IBM Db2 monitoring with EventLog Analyzer

EventLog Analyzer, a comprehensive log management tool , offers advanced capabilities for gathering, tracking, and analyzing logs from IBM Db2 databases. It meticulously analyzes and reports all changes made using Data Definition Language (DDL) and Data Manipulation Language (DML) commands, while also monitoring user interactions with the database.

EventLog Analyzer ingests log data from IBM Db2 sources and gives detailed DDL and DML auditing reports. Further, the solution alerts you upon any security threats, compromise to sensitive data stored in the system, privilege escalations, and a lot more. Please ensure that you've configured IBM Db2 logs to be sent to EventLog Analyzer.

This article explains the security, auditing, and compliance use cases for IBM Db2 monitoring with EventLog Analyzer.

Monitoring performance of IBM Db2 with EventLog Analyzer: Use cases

Use case Description Why implement it? Available reports, alerts, and capabilities
Monitor database availability Track whether the database is available to accept connections and perform operations. To understand the uptime and availability of the database, conduct troubleshooting and diagnostics, and ensure operational efficiency.
  • Database Started
  • Database Stopped
  • You can configure the predefined Database Stopped alert to define threshold, date, time, and other criteria to get notified on abnormal database downtimes.
Audit configuration changes Track changes to database configurations. Enhance security and performance by ensuring the right configuration and preventing unauthorized changes.
  • DB Configuration Changes
  • DBM Configuration Changes
  • Customize the DB Configuration Changes alert profile by defining thresholds and setting up the alert for specific sources to detect suspicious or unauthorized configuration changes. Example: Enabling the alert to detect configuration changes during non-business hours by defining the time limit.
Analyze database performance Identify issues in the database and troubleshoot to ensure optimum performance. Ensure continuous performance and availability of the database. Diagnostic Log Overview Identify anomalies in performance based on trend graphs.
Audit unauthorized access Monitor and analyze unauthorized connection requests to the database. Ensure data security by identifying unauthorized access to the database.
  • Connection Established
  • Connection Terminated
  • These reports provide detailed insights into the connection requests received by the database, including the time of the request, source IP, and the database accessed. By analyzing this data, organizations can identify unusual patterns or unauthorized access attempts, helping to safeguard the database from potential threats.

IBM Db2 auditing with EventLog Analyzer: Use cases

Auditing IBM Db2 logs to identify critical modifications is essential to ensure data security. EventLog Analyzer provides out-of-the-box reports and alert profiles that help you implement auditing use cases of IBM Db2.

Use case Description Why implement it? Available reports, alerts, and capabilities
DDL auditing Ensure data integrity and security of the database by auditing all DDL activities. Monitor and record all modifications to the database schema, including the creation, alteration, or deletion of tables, indexes, and other objects. Track modifications made to the database schema and identify unauthorized or unintended changes to ensure data integrity.
  • DDL Auditing Reports
  • These reports help identify modifications, such as created, dropped, and altered, to databases, tables, schemas, views, indexes, and triggers.
  • Alert Criteria
  • Database Altered
  • Schemas Altered
  • Index Altered
  • Customize the alerts to detect unauthorized modifications to the data and ensure data integrity. Example: Configure alerts to detect unauthorized DDL operations, such as adding or dropping tables, by specifying the users who can make such changes.
DML auditing Monitor and record all modifications, such as insertions, updates, and deletions, to the data stored in the databases to ensure the integrity of sensitive data and identify unauthorized modifications. Monitors all changes made to the data, identifies unauthorized changes, and helps in data recovery.
  • DML Auditing Reports Statement
  • Select Statement Executed
  • Insert Statement Executed
  • Delete Statement Executed
  • Update Statement Executed
  • Call Statement Executed
  • Alert Criteria
  • Tables Altered
  • Detect unauthorized or suspicious table alterations by enabling and customizing the Tables Altered alert profile to implement effective DML auditing in your environment.
Configuration change monitoring Ensure security and prevent unauthorized access or intrusion by monitoring configuration changes. Monitor and identify changes to configurations to ensure there aren't any misconfigurations or unauthorized modifications made.
  • DB Configuration Changes
  • DBM Configuration Changes
  • These reports provide deeper insights into database configuration changes, helping to detect unauthorized modifications that could lead to potential data breaches.

Securing IBM Db2 with EventLog Analyzer

EventLog Analyzer helps secure IBM Db2 by monitoring events associated to the database, including unauthorized access attempts, unauthorized configuration changes, and data manipulation.

Here are some of the security use cases provided by EventLog Analyzer.

Use case Description Why implement? Detection rules
D etect unauthorized modifications Monitor DDL and DML changes to identify unauthorized changes to the schema or the data stored in the database. Monitoring unauthorized changes is essential to ensure data integrity and also to ensure compliance.
  • Alert criteria
  • Database Altered
  • Index Altered
  • Schema Altered
  • Tables Altered
  • Views Altered
  • EventLog Analyzer provides predefined alerts for DDL operations. You can customize the alert templates to detect unauthorized changes from unusual locations or volume to detect anomalies.

IBM Db2 compliance auditing with EventLog Analyzer: Use cases

There are several regulations that mandate organizations to keep a close watch on their database events to ensure data security. This includes having a monitoring tool in place to identify unauthorized access attempts and detect any changes that happen to the data.

Compliance requirements: Solution mapping
EventLog Analyzer reports and alerts Detection rules Regulations Requirements
Db2 DDL Changes DDL modifications GDPR
  • GDPR ARTICLE 5 (1D)
  • GDPR ARTICLE 5 (1F)
  • GDPR ARTICLE 32 (1B)
  • GDPR ARTICLE 32 (1D)
ISLP
  • ARTICLE 12
  • ARTICLE 13
  • ARTICLE 19.3
  • ARTICLE 20.5
  • ARTICLE 30.4
  • ARTICLE 30.6
NRC
  • ACT B.1.6
  • ACT B.1.22
  • ACT B.2.6
  • ACT C.3.4
  • ACT C.3.7
  • ACT C.4.3
CCPA and CPRA Section 1798.150.(a)
FERPA Section 99.31 (a)(1)(ii)
PDPA
  • RULE VI Section 25
  • RULE VII Section 30
NIST CSF Data Security (PR.DS)
POPIA
  • Chapter 3 - Section 19 (2) (a)
  • Chapter 3 - Section 20 (1) (b)
QCF
  • 3.2 Endpoint Security Service
  • 4.2 Application Security Service
  • 4.6.2 Threat Modelling
  • 6.2 Data Protection Service
  • 6.8.3 Data at rest
  • 7.2 Change and Patch Management Service
  • 8.11 Security monitoring and operations strategy
SAMA
  • 3.2.1.1 Cyber Security Risk Identification
  • 3.2.1.3 Cyber Security Risk Response
  • 3.3.6 Application Security
  • 3.3.7 Change Management
PDPL
  • Article 19 - Information Security
  • Article 21 - Controls and Procedures for Dealing with Credit Data
CJDN Account Administration
UAE-NESA
  • T3.2.1
  • T7.6.1
LGPD Art 14
Db2 DML Changes DML modifications GDPR
  • GDPR ARTICLE 5 (1D)
  • GDPR ARTICLE 5 (1F)
  • GDPR ARTICLE 32 (1B)
  • GDPR ARTICLE 32 (1D)
ISLP
  • ARTICLE 12
  • ARTICLE 13
  • ARTICLE 19.3
  • ARTICLE 20.5
  • ARTICLE 30.4
  • ARTICLE 30.6
NRC
  • ACT B.1.6
  • ACT B.1.22
  • ACT B.2.6
  • ACT C.3.4
  • ACT C.3.7
  • ACT C.4.3
CCPA and CPRA Section 1798.150.(a)
FERPA Section 99.31 (a)(1)(ii)
PDAP
  • RULE VI Section 25
  • RULE VII Section 30
NIST CSF Data Security (PR.DS)
POPIA
  • Chapter 3 - Section 19 (2) (a)
  • Chapter 3 - Section 20 (1) (b)
QCF
  • 3.2 Endpoint Security Service
  •  
  • 4.2 Application Security Service
  •  
  • 4.6.2 Threat Modelling
  •  
  • 6.2 Data Protection Service
  •  
  • 6.8.3 Data at rest
  •  
  • 7.2 Change and Patch Management Service
  •  
  • 8.11 Security monitoring and operations strategy
  •  
SAMA
  • 3.2.1.1 Cyber Security Risk Identification
  • 3.2.1.3 Cyber Security Risk Response
  • 3.3.6 Application Security
  • 3.3.7 Change Management
PDPL
  • Article 19 - Information Security
  • Article 21 - Controls and Procedures for Dealing with Credit Data
CJDN Account Administration
UAE-NESA
  • T3.2.1
  • T7.6.1
LGPD Art 14
Db2 Configuration Configuration changes to DB and DBM CMMC C013 - CM.2.061
QCF
  • 6.8.3 Data at rest
  • 8.11 Security monitoring and operations strategy
TISAX 5.2.4
SAMA
  • 3.2.1.1 Cyber Security Risk Identification
  • 3.3.6 Application Security
CJDN Account Administration
Db2 Database Server Reports Reports on Db2 Database Server CJDN Account Administration
Db2 Database Connection Auditing Monitoring Db2 Database Connections CJDN Account Administration