Reconciling database inventory

Asset reconciliation compares a user-provided list of databases with the databases that are known to Guardium. This feature offers a quick way to identify old or unknown databases and to verify that Guardium provides the coverage that you want.

Before you begin

Asset reconciliation supports the following databases:
  • Db2
  • Db2 z/OS
  • Informix
  • MongoDB
  • MS SQL Server
  • MS SQL SERVER (DataDirect)
  • MS SQL SERVER (DataDirect - Dynamic Port)
  • MySQL
  • Netezza
  • Oracle
  • Oracle (DataDirect - Service Name)
  • Oracle (DataDirect - SID)
  • PostgreSQL
  • SAP HANA
  • Sybase
  • Sybase IQ
  • Teradata
Unsupported databases cannot be reconciled and are ignored with an error message.
Attention: Microsoft Excel format (XLS) is not supported. When exporting CSV from Excel, verify that the CSV file is created with complete rows and is not missing delimiters for empty fields.

About this task

Reconciling database inventory (asset reconciliation) compares databases that are known to Guardium with an external, user-provided list of databases. Asset reconciliation accepts CSV or CMDB inputs and categorizes databases as existing only in Guardium, only in the external list, or as existing in both Guardium and the external list. For databases that are known to Guardium, the reconciliation process shows information about where the database is used, for example, in a datasource definition or with compliance monitoring. Asset reconciliation also supports an allowlist of databases that are not known to Guardium that can be ignored in the future.

Procedure

  1. Browse to Setup > Smart Assistant > Compliance Monitoring.
  2. Select the Databases tab and click Reconcile assets to open the Reconcile database inventory dialog.
  3. Select the list of databases to compare with databases that are known to Guardium.
    • To use a CSV file, select Compare to CSV file.
    1. Click Browse and select a CSV file that contains the list of databases to compare.
    2. Click Load to begin working with the CSV file.
    3. Use the drop-down menus to map columns from the CSV file to specific database information.
      For example, to map host information, use the Host name/IP menu to select the column name that contains the hostnames or IP address of your databases.
      Note:
      • Database type is a required field and must match one of the supported databases. For example, the strings Db2 LUW or Db2 v11 do not match the expected value, Db2.
      • Columns containing Instance name, Server name, and Service name information are automatically assigned based on the associated database type. For example, in a CSV file that contains Db2 instance names and Oracle service names in a single column, mapping that column to either Instance name or Service name fields assigns the value to the correct field for the database type.
    4. Click OK.
    • To use CMDB, select Compare to CMDB.
    1. Select an existing CMDB URL or click add to add a new one.
      To add a new URL, define the Type (for example, Service Now), URL from the CMDB provider, and account credentials.
    2. Select a Table to reconcile.
    3. Click Load to begin working with the CMDB records.
    4. Use the drop-down menus to map fields from the CMDB records to specific database information.
      For example, to map host information, use the Host name/IP menu to select the column name that contains the hostnames or IP address of your databases.
      Note: Columns that contain Instance name, Server name, and Service name information are automatically assigned based on the associated database type. For example, in the CMDB table that contains Db2 instance names and Oracle service names in a single column, mapping that column to either Instance name or Service name fields assigns the value to the correct field for the database type.
    5. Click Run Now or Schedule.
  4. Begin working with the Asset reconciliation results dialog.
    Databases not in Guardium
    This table shows databases that are listed in the input (either CSV or CMDB) that are not known to Guardium.
    • Select databases and click Add to allowlist to prevent them from appearing in this table during future reconciliations. You are asked to provide a brief justification for adding the databases to the allowlist.
    • Select databases and click Add to Guardium inventory to add them to Guardium's list of known databases. After the databases are added to the inventory, they are available for use with compliance monitoring and other features.
    Databases only in Guardium
    This table shows databases that are known to Guardium but not listed in the input. In addition, the table indicates whether Guardium has observed traffic on the databases and how the databases are used in Guardium (for example in datasource definitions or compliance monitoring).
    • Select databases and clickdelete to remove them from the Guardium list of known databases.
    Matched databases
    This table shows databases that are listed in the input and that are also known to Guardium. In addition, the table indicates whether Guardium has observed traffic on the databases and how the databases are used in Guardium (for example, in datasource definitions or compliance monitoring).
    Rows rejected
    This table lists rows from the input that identify an unsupported database type or do not contain enough information to uniquely identify a database. Each entry contains a brief description of the problem with the input.
    Allowlist databases
    This table lists databases in the input that can be ignored during the reconciliation process.