Question & Answer
Question
Why am I seeing unusual N/A traffic in session list report?
Cause
The Client/server data is logged as N/A (unavailable) for the policy violations which are generated by Threshold Alerts.
Answer
Open the Alert Builder in GUI -
Protect > Database Intrusion Detection > Alert Builder.
If 'log policy violation' is checked in threshold alert definition then policy violations are generated by a threshold alert and an entry is logged in internal table with server type as 'GUARDIUM', service name as 'THRESHOLD ALERT' and client ip/server ip etc. as 'NA'.
When policy violations are generated by a threshold alert, there is no actual session that triggered the violation but a report (with some criteria on each record or all records).
For this reason policy violations created by threshold alerts do not have a valid session id (is populated using a dummy session) and this causes the Client/server data to be unavailable (NA) for these policy violations.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Product Synonym
IBM Guardium
Was this topic helpful?
Document Information
Modified date:
09 March 2020
UID
ibm15693451