IBM Support

Guardium Configuration Audit System (CAS) Predefined Reports - What is the expected behaviour?

Question & Answer


Question

What is the expected behaviour of predefined CAS reporting from the Guardium GUI? This technote discusses three components available in the GUI->Tap Monitor->CAS->Changes. 1. "CAS Change Details" predefined report 2. "CAS Saved Data" predefined report 3. Difference viewing utility.

Answer

1. "CAS Change Details" predefined report

Figure 1. Example CAS Change details report.

This report considers properties of monitored items. The report only shows some of the available properties for monitoring. For further detail you can create a custom report in the CAS reporting domain.

When will you see entries in the report?

  • The first time a CAS template is installed the baseline results for all tests appear in this report.
  • For every change (including content) that is made to the monitored item a new line will appear.

2. "CAS Saved Data" predefined report


Figure 2. Example CAS Saved Data report

This report considers content of monitored items. You can see the content of the file in the "Saved Data" column.

When will you see entries in the report?

  • The first time a CAS template is installed the baseline results for all tests where "Keep Data" is selected for that item will appear in this report.
  • For every change to the content of the monitored item a new line will appear.

3. Difference viewing utility

By double clicking on any entry in the reports in figures 1 or 2 you will be presented with the option to "View Difference". The difference utility will show different results depending on the report you open it from.

      If opened from CAS Change details - Shows differences in the properties of the item. Properties available in the difference utility are:
          • Owner
          • Permissions

            Figure 3. Differences for CAS Change Details.

          There may be entries in the CAS Change Details report that are not associated with a change of either owner or permissions. If you opened the difference view for those records you would see "No differences found".

          Note: Difference viewing for properties is only available in version 9.0 p2 and later. In earlier versions you will not have the option to view difference from CAS Change details report.

      If opened from CAS Saved data - Shows differences in the content of the item.


          Figure 4. Differences for CAS Saved Data

Further information about CAS

Guardium deployment guide - CAS implementation in section 5.10

Guardium product manual, Assess and Harden help book


[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Configuration Audit System for Database Servers","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.1;9.0;8.2;8.1","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21670604

Page Feedback