Auditing Cloud Pak for Data
Auditing is the process of recording the activity that occurs on databases or applications. Auditing can help you detect and prioritize security threats and data breaches.
Auditing provides accountability, traceability, and regulatory compliance that relates to access to and modification of data. Enterprises are often subject to industry requirements for regulatory auditing compliance. Therefore, a complete auditing solution that works with Cloud Pak for Data requires contributions and coordination of solutions from OpenShift®, Guardium®, and Cloud Pak for Data.
What can I audit? | Requirements | Learn more |
---|---|---|
System access | To use this mechanism, you must have security information and event management (SIEM)
software, such as:
|
Configure IBM Cloud Pak for Data Audit Logging to forward audit records to your security information and event management (SIEM) solutions. For more information, see Exporting Cloud Pak for Data audit records to your security information and event management solution. Note: Some Cloud Pak for Data components and services do
not support audit logging. For more information, see Services that support audit logging.
|
Sensitive data on remote databases | To use this mechanism, you must have the following software:
|
Identify which assets you want to audit from the Watson Knowledge
Catalog interface. After you tell IBM Guardium to audit an asset, IBM Guardium audits any access to the asset. For more information, see Auditing your sensitive data with IBM Guardium. |
Database traffic | To use this mechanism, you must have the following software:
|
Audit your databases for compliance monitoring and data security. After you install the Guardium External S-TAP service, provision an instance of the service for each database that you want to audit. The service intercepts TCP/IP traffic between Cloud Pak for Data and the database. The intercepted traffic is sent to the Guardium collector for parsing, policy enforcement, logging, and reporting. For more information, see the Guardium External S-TAP service documentation. |