Release notes - Guardium Insights Version 3.5.0
IBM® Guardium® Insights is a hybrid cloud data security hub that helps you improve visibility into user data activity and risk. Guardium Insights helps you protect data more efficiently, enhance information technology flexibility, and reduce operational costs as you embrace new business paradigms (such as moving data to the cloud). Guardium Insights helps reduce the cost and complexity related to collecting, managing, and retaining data security and compliance data. It provides new analytics to enhance threat investigations - and it provides quick reporting functionality (including prebuilt reports). Risk scoring and alerting in Guardium Insights help you prioritize your activities.
Version 3.5.x This content only applies to Guardium Insights Version 3.5.x.
Guardium Insights is a powerful tool that can help you secure your data. Simple to use, Guardium Insights allows you to set up connections to your data sources.
Guardium Insights provides tools to help you analyze data:
- Outlier mining: Detecting anomalies in activities and exceptions.
- Risk events: Identifying assets at risk using broad data points.
- Reports: Dive into the raw data for deep investigation.
Contents
Download Guardium Insights v3.5.0
Guardium Insights V3.5.0 can be downloaded as an archive file (2.5.0.tar.gz) from: https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-guardium-insights
You can install only the products for which your site is entitled.
For further instructions, read the README.md file located after unzipping the latest tar file.
Install Guardium Insights v3.5.0
Before installing Guardium Insights, review the system requirements.
This offering is deployed as a new installation of Guardium Insights – or as an in-place upgrade. Please follow these instructions:
- For Guardium Data Protection version 11.4, upgrade to patch 11.0p490.
- For Guardium Data Protection version 11.5, upgrade to patch 11.0p535.
- For Guardium Data Protection version 12.0, upgrade to patch 12.0p10.
What's new in IBM Guardium Insights Version 3.5.0
- Asset inventory usability enhancements
- You can use asset inventory as the single source of truth to have quicker and better visibility over your data security assets. For more information, see Reports and workflows for assets.
- Reports
-
- You can now filter on aggregated report data.
- Support for
HAVINGcondition in reports.
- Improved flexibility of reports visualization framework
- Visualization of reports
now includes a gallery of charts to choose from. Once you have selected a chart, you can modify its
code to customize it to suit your needs.
When adding a report to a dashboard, you can now choose to add its data visualization to the dashboard card.
- Improved tenant switching
- The Guardium Insights main page now displays the tenant that you are using. Clicking the tenant allows you to easily switch to other tenants.
- Policy import from Guardium Data Protection
- You can now reduce operational overhead by importing data security policy definitions from Guardium Data Protection (GDP) central manager to Guardium Insights. To use the policy import feature on Guardium Data Protection, your GDP system must be patched to the minimum supported version. In addition, your GDP central manager must be registered via the push model. For more information, see Importing policies from Guardium Data Protection.
- External ticketing service improvements for Risk Events
- When you open a risk event that has been delegated to any ticketing service, the status of the external ticket is displayed next to the ticket number. The status is updated every time the record is opened or refreshed.
- Custom data import
- You can now import external data into Guardium Insights for use in reports or alert policies.
- Jira ticketing
- Guardium Insights now supports configuring ticketing for Jira.
Security fixes in Guardium Insights v3.5.0
Security fixes
| Issue key | Vulnerability ID |
|---|---|
| INS-45514 | CVE-2024-39338 |
| INS-43682 | CVE-2024-37891 |
| INS-43674 | CVE-2024-3651 |
| INS-42591 | CVE-2024-24790 |
| INS-42589 | CVE-2024-24789 |
Known limitations and workarounds for Guardium Insights v3.5.0
| Issue key | Description |
|---|---|
| INS-29331 | In rare cases, there are Db2® errors for services
such as the reports and risk services. These may prevent report execution or risk event generation.
When this occurs, these errors are seen in the logs for the related
service:Workaround: See Db2 errors for reports and risk services. |
|
After upgrading Guardium Insights from version 3.2.x
to version 3.3.x and then to version 3.4.0, universal connector connections do not work due to a
certificate error. Note that the workaround for this issue will be required as long as Guardium Insights version 3.3.x is in service. Workaround: See Existing universal connector certificate does not work in a restored environment. |
| INS-37352 | When there are very large amounts of data, the Data mart ingestion page displays this
error:Workaround:
If the Data mart ingestion page displays this error, you can access the data mart ingestion
information by opening the Data mart ingestion status
report. This report includes data marts collected from both collectors and aggregators. To open the reports page, select Reports in
the main menu. Open this menu by clicking the main menu icon ( |
| INS-37724 | When working with compliance milestones, you can Refine alerts with the
Configure alert recipients action. When you choose this action and refine
alerts, you can elect to send emails for actions. When you click the Send email
to action and then click Invite users, the resulting landing page
includes an Add users button that does not work. Workaround: Go to the user management screen and add the user. Then return to the Refine alerts page to add the user to the list. |
| INS-39694 | After modifying data retention settings, the new settings do not take effect until you restart the data
retention pod. Workaround: Restart the data retention pod after changing the settings. |
| INS-45613 | When using the Azure Postgres universal connector, traffic is not captured and there is an
error in azurepostgres_podlogs.Workaround: Install the latest Azure PostgreSQL plug-in. To learn more, access the main documentation about the universal connectors. Draft comment: jcalder@ca.ibm.com The above content is draft for now. I have asked for a proper description/workaround in https://jira-ds.rtp.raleigh.ibm.com:8443/browse/INS-45613. |
| INS-46527 | Links to product documentation from the welcome page are broken. There is no workaround for this problem. |
| INS-47111 | After upgrading to IBM Common Services
version 4.6.5, there is an Unable to resolve host error in the
cp-console route when logging.This can happen when the default OpenID Connect
(OIDC) client was not copied to Enterprise DB (EDB) after the upgrade. This is likely a timing issue
which requires you to rerun the Workaround: Log in
to the cluster by issuing these
commands: |
)Resources
IBM Guardium Insights documentation: Guardium Insights overview
Guardium Insights v3.5.x system requirements and prerequisites
IBM Security Learning Academy: https://www.securitylearningacademy.com
Bug is marked as fixed in Jira only because it is documented here. I assume that this needs to stay in release notes for good.