1、Guardium administration and automationSession 1353Who we areChuck KellumSouthern CompanyGuardium Security EngineerMatt McClendonSouthern CompanySecurity and Compliance SpecialistJosh KlahnIBMGuardium Tech SalesTrue or FalseGuardium Administration is a time-consuming,arduous,nerve-wracking,hair-pulli
2、ng,makes you want to quit often,has its own type of Post Traumatic Stress Disorder(PTSD)assignment.Once upon a time at Southern CompanyA story of Guardium automationInspirational InfluencesThe genesis of Steve at SouthernBeginnings with SteveBeginnings with SteveQuick password fetching-Uses keyring
3、for the secrets-Has some CLI commands-Adds an as an option-Copies to the clipboard-Simply paste with CTRL VGUI shortcuts labeled by appliance typeNote:Uses python webbrowser library&tkinter-Green for Central Managers-Blue for Aggregators-Orange for Kafka nodes-Red for common tabsCurrent pains were a
4、ddressing through automationDaily Health ChecksHealth trend analysis through writing results to MongoDBPython threading(multiple cores)to improve performance of code Adding more GuardAPI,CLI functionsTest Oracle service namesTNSPING to auto-build datasource definitionsTest group tuple accuracy to se
5、e if the DB server is still active(via nslookup)Patching-convenience button for turning on file server GUIWatcher scripts for long processesPurges,Archives checks for completion every 30 secondsDemo scenario:PCI compensating controls“We do no want Guardium to log card holder data.We want to ensure L
6、og Full Details is NOT used in our policy rules.”SELECT*FROM accounts_tableWHERE cc_numbers=1234 5678 1234 5678SELECT*FROM accounts_tableWHERE cc_numbers=*Rule action:Log Full DetailsRule action:Log Masked DetailsGuardium policy as codeDemo