Infosphere Guardium Risk-Indicative Error Messages group no longer maintained by Guardium

Answer

The Risk-Indicative Error Messages group was created with a goal of storing commonly known database error codes (for all DBMS types) that might indicate a potential risk. This group contains error codes that were deemed Risk-Indicative based on research at the time of creation.
However, several years ago, Guardium decided to no longer maintain this group due to the following reasons:

1) The error codes are not conclusive - An error code may be considered harmless if generated by a legitimate database user as opposed to an unauthorized user with malicious intent. This leads to false positives in several cases.

2) Inefficient processing of Policy rules - Most customers don't have all types of databases supported by Guardium in their environment. However, if Risk-Indicative Error Messages group is used in the policy, all audit traffic has to be parsed through the entire group to check for matching SQL Error Codes.
This leads to longer processing times at sniffer level. Poor sniffer performance may eventually lead to loss of audit data.

3) Differing customer requirements makes the group redundant - Most customers wish to produce reports which meet their specific business needs as opposed to relying on a generic list of error messages. Hence, this group has become redundant.

Conclusion: Due to the reasons mentioned above, Risk-Indicative Error Messages group has not been maintained by Guardium for the last few years.
Since some customers have been using this group and continue to maintain a customized copy of it as per their specific business requirements, Guardium continues to include this group in all versions.

Recommendation: Since this group was created to include error codes from several types of databases, it is not very efficient to use for all environments.
If you are currently using this group in your Policy rules, please choose one of the following options:

OPTION 1: Stop using this group as it's not being maintained by Guardium.
OPTION 2: Continue using this group and update it per your requirements.
OPTION 3: Clone this group, remove all group members, and add only those Risk-Indicative Error Messages that are considered relevant in your environment. Replace the original Risk-Indicative Error Messages group with the new cloned group wherever applicable.
OPTION 4: Create a new group and add relevant Risk-Indicative Error Messages to it.
Use this new group instead of the original Risk-Indicative Error Messages group wherever applicable.