exercises
necessary.
User01/ibm.
__ 2. First, let us create a new Reports tab. Click the Customize link (top right of your
screen).
__ 3. Click the Add Pane button.
Enter a name for the pane: User01 Reports and click Apply.
__ 4. Click the link for your new User01 Reports pane.
__ 5. Select Menu pane from the Layout drop-down and click the Save button to save
your change.

V8.2
Student Exercises
EXempty
Click Save (again) on the Customize Pane screen to return to the main screen. You
should see your new User01 Reports tab listed.
__ 6. Now let us get to the Query creation part. Click Monitor/Audit > Build Reports.
Click the Track data access button.

10-3
Student Exercises
__ 7. On the Query Finder page, click the New button (there are lots of built-in queries
but you are creating your own).
__ 8. Name your query -Trusted Sessions and select Session as the Main Entity.
Click Next.
__ 9. Add the following fields to the Query Fields pane:
Client IP
Server IP
DB User Name
Source Program
These fields are all part of the Client/Server entity. To add the fields, click
Client/Server in the Entity List on the left of the screen and either click each field
and select Add Field from the pop-up menu or just drag the field to the Query Fields
list.

V8.2
Student Exercises
EXempty
__ 10. Use the directional icons to sort the list of fields as shown below.
Also determine the ordering of any results by checking the Order by checkboxes
for Client IP and DB User Name and setting their Sort Rank so that Client IP is
sorted first and DB User Name second.
Finally, check the Add Count checkbox (this will cause the subsequent report to
display counts of the sessions rather than details of each individual one).
__ 11. Your objective is to return session details for trusted users only. To achieve this, you
need to apply a condition to this query.
__ 12. Add the DB User Name field to the Query Conditions pane and select IN GROUP
from the Operation drop-down.

10-5
Student Exercises
__ 13. Add DB User Name as a Query Condition (as before) and select IN GROUP as the
operator. You should now be able to find and select -tr Trusted Users as the group.
Click the Save button to save your query.

__ 14. Now that the query has been built, you need to create a report that uses it and add
the report to the User01 Reports page that you created earlier.
Fortunately, this can be achieved in one step. Click the Add to Pane button ...

V8.2
Student Exercises
EXempty
and then select User01 Reports from the list of panes. Click OK to acknowledge the
change.
Click the User01 Reports tab where you can admire your new report.
Information
Although you have been working on a Query pretty much all the time, when you clicked the
Add to Pane button, Guardium automatically created a Report with the same name as
the Query. It is the Report that gets placed on the designated User01 Reports pane. The
Report is responsible for the look and feel of the results that you see on the screen. The
Query is responsible for the content.
If you want to see details of the Report that was created, click Monitor/Audit >
Build Reports and click the Define how information should be presented button.
You should be able to locate and inspect the Report from there (it will have the same
name as the query you just created). Do not make any changes at this time.

10-7
Student Exercises
__ 15. By default, the Start Date/End Date settings are for the last 3 hours of data. You can
change this if you want by clicking the Customize icon (show circled above) and
modify the setting as shown below (NOW-30 HOUR):
Click the Update button to save any changes and re-run the report.
End of exercise

V8.2
Student Exercises
EXempty
Exercise 11.Creating a Query with Drill-down

In this second query and report building exercise, you will create a
query with runtime parameters. Queries structured in this way become
available as drill-down reports (from other reports where those
parameters are available).
The query will return details of all database objects accessed by a
specified database user/client IP address combination. Database User
and Client IP will be defined in parameter form such that they must be
must defined at runtime (either explicitly or using wildcards).
Exercise 11. Creating a Query with Drill-down

11-1
Student Exercises
necessary.
User01/ibm.
__ 2. Navigate to Monitor/Audit > Build Reports > Track data access.
Click New to create a new query.
Enter a query name of -Accessed Database Objects and a main entity type of
Object.
Click Next.
__ 3. Add the following Query Fields:
Entity
Client/Server
Client/Server
Client/Server
Attribute
Server IP
Client IP
DB User Name
Entity
Client/Server
Client/Server
Command
Object
Attribute
Service Name
Source Program
SQL Verb
Object Name
Check the Add Count checkbox.

Add the following Query Conditions (AND'ed together).
Entity
Client/Server
Client/Server
Attribute
DB User Name
Client IP
Operator
LIKE
LIKE
Runtime Param.
Parameter
Parameter
DBUser
ClientIP

V8.2
Student Exercises
EXempty
Information
Runtime parameter names can be anything you like - as long as they don't have spaces in
them. They will be visible in the report so best to make them something sensible.
Your query should look like this:
__ 4. Click the Save button to save your query. Then click Add to Pane... to create the
corresponding report and add that to your User01 Reports page.
__ 5. Navigate to the User01 Reports pane and select the Accessed Database
Objects report. You will need to customize your report a little by adding wildcard %
characters for the ClientIP and DBUser runtime parameters.

11-3
Student Exercises
Click Update to save and run the report. You should get results similar to this:
__ 6.
Information
Testing the drill-down capability using your existing -Trusted Sessions report will not work
very well as, if you recall, the policy you created earlier specifically ignored S-TAP sessions
for trusted users (captures log on and log out but that is all).
You will need to create a brand new query and report which displays session
information for users who are not members of the trusted user group. The easiest
way to do this is to clone your -Trusted Sessions query into a -Privileged Sessions
query.
Navigate to Monitor/Audit > Build Reports > Track data access and select
-Trusted Sessions in the query name drop-down.
Click the Clone button. This will create a copy (or clone) of your query.
Give it a new name -Privileged Sessions and change the Runtime Param. Group
drop-down to -tr Privileged Users.
Save your query and Add to Pane as before.

V8.2
Student Exercises
EXempty
__ 7. Your User01 Reports pane should now have three reports on it.
Click the -Privileged Sessions report you will see session information for the two
users in that group (A2840 and SCOTT).
Double-click the SCOTT record to see the available drill-down reports.

11-5
Student Exercises
Select the -Accessed Database Objects drill-down report. Your report will now
pop-up in a separate window showing database object access information just for
the SCOTT user:
__ 8. Close the drill-down window, and then Logout of the Guardium Console and close
the browser.
End of exercise

V8.2
Student Exercises
EXempty
Exercise 12.Creating Multiple Queries

In this final query building exercise, you will create three additional
queries - making them available as reports on the User01 Reports
page:
All DML and DDL activity by privileged users.
All activity against sensitive objects, including the most accurate
timestamp and the SQL string.
All sessions with runtime parameters for database user, source
program and client IP address. Also indicating whether the session
is ignored or not.
You will also share the reports that you have created with other
Guardium users.
Exercise 12. Creating Multiple Queries

12-1
Student Exercises
necessary.
User01/ibm.
__ 2. Navigate to Monitor/Audit > Build Reports > Track data access.
Create a query called -Privileged User DML+DLL Activity as follows:
Warning
Be careful when adding the third condition - it needs to be an 'OR' condition - not the
default 'AND'.
__ 3. Add the query to your User01 Reports pane and verify that it works as expected:

V8.2
Student Exercises
EXempty
__ 4. Create a query called -Activity on Sensitive Objects as follows:

12-3
Student Exercises
Information
Notice that full SQL details are not available for all users. This is because the policy you
installed in an earlier activity had a rule that only collected full SQL information (LOG FULL
DETAILS) for privileged users.
__ 6. Create a query called -Session Details as follows:

V8.2
Student Exercises
EXempty
Hint
Be sure to customize the report by setting the DBUser, ClientIP, and SourceProgram
parameters runtime values to the wildcard %.
__ 8. All the queries and their associated reports that you have created in the last three
exercises are only available to the User01 user. Let us make at least some of them
available to all users who are members of the infosec role (currently User01 and
User02).
Information
The process is to open the query editor and grant access to the specified role (infosec).
The corresponding report also needs to be made accessible to the infosec role. You must
do the query first, then the report (you will not be able to do it the opposite order).
Navigate to Monitor/Audit > Build Reports > Track data access.

Select -Trusted Sessions from the Query Name drop-down.

12-5
Student Exercises
Click the Roles button.

Check the infosec role.
Click Apply to save your change. Click OK to acknowledge the save, and then click
Back to return to the query builder page.
Click Back to return to the Query Finder page.
__ 9. Repeat this for the following queries:
-Privileged Sessions
-Accessed Database Objects
-Session Details
__ 10. Navigate to Monitor/Audit > Build Reports > Define how information should be
presented.
Select the -Trusted Sessions report from the Report Title drop-down, then click on
Search:

V8.2
Student Exercises
EXempty
Click the Roles button.
Check the infosec checkbox. Click Apply to save your change, and then click OK
to acknowledge the update.
Click the Back button to return to the Report Search Results page, and then click
the Back button (again) to return to the Report Finder page.
__ 11. Repeat this for the following reports:
-Privileged Sessions
-Accessed Database Objects
-Session Details

12-7
Student Exercises
__ 12.
Information
All members of the infosec role should now have access to the above queries and reports.
You could at this point log on as User02 (another user who is a member of the infosec role),
create a new Reports pane and start adding the reports to the pane. However, it might be
more interesting if User02 could simply have the same layout as User01 (which would, of
course, include the User01 Reports pane that you have been using up to now).
Logout of the Guardium Console and close the browser.

Open a terminal window and ssh to the Guardium Collector CLI.
dbserver01:~ # ssh cli@192.168.169.9
Enter the cli users password when prompted.
When successfully connected, enter the following command:
v9collector01.ibm.com> generate-role-layout user01 infosec
Information
The generate-role-layout CLI command is used to generate a new layout for an existing
role, based on the layout for the specified user. Once the new role layout has been defined,
any users who are assigned that role before they log in for the first time will receive the
layout for that role.
The command will take a few minutes to complete (it will stop and re-start the
console application the 'gui').
When the command is complete, exit the CLI and close the terminal
window.
__ 13. Open Firefox and log in to the Guardium Console Web application as User02
(password guardium). If prompted, change the password for User02 to ibm.
If you have not previously logged in as this user, you will see the User01 Reports
tab.
If you have previously logged in as User02, you will not see the User01 Reports tab.
This is because the CLI command in the previous step is only effective for users
who have not previously logged in. For users who have previously logged in the
following additional steps need to be performed:

V8.2
Student Exercises
EXempty
Logout of the Guardium Console.

Log in to the Guardium Console as accessmgr/ibm.
Click the Change Layout link for User02.
Click the Reset button in the pop-up window. Click OK to confirm the
reset.
Logout of the Guardium Console.

Log in to the Guardium Console as User02/ibm.
The User01 Reports tab should now be visible.
__ 14. Click the User01 Reports tab. Verify that you can see all six reports that you
created previously.
Click each report to run it.
You should observe that those reports where you correctly set the query and report
access for the infosec role work as normal.
You did not grant access to the infosec role to three of the reports: -Privileged User
DDL+DML Activity, -Activity on Sensitive Objects, and Session Details. These
reports will not generate any output when you click on them as User02.
Information
You could, of course, fix this by logging back on as User01 and granting access to these
queries and reports for the infosec role. You do not need to do this for the purposes of this
exercise - we just wanted you to see the effect of not doing this.

12-9
Student Exercises
OPTIONAL You may recall that in exercise 6, you created a rule (Ignore STAP session for trusted user) that you were unable to test because there was no query /
report associated with it. Now that you know how to create queries and reports, create one that will test this rule.
Report Name -Sessions
Display FieldsSession Start
Server IP
Client IP
DB User Name
Session Ignored
End of exercise

V8.2
Student Exercises
EXempty
Exercise 13.Creating a Compliance Workflow

In this last exercise, you will create an audit process definition which
will send work (in the form of a couple of reports) to the infosec, dba
and audit roles.
The process flow will look like this:
Once started, the process will place work in the infosec role's To-Do
list (all users in this role will see the work - first one in gets to do it).
This work will be marked Continuable meaning that the system will
not wait for the user to complete the work before moving on to the next
receiver. The next receiver is the dba role. The work here is marked
Review and Sign; the work will not progress until a user in the dba role
has done exactly that. In addition, the user must explicitly Continue the
work to the next receiver. The next (and final) receiver is the audit role
where again the user must Review and Sign the work and must
Continue it to move it on in this case, to the end of the process.
You will also see how to escalate work. In the exercise, the infosec role
user (User01) will escalate the work to a specific user (User02) asking
that user to both Review and Sign the work. Escalation is not
something you design into an audit process it occurs at runtime at
the discretion of the user who is processing the work (we are showing
it in the diagram above so that the flow will be clear to you).
Exercise 13. Creating a Compliance Workflow

13-1
Student Exercises
necessary.
User01/ibm.
__ 2. Click the Comply tab and click the Define an Audit Process button:
__ 3. A built-in audit process called Application Monitoring is always included. You will
create your own, though, so click the New button to go to the Audit Process
Definition page.

V8.2
Student Exercises
EXempty
__ 4. An Audit Process Definition is split into four sections:
You will populate most of these sections in the following steps.

__ 5. Enter a name for your Audit process (for example, Training01) in the Description field:
__ 6. In the Receiver Table, add the following roles (leave Cont. unchecked for dba and
audit. Click the Sign radio button for dba and audit).

13-3
Student Exercises
For each receiver that you add, you will be warned that SMTP is not configured.
Click OK to accept (and ignore) the warnings.

V8.2
Student Exercises
EXempty
__ 7. Under Audit Tasks, set Task Type to Report. Set the Description to Sessions, and
then select Session Details from the Report drop down list. Set the Task
Parameters as shown below:
Click the Apply button to save your changes.

Click Add Audit Task to start adding a second task to the list.

13-5
Student Exercises
__ 8. Under Audit Tasks, set Task Type to Report. Set the Description to DDL Activity,
and then select DDL Commands from the Report drop down list. Enter a From and
To period in the Task Parameters section as shown below:
Click the Apply button to save your changes.

Click the Close this Task icon to close the audit task definition pane (makes the
page a little easier to read).
__ 9. Check the Active checkbox and then click the Apply button (at the bottom of the
page). Your completed audit process definition should look like this:

V8.2
Student Exercises
EXempty
__ 10. Click the Run Once Now button to start the process. Click OK to acknowledge the
action. Logout of the Guardium Console, and then log back in again (as
User01/ibm).

13-7
Student Exercises
Click the To-do link to see the details.

__ 11. Click the View button.

V8.2
Student Exercises
EXempty
__ 12. This page lets you inspect any reports associated with the defined audit tasks (click
the + icon next to each report name to expand the report and see the details).
The only work that User01 has to do here is inspect the report details and, if
required, make a comment (which will be visible to other workflow participants).
Click the Comment button. Because no comments have yet been entered, the list
will be empty. Click the Add Comments button and add a comment, such as The
reports look good - approved., and then click on the Apply button. The
comment list will now have one comment in it. Click the Back button.
__ 13. User01 is also able to escalate this work to another role or user (maybe he/she
wants a second opinion, for example).
Click the Escalate button and select User02 as the Receiver.
Select the Review and Sign radio button and then click Escalate to create the work
item in User02's To-do list.

13-9
Student Exercises
You will be warned that User02 already has this item is his/her To-do list (User02 is
also a member of the infosec role). Click OK to accept and ignore the warning. Click
Close to close the escalation dialog.
__ 14. Click Close this Window (twice) to return back to the main Console page. Logout
of the Guardium Console, and then log back in as User01/ibm. Notice that the
To-Do item notification link has now disappeared, as you have performed your
designated work. Logout of the Guardium Console.
__ 15. Log in to the Guardium Console as User03 (a member of the dba role - password
should be guardium). When prompted, change the password to ibm.
You will notice that this user has an item in the To-do list. Click the link and then
click the View button to see the work details.
Information
Notice that the screen looks a little different from the previous user. In this step in the
workflow, you configured this user to both review and sign the work. In addition, this step
does not automatically continue (as the previous step did).
Click the + sign next to Distribution Status to view where the work has been (viewed
by the infosec role), where it currently is (viewed but not signed by User03 and

V8.2
Student Exercises
EXempty
escalated for review and signature to User02) and where it is going (not yet sent or
distributed - to the audit role).
__ 16. Click the Sign Results button to sign the work. This does not automatically move it
on to the next step (sending it to the audit role). You can also add a comment, if you
want, at this point.
To move the workflow on to the next step, click the Continue button.
Close the windows to return to the main Guardium Console screen. Logout of the
Guardium Console.
__ 17. Login to the Guardium Console as User04/guardium (User04 is a member of the
audit role). When prompted, change the password to ibm.
Notice that this user has an item in the To-do list.
Click the To-do link and click the View button to see the details.
Expand Distribution Status and Comments (to see any comments added by
previous users).

13-11
Student Exercises
Information
Notice that this is the final step in the original audit process definition that you created.
When you sign and continue the work here that will be it. However, the process will still be
running because of the escalation performed earlier by User01.
Click Sign Results then click Continue.

Close the windows and logout of the Guardium Console.
__ 18. Finally, log in to the Guardium Console as User02/ibm.
This user has a To-do item open it up to see the details.

V8.2
Student Exercises
EXempty
Information
Notice that this user has a Sign Results button, but no Continue button. This is because
the work arrived here as a result of an escalation and is not part of the audit process
definition. It essentially has nowhere to go after this (unless this user chooses to further
escalate it).
Click the Sign Results button to complete the process.
Close the windows to return to the Audit Process To-Do List screen. Verify the
notification that The To-do List is empty. Close the window to return to the main
Guardium Console screen.

13-13
Student Exercises
__ 19. Once a user has processed any items in the To-do list and the notification links have
been removed, it is still possible for any user involved to review completed
processes.
Click the Comply tab and click the To-do list link (shown circled below):

V8.2
Student Exercises
EXempty
As well as showing any active items in the To-do list (there are none now, of course,
as you have processed them all), you can also see previous processes (listed under
Processes With No Pending Results).

13-15
Student Exercises
__ 20. Click the View button and expand the Distribution Status to see who did what in
this process.
__ 21. Close this window, logout of the Guardium Console and close the browser.
End of exercise

V8.2
backpg
Back page

InfoSphere Guardium V9 Technical Training, ERC - 2.1 Student Excercises

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

InfoSphere Guardium V9 Technical Training, ERC - 2.1 Student Excercises

Transféré par

Droits d'auteur :

Formats disponibles

InfoSphere Guardium V9

IBM Training Front cover

Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in

August 2014 edition

Copyright International Business Machines Corporation 2011, 2014.

Copyright IBM Corp. 2011, 2014