Lab guide

Create a Guardium query and report

Course code LDL0112X
February 2022 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product, program,
or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent
product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local
law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties
in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any
other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of
those products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible,
the examples include the names of individuals, companies, brands, and products. All names and references for organizations and other
business institutions used in this deliverable’s scenarios are fictional. Any match with real organizations or institutions is coincidental.
All names and associated information for people in this deliverable’s scenarios are fictional. Any match with a real person is
coincidental.

TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds,
owner of the mark on a world­wide basis.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
VMware, the VMware logo, VMware Cloud Foundation, VMware Cloud Foundation Service, VMware vCenter Server, and VMware
vSphere are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and/or other jurisdictions.
Red Hat®, JBoss®, OpenShift®, Fedora®, Hibernate®, Ansible®, CloudForms®, RHCA®, RHCE®, RHCSA®, Ceph®, and Gluster® are
trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.

© Copyright International Business Machines Corporation 2022.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Exercise 1 Create a simple query and report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Task 1 Create a new dashboard for your report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Task 2 Create the query that the report will use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Task 3 Add the report to the dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Exercise 2 Review the updated report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Task 1 View group members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Task 2 Customize and view the report results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

© Copyright IBM Corp. 2022 iii

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Exercises
Guardium gathers a large amount of data about your database environment. Effective data
security requires that you monitor data and file activity. You use reports to learn the details of your
data security environment. You can add custom and prebuilt reports to a dashboard.

Each report depends on a query to gather the information for the report. In simple terms, the
query defines what information is gathered. You can also use queries to gather information for
other purposes, such as populating a group.

In this lab, you create a dashboard, a simple query, and a report that is used to examine user data
you generate.

Important: These exercises are presented in a virtual lab format. A virtual lab is an interactive
simulation of the original virtual machines. A virtual lab is not an actual virtual machine.
Therefore, your interaction opportunities are restricted to the exercise steps with some minor
variance. You use this lab guide, which walks you through usage and responses for the
components that are taught.

You can run the virtual lab multiple times without restriction.

Exercise 1 Create a simple query and report

In this exercise, you create a dashboard to display your report. Then, you create a simple query
and a report that uses that query. You then place the report on your new dashboard.

The query that you create returns details of all trusted sessions that are sessions open by
database users who are members of the Lab Trusted Users group. The query returns the Database
User Name, Client and Server IP addresses, and Source Program name.

1. To access the Guardium GUI, log in as user labadmin with password P@ssword.

© Copyright IBM Corp. 2022 1

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
The Welcome window opens.

Task 1 Create a new dashboard for your report

1. From the left navigation menu, click My Dashboards > Create New Dashboard.
The new dashboard opens.

2. Click the Edit icon and rename the My Dashboard to Lab Dashboard.

3. Click Save.

2
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
Task 2 Create the query that the report will use
1. From the left navigation menu, click Reports > Report Configuration Tools > Query-Report
Builder.

3
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
The Query-Report Builder window opens.

2. For Domain, select Access.

An icon to add a new query and a list of access reports becomes available.

3. Click the Add icon .

A New Query window opens.
The New Query wizard has sev eral sections, each of which can be expanded or collapsed. The wizard leads you thr ough the process of bui lding a query and generating a report. You can also click Quer y-Report Builder in the lower left part of the wizard to return to the quer y-report builder pane.

4
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
4. For Query name, type -Trusted Sessions.

5. For Main entity, select Session.

Note: It is a good practice to identify the resources that you create with some sort of prefix to
distinguish user-added groups from the built-in ones. In addition, the “-” character at the
beginning means that your reports appear at the top of the list of reports and are consequently
easier to find and select.

6. Click Next.

5
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
The New Query window displays tools to build the query.

You choose entities from the Entities and Attributes list to add to the Selected Columns fields,
which determines how the information is displayed. You add entities to the Query Conditions,
which determine what information is displayed.

7. In the Entities and Attributes table, select Entity: Client/Server with Attribute Client IP and
then click the Copy icon .

6
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
The Client IP attribute is added to the Selected Columns section on the right side of the
window.

7
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
8. Use the scrollbar to add the following attributes to the Selected Columns table:
– Scroll down to add attribute Server IP
– Scroll up to add attribute DB User Name
– Scroll down to add attribute Source Program
When you are finished, the query builder includes four entities in the Selected Columns
section.

9. Scroll down and click Save.

Note: When you build or modify a Guardium query, save your query early and often to avoid loss
of work and frustration.

8
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
10. To ensure that subsequent reports display counts of the sessions rather than details of each
individual session, select Count.

11. Put the fields in the correct sequence. Select the DB User Name entity and use the blue
arrows to promote it to the second position in the sequence.

12. To display the sort order, click the Next icon .

9
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty

13. To set the sort rank, select Sort results by columns and then click the Add icon .
In the field that opens, you can select which columns to sort by, and in what order.

14. From the drop-down list, select Client IP.

15. To sort the data in ascending order, ensure Ascending is selected.

10
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
16. To add another sort entity, click the Add icon. Select DB User Name from the drop-down list
and Ascending.

17. To move to the Conditions section, click Next.

Add conditions to the query. Conditions control the information that is displayed in the report.
You are interested in only trusted users, so you check to ensure that the database users are
members of a group called Lab Privileged Users.

18. To add a condition, click the Add condition icon.

19. Click the Search icon.

11
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
The Select a condition field window opens.

20. Expand Client/Server, scroll down, select DB User Name, and click Select.

12
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
The entity is added to the Conditions section.

21. Select the IN GROUP operator and the Lab Privileged Users runtime parameter.

22. Click Save, and close the confirmation dialog.

Task 3 Add the report to the dashboard

1. Click Add to Dashboard.

The Add Report to Selected Dashboard window opens.

13
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
2. Select Lab Dashboard and click Add Report.
.

3. Click Save, and close the confirmation dialog box.

4. From the left navigation menu, click My Dashboards > My Custom Dashboards > Lab
Dashboard. Your dashboard opens on the Add Report tab with the new report data.

You might not see any data in your report.

5. To add data to the report, click Edit mode.

You see more icons and settings to customize your report.

6. Click the Configure runtime parameters icon .

14
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create a simple query and report

Uempty
7. Review and accept the default Runtime Parameter and click OK.

You now have data in your report.

15
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 Review the updated report

Uempty
Exercise 2 Review the updated report
When you created the query, you set a condition to retrieve activity only where the database user
was in the group named Lab Privileged Users. In this exercise, you view the members of this
group, and then view the results in your report.

Task 1 View group members

1. From the left navigation menu, click Setup > Tools and Views > Group Builder.

16
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 Review the updated report

Uempty
The Group Builder pane opens.

2. To reduce the number of groups, filter by part of the group name Lab Privileged Users. For
example, type Lab.
The group builder entries are filtered so that only group names that contain the word “lab” are
displayed.

Notice that the Lab Privileged Users group has a green checkmark in the Used in query
column.

3. To edit the group, select Lab Privileged Users and click the Edit icon .

17
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 Review the updated report

Uempty
4. To display the group members, click the Members tab.
ifif

There are three group members: DB2INST1, Joan, and Joe. In the next task, you generate
activity for Joan and Joe.

5. To close the group editing pane, click Close.

18
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 Review the updated report

Uempty
Task 2 Customize and view the report results
1. From the left navigation menu, click My Dashboards > My Custom Dashboards > Lab
Dashboard.

2. To view newly added data, click the Refresh icon.

3. To sort the users in descending order, click the DB User Name column heading.
The report includes the s ession activity for JOE and JOAN.

The report shows the activity of users Joe and Joan who are members of the Lab Privileged
Users group.
This concludes this lab.

19
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
© Copyright IBM Corp. 2022