Guardium SOC / Dashboard

Guardium Big Data Intelligence includes a security dashboard that gives you up-to-the-minute information on a variety of security events from all Guardium collectors. Since data is continuously being aggregated from all collectors, this dashboard presents the most important information required for you to know when things are going wrong and know the overall security health of your database environment.

The dashboard comprises of six tabs by default; changes to the dashboard are easy to make yourself using the Dashboard Builder or through Guardium Big Data Intelligence professional services.

The first tab provides key performance indicators (KPIs) such as the number of violations in the last 24 hours, the number of failed VA tests, the top 10 servers and top 10 users with the most number of policy violations and more. A KPI for the number of database servers and instances currently being monitored is also provided.

The second tab focuses on policy violations.

The third tab focuses on errors (exceptions).

The fourth tab focuses of results from VA scans.

The fifth tab focuses on outliers (Guardium V10 and up).

The sixth tab focuses on the data feeds incoming from the collectors.

Collector Dashboard

Guardium Big Data Intelligence includes an operational dashboard for viewing collector statistics that are part of the Guardium Big Data Intelligence data environment. In addition to the data files that collectors copy to Guardium Big Data Intelligence they also copy the Snif Buf Usage data every hour. Guardium Big Data Intelligence aggregates this data over time and over all collectors and affords you with a view on utilization, load etc.

To open the dashboard open the Guardium Big Data Intelligence Predefined Reports page and under Review / Sign click on the Collector Dashboard button.

The dashboard includes two categories of views:

  • Views on the entire environment
  • Views on a specific collector

The first set of tabs (those showing (D) or (H)) are views over the entire environment of collectors. These are heatmap visualizations that show you comparative data over the entire estate. Note that “red” or “green” do not imply “bad” or “good” - they imply a relative range of values. Thus, it may be that something shown as red just means it is running with the highest load - but perhaps this is not a bad thing. Heatmaps in a (D) tab show daily numbers for a period of thirty (30) days and heatmaps in a (H) tab show hourly numbers for a period of three (3) days. By default all these views plot the data for all collectors but you can edit the bind variables and set minimum thresholds to show only a subset of the collectors. For example, if you set min_system_load to 5 and save the values then the heatmaps will display only collectors where their values are over 5.

When editing the bind variables you can also select a collector name. For example, if you have a collector named g1.myco.com enter “g1.myco.com” for the collector bind variable. Make sure to include the double quotes and make sure that the name is as displayed by the Buf Usage data in Guardium. Setting this value will affect the Collector Detailed STats and Collector History Report which display the data per collector. Note that the collector name is used as a regular expression match - so if for example you set the collector bind variable to g1 you will also get the data for g1.myco.com. Take care because this will also match data for collector g11.myco.com. The report will display data for both collectors in this case but so will the line-with-zoom chart and it will just display data points from both collectors without breaking this down into two separate data series.

A collector dashboard can also be embedded within your own dashboard or application. To get the appropriate URL for embedding navigate to https://<your hostname>:8443/dboard.xhtml and enter the connection attributes. For Dashboard Named enter ``Collector Stats`` and for Published by enter ``lmrm__sot``. Then click on the Show URL button. The obfuscated URL (along with your hostname/port) is the one to use when you redirect, and the user will be prompted for valid credentials. You may use the cleartext URL when your app makes the calls internally.