For sending Guardium data to SIEM, it is possible to send the audit process results via syslog.
Currently, to write audit process results to syslog with a named template it is very complex. Steps:
Manually define the named template, mapping audit process result column headers to the named template. This has to be done on a per report basis - could be dozens or 100s of reports in big environment
Manually create named templates via GUI global profile page, there is no cli/grdapi. Again could be many templates to create.
Manually add the correct named template to correct audit process via GUI.
If the report definition ever changes, need to be able to identify this somehow, not necessarily easy. Then all above steps need to be repeated for the updated report.
To manage this process in large enterprise environment is too manual, too many steps, too easy to miss things and general user experience is not good.
The idea is to improve this workflow for customer:
Reduce number of steps
Increase parts that are automated and available in grdapi
Improve visibility in GUI for this process
Improve ease on ongoing management of named templates for audit process
Some specific ideas:
Ability to create or update named template in audit process format from a report definition in one click and grdapi
Ability to manage templates at a bulk level e.g. edit and add prefix / postfix to all or selected named templates. Considering the template might look like <customer prefix>|<bulk of named template which is different for each report>|<customer postfix>
When selecting a named template to use in audit task, highlight or automatically select templates that are linked to reports in the audit task.
Do not place IBM confidential, company confidential, or personal information into any field.