IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Add a new idea Subscribe
Status Functionality already exists
Workspace Cloud Pak for Data Platform
Created by Guest
Created on Jan 24, 2024

RELATED IDEAS

Integration of WebServer logs into Audit Logging

Web server logs or equivalent HTTP access logs are not found in CP4D Audit output.

ATTRIBUTES -

At a minimum, the required security audit logging attributes must include:

a. The identity of the account accessing the system, (e.g.,Standard accounts, secondaryaccounts, external accounts and service accounts.)

b. Date and local time zone (or UTC)

c. System name generating the log.

d. Log recording system name.

e. Source IP address.

f. Port where available

g. SessionID


ACTIVITIES -

At a minimum, the required security audit logging activities must include:

a. Login/logoff event. In the event of a logon failure, the reason must be specified (e.g., invalid username, invalid password, account locked, etc.).

b. Downloading and revisions to confidential information

c. Creation of, amendments, or changes to customer accounts and financial transactions

d. All privileged user activities including both successful and unsuccessful attempts.

e. Web access events in extended log format [as applicable]:

     1. Timestamp

     2. http method

     3. Uri

     4. uri query string

     5. http User-Agent header

     6. http Referer header

     7. The true IP of the client or http X-Forwarded-For header

f. System errors relevant to security events, including but not limited to: SQL errors that indicate a SQL injection, fuzzing, multiple failed logins, failed configuration change, failed/disabled anti-virus software failures

Bank of America...
Bank of America Audit Log Requirement Table.pdf
 Bank of America Audit Log Requirement Table.pdf
Open full size
Bank of America Audit Log Requirement Table.pdf
Needed By Quarter
  • Admin
    Malcolm Singh
    Reply
    |     Oct 4, 2024

    This was discussed with the BoA CSM and the customer team. They were satisfied with the additional logging that was to be provided in version 4.8. This will be closed, with a new request for return the IP address instead of the hostname that will be tracked separately.

  • Guest
    Reply
    |     Apr 11, 2024

    Malcolm Singh provided the following:

    --

    In Cloud Pak for Data v4.8 there was a focus on serviceability, which included enhancements to the auditing and monitoring user activity in Cloud Pak for Data. Based on this, request information is captured in the Cloud Pak for Data Audit Events, which can be accessed by popular SIEM server such as QRadar or Splunk.

    For example, at the Cloud Pak for Data platform level the following information is provided:

    Platform Level - Login, Logout, Session, Authentication

    • users.authenticate - Success or failure when a user logs in.

    • users.revoke - Record when users log out.

    • accounts.authenticate - Success or failure of token authentication.

    • authorization - Failure when invoking any privileged action.

    Where more information is provided at the service instance level (e.g. Watson OpenScale) the following information is provided:

    Instance Level – management for OpenScale (examples)

    • metrics.create- Store metric in the Watson OpenScale instance

    • payload.create- Log payload in the Watson OpenScale instance

    • datamart.configure- Configure the Watson OpenScale instance

    • datamart.delete- Delete the Watson OpenScale instance

    • binding.create- Add service binding to the Watson OpenScale instance

    • binding.delete- Delete service binding from the Watson OpenScale instance

    • subscription.create- Add subscription to the Watson OpenScale instance

    • subscription.delete- Delete subscription from the Watson OpenScale instance

    Instance Level – Management for OpenPages

    In Watson OpenPages more audit information is provided based on the service type, which you can reference from the documentation.

    For a complete list of all the auditable events please refer to the link posted above.

    Activity Monitoring

    For activity monitoring, this has been enhanced and this information can be capture using rsyslog to be used by popular SIEM servers or similar dashboard services.

    The following page provides more information: Monitoring Cloud Pak for Data user activity, where the following information is captured:

    req_userid

    The user's user ID.

    http_referrer

    The page that the user accessed.

    request

    The HTTP request type, such as GET, POST, PUT, and so on.

    http_sec-fetch-dest

    The type of resource that the user accessed, such as an image, document, audio file, script, and so on.

    http_x_forwarded_for

    The original IP address of a client before proxy.

    time

    The time of the request in ISO 8601 format.

    remote_addr

    The client address after the last proxy.

    upstream_addr

    The IP address and port of the destination server.


    It is also possible to add descriptions to the user activity logs for easier identification.

    There is item ‘f’ under activities, which needs to be expanded since there are many requests in this item, where some seem specific to the service and in some cases user activity monitoring.

    1. System errors relevant to security events, including but not limited to: SQL errors that indicate a SQL injection (this is specific to the service logs) fuzzing (this is as the testing level, but user activity monitor captures invalid logins, etc…) , multiple failed logins, (user activity monitoring) failed configuration change (service level), failed/disabled anti-virus software failures (n/a)

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.