Contents x
    IBM Guardium
    • 02 Mar 2025
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    IBM Guardium

    • Updated on 02 Mar 2025
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    IBM Guardium prevents leaks from databases, data warehouses, and Big Data environments. It ensures the integrity of information and automates compliance controls across heterogeneous environments.

    Note:

    Axonius uses the Guardium REST API which supports several Guardium products including information collected by S-TAPs.)

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices
    • Databases

    Parameters

    1. Guardium Domain (required) - The hostname of the Guardium server.

    2. User Name and Password (required) - The user name and password for an account that has read access to the API.

    3. Client ID and Client Secret (required) - The Client ID and Client Secret as shown in the Guardium API. For more details, see Generating the Client ID and Client Secret.

      • The client ID must be registered in Guardium and the associated client secret retrieved.

    4. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

    5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    IBMGuardium


    Generating the Client ID and Client Secret

    In order for the IBM Guardium adapter to work, you must perform the following steps:

    1. Generate Client Secret in IBM Guardium - You must have PowerShell and administrative privileges to execute the commands on your server. Use the IBM command below to generate the Client Secret. Insert your Client ID into {CLIENT_ID_NAME}.

      grdapi register_oauth_client client_id={CLIENT_ID_NAME} grant_types="password" scope="read,write"

      This command generates a JSON containing client_secret that will be used in the adapter configuration.

      {"client_id":"{CLIENT_ID_NAME}", "client_secret":"{CLIENT_SECRET}", "grant_types":"password", "scope":"read,write", "redirect_uri":"https://someApp"}

      Insert the values from {CLIENT_ID_NAME} and {CLIENT_SECRET} into the Client ID and Client Secret fields in the adapter configuration pane.

    2. Create Active Directory user - Create a specific AD user for IBM Guardium. This account will have read access to the API.
      Insert the user name and password you created for the Active Directory user into the User Name and Password fields in the adapter configuration pane.

    3. Give Asset Read permission for the Active Directory user - Create a user in IBM Guardium using the same credentials for the user you created in AD. When you create this user, the User Browser table will display an option called “Roles” under the Action column. In “Roles”, give the new user API access to read the assets.

    Note:


    Advanced Settings

    Note:

    Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

    • Fetch data sources - Select this option to fetch data sources.
    Note:

    To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

    Required Ports

    Axonius must be able to communicate with the value supplied in Guardium Domain via the following ports:

    • TCP port 8443


    Was this article helpful?
    What's Next