.png?sv=2022-11-02&spr=https&st=2024-07-27T02%3A29%3A24Z&se=2024-07-27T02%3A39%3A24Z&sr=c&sp=r&sig=zpE6qTpqBqzzLd%2FWK%2FE3h6caD7BzQSMOcvioy7dAEc8%3D){kind=logo}
IBM Guardium
- 21 Jul 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
IBM Guardium
- Updated on 21 Jul 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
IBM Guardium prevents leaks from databases, data warehouses, and Big Data environments. It ensures the integrity of information and automates compliance controls across heterogeneous environments.
NOTE
Axonius uses the Guardium REST API which supports several Guardium products including information collected by S-TAPs.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Databases
Parameters
Guardium Domain (required) - The hostname of the Guardium server.
User Name and Password (required) - The user name and password for an account that has read access to the API.
Client ID and Client Secret (required) - The Client ID and Client Secret as shown in the Guardium API. For more details, see Generating the Client ID and Client Secret.
- The client ID must be registered in Guardium and the associated client secret retrieved.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Generating the Client ID and Client Secret
In order for the IBM Guardium adapter to work, you must perform the following steps:
Generate Client Secret in IBM Guardium - You must have PowerShell and administrative privileges to execute the commands on your server. Use the IBM command below to generate the Client Secret. Insert your Client ID into
{CLIENT_ID_NAME}.grdapi register_oauth_client client_id={CLIENT_ID_NAME} grant_types="password" redirect_uris=https://someApp scope="read,write"This command generates a JSON containing
client_secretthat will be used in the adapter configuration.{"client_id":"{CLIENT_ID_NAME}", "client_secret":"{CLIENT_SECRET}", "grant_types":"password", "scope":"read,write", "redirect_uri":"https://someApp"}Insert the values from
{CLIENT_ID_NAME}and{CLIENT_SECRET}into the Client ID and Client Secret fields in the adapter configuration pane.Create Active Directory user - Create a specific AD user for IBM Guardium. This account will have read access to the API.
Insert the user name and password you created for the Active Directory user into the User Name and Password fields in the adapter configuration pane.Give Asset Read permission for the Active Directory user - Create a user in IBM Guardium using the same credentials for the user you created in AD. When you create this user, the User Browser table will display an option called “Roles” under the Action column. In “Roles”, give the new user API access to read the assets.
Advanced Settings
Note:
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Fetch data sources - Select this option to fetch data sources.
Note:
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Required Ports
Axonius must be able to communicate with the value supplied in Guardium Domain via the following ports:
- TCP port 8443
Was this article helpful?