Release notes - Guardium Insights Version 3.3.0

IBM® Guardium® Insights is a hybrid cloud data security hub that helps you improve visibility into user data activity and risk. Guardium Insights helps you protect data more efficiently, enhance information technology flexibility, and reduce operational costs as you embrace new business paradigms (such as moving data to the cloud). Guardium Insights helps reduce the cost and complexity related to collecting, managing, and retaining data security and compliance data. It provides new analytics to enhance threat investigations - and it provides quick reporting functionality (including prebuilt reports). Risk scoring and alerting in Guardium Insights help you prioritize your activities.

Version 3.3.x This content only applies to Guardium Insights Version 3.3.x.

Guardium Insights is a powerful tool that can help you secure your data. Simple to use, Guardium Insights allows you to set up connections to your data sources.

Guardium Insights provides tools to help you analyze data:

Outlier mining: Detecting anomalies in activities and exceptions.
Risk events: Identifying assets at risk using broad data points.
Reports: Dive into the raw data for deep investigation.

Download Guardium Insights v3.3.0
Install Guardium Insights v3.3.0
What's new in IBM Guardium Insights Version 3.3.0
Bug fixes in Guardium Insights v3.3.0
Known limitations and workarounds for Guardium Insights v3.3.0
Resources

Download Guardium Insights v3.3.0

Guardium Insights V3.3.0 can be downloaded as an archive file (2.3.0.tar.gz) from: https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-guardium-insights

You can install only the products for which your site is entitled.

For further instructions, read the README.md file located after unzipping the latest tar file.

The Quick Start Guide for this offering is available at Passport Advantage (https://www.ibm.com/software/passportadvantage) (search for Part Number “M0H7GML”).

Install Guardium Insights v3.3.0

Before installing Guardium Insights, review the system requirements.

This offering is deployed as a new installation of Guardium Insights – or as an in-place upgrade. Please follow these instructions:

What's new in IBM Guardium Insights Version 3.3.0

Ease of use: Improved performance for online reports.; Export to immutable PDF for compliance attestation.; User interface improvements.
Enterprise maturity: Support for direct-to-Guardium Insights communication protocol when integrating with Guardium Data Protection. This change improves and simplifies network requirements.; SAML integration for external identity providers.
Multi-tenant support: Guardium Insights now supports adding additional tenants after installation. For more information, see Creating and using additional tenants after installing Guardium Insights.
Technical debt: Guardium Insights now supports OpenShift® Container Platform Version 4.14.x. To learn more about OpenShift Container Platform support, see here.; Support for Red Hat OpenShift service on Amazon Web Services (ROSA).; Improved Db2® performance through new db2uinstance functionality.; Dynamically-provisioned storage in AWS removes need for costly storage abstraction layers.

Note:

As of Version 3.3, the initial user that is created by Guardium Insights is assigned the Administrator role. If you are upgrading from a previous version of Guardium Insights and you create a new tenant, the role of the default user of that tenant will be granted the Administrator role upon upgrade.
In previous releases of Guardium Insights, ibmc-block-gold was used for Db2 block storage on IBM Cloud® (Classic). This has changed to ibmc-file-gold-gid.

Bug fixes in Guardium Insights v3.3.0

Table 1. Bug fixes
Issue key	Description
INS-34225	After upgrading OpenShift Container Platform to Version 4.12 from 4.10, the Guardium Insights user interface becomes slow to respond and eventually stops responding.
INS-26139	Errors in Guardium Insights were being caused by an outdated version of Ansible. Ansible in Guardium Insights has been updated.
INS-23621	Throughput metrics were missing from the `datamart-processor` log.
INS-22638	During AWS data ingestion, records were being duplicated.
INS-22382	When creating a connection to AWS, it was possible to enter a Consumer group name that was longer than 128 characters and have the connection created. Now, the 128-character limit is enforced.
INS-22293	Data mart files were not properly ingested when Db2 was brought up after manually scaling down.
INS-22288	The Data mart ingestion page stopped responding when Db2 tables were locked.
INS-20299	When adding an AWS connection, the Port number field was missing navigation arrows.
INS-19606	After creating a policy, you can set it to include result-set rules. Previously, if you did this and then added a result-set rule, the Enter a custom regular expression field had no character limit.
INS-17040	In the Guardium Insights Notifications page, the Performed by column was empty for file downloads and other actions.
INS-12909	Db2 for z/OS `SYSADM` administrative user was not available in the predefined Administrator group (Admin users - default). This user has now been added to the default group - and the Administrative user login report now includes login activity for this user.
INS-11716	After creating an IBM Security Verify Privilege Vault integration, the configuration indicated that the account was connected, even after the account was locked. Now, the PAM integration configuration status is marked with a connection error when the account is locked.

Known limitations and workarounds for Guardium Insights v3.3.0

Table 2. Known limitations and workarounds for Guardium Insights v3.3.0
Known limitations and workarounds for Guardium Insights v3.3.0
Issue key	Description
INS-45231	After upgrading from Guardium Insights version 3.2.x, risk events are not generated and the `risk-analytics-classification` log includes this error: `java.lang.StackOverflowError` Workaround: Connect to the MongoDB pod, select the relevant database, and run these commands: `db.system_data_versions.deleteOne({"_id": "risk-analytics-classification"}) db.classification_type.drop()` After issuing these commands, restart all `risk-analytics-classification` pods.
INS-39477	After upgrading from Guardium Insights version 3.2.1 and later, risk events are not generated and the `risk-analytics-engine` log includes this error: `Could not create violation lead generator, an error occurred: Failed to load query to collect leads from violation.` Workaround: Connect to the MongoDB pod, select the relevant database, and run these commands: `db.system_data_versions.deleteOne( {"_id": "risk-analytics-engine"}) db.leads_configuration.drop() db.leads_generators.drop() db.leads_weights.drop() db.features_configuration.drop() db.queries.drop()`
INS-38008	Upgrading Guardium Insights fails with `non-zero return code` error when the length of the `spec.guardiumInsightsGlobal.ingress.hostname` value in your custom resource (CR) file is longer than 58 characters. Workaround: Before upgrading, ensure that the length of the `spec.guardiumInsightsGlobal.ingress.hostname` value in your custom resource (CR) file is 58 characters or fewer.
INS-37829	An additional `cp-serviceability` pod is in the `ContainerCreating` state. This prevents the Guardium Insights`mustgather` tool from working, as documented. Workaround: Choose one of these options: Delete the additional `ReplicaSet` that is creating the additional pod: Find the `cp-serviceability` `replicasets`: `[root@bastion ~]# oc get replicasets \| head -n 1 NAME DESIRED CURRENT READY AGE [root@bastion ~]# oc get replicasets \| grep cp- staging-cp-serviceability-645ddf7ffd 1 1 0 6d1h staging-cp-serviceability-9b7bb5684 1 1 1 6d1h` Remove the `replicaset` that is marked as `READY` = `1`. In the above example, this is `staging-cp-serviceability-9b7bb5684`: `[root@bastion ~]# oc delete replicaset staging-cp-serviceability-9b7bb5684 replicaset.apps "staging-cp-serviceability-9b7bb5684" deleted` Wait until additional `cp-serviceability` pod is terminated: `[root@bastion ~]# oc get pods \| grep cp- staging-cp-serviceability-645ddf7ffd-7w4kl 0/1 ContainerCreating 0 97m staging-cp-serviceability-9b7bb5684-n4nx7 1/1 Terminating 0 100m [root@bastion ~]# oc get pods \| grep cp- staging-cp-serviceability-645ddf7ffd-7w4kl 1/1 Running 0 100m` You will now be able to use the documented `mustgather` commands. When using `mustgather` commands that refer to a `cp-serviceability` pod, use the pod that is in the `Running` state. You can refer to https://www.ibm.com/support/pages/node/6832174. In this document, extra verification is required: For step ii, check which pod is `Running` by issuing this command: `oc get pods \| grep cp-serviceability` For step v, use the pod in `Running` state to download files with `oc cp` commands.
INS-37724	When working with compliance milestones, you can Refine alerts with the Configure alert recipients action. When you choose this action and refine alerts, you can elect to send emails for actions. When you click the Send email to action and then click Invite users, the resulting landing page includes an Add users button that does not work. Workaround: Go to the user management screen and add the user. Then return to the Refine alerts page to add the user to the list.
INS-37360	After upgrading from Guardium Insights Version 3.2.x, an existing S3 connection that was healthy before upgrading becomes unhealthy. Workaround: Editing the connection will cause it to be healthy again.
INS-37352	When there are very large amounts of data, the Data mart ingestion page displays this error: `Data mart unavailable Cannot load data mart statistics. Refresh the page to try again` Workaround: If the Data mart ingestion page displays this error, you can access the data mart ingestion information by opening the Data mart ingestion status report. This report includes data marts collected from both collectors and aggregators. To open the reports page, select Reports in the main menu. Open this menu by clicking the main menu icon ()
INS-37220	After upgrading , the `datamart-processor` may not be able to write files to storage. As a result, data ingestion no longer takes place (the files are not ingested, but they are preserved). Workaround: To re-upload the files that have been preserved - and to resume ingestion - restart `ssh-service`.
INS-36860	In Guardium Insights Version 3.3, support for the Universal Connector plugin for Amazon Neptune is temporarily paused. New versions of some of the dependencies required for this plugin could introduce security vulnerabilities and stability issues. Remediation of these dependencies is in progress and full support for Neptune will resume in the future. Customers who rely on the Universal Connector to monitor Amazon Neptune are advised to remain on Guardium Insights Version 3.2.x until Version 3.3.x support is fully available.
INS-35876	There is a known issue for compliance reports when filtering with very large groups (performance is degraded when groups defined for compliance have greater than 2000 members). Workaround: Keep group members for all compliance groups at 2000 members or fewer until future performance improvements can be made.
INS-29331	In rare cases, there are Db2 errors for services such as the reports and risk services. These may prevent report execution or risk event generation. When this occurs, these errors are seen in the logs for the related service: `SQLCODE=-1803, SQLSTATE=57056, SQLERRMC=NULLID.SYSSN200 0X5359534C564C3031, DRIVER=4.26.14 SQLCODE=-901, SQLSTATE=58004, SQLERRMC=Plan/Environment mismatch!, DRIVER=4.26.14` Workaround: See Db2 errors for reports and risk services.

Resources

IBM Guardium Insights documentation: http://ibm.com/docs/SSWSZ5_3.3.x/

Guardium Insights v3.3.x system requirements and prerequisites

IBM Security Learning Academy: https://www.securitylearningacademy.com