Configuring Universal Data Insights connections

Through the Universal Data Insights service, the threat data and indicators of compromise (IOCs) are obtained at specified intervals by adding and configuring data source connections to the source connectors.

Before you begin

You must run the following command in the Guardium® Central Manager appliance to obtain Client ID and Client Secret that is needed for configuring the data source connections.> grdapi register_oauth_internal_client getEncrypted=false grant_types=password module=UDI

About this task

The threat data and IOCs are imported based on the user entitlements to access the data source connections. On the Connections > Data sources page, you can see only the connections that you are entitled to view and access the data sources. If you are an admin user for the data sources, you can view and access all the data source connections.

You can create and configure data source connections from the following source connectors:
  • IBM® Security Guardium
  • IBM Security QRadar®
  • TruSTAR
  • Micro Focus ArcSight
  • CrowdStrike Falcon
  • Amazon CloudWatch
  • IBM Security Verify Privilege Vault


  1. On the home page, click the Menu icon.
  2. In the General settings section, click Connections > Data sources.
  3. Click Data sources.
  4. Click Connect a data source.
  5. Select the connector and configure. For the configuration information, see Universal data insights connectors.


The threat data and IOCs are imported through the Universal Data Insights service at specified intervals from the source connectors that you configured. For more information about scheduling the import tasks, see Scheduling tasks.

You can review and manage your data source connections by using the Manage connections module of Risk Manager. For more information, see Managing connections in Risk Manager.