Asset reconciliation compares a user-provided list of databases with the databases that
are known to Guardium. This feature offers a quick way to identify old or unknown databases and to
verify that Guardium provides the coverage that you want.
Before you begin
Asset reconciliation supports the following databases:
- Db2
- Db2 z/OS
- Informix
- MongoDB
- MS SQL Server
- MS SQL SERVER (DataDirect)
- MS SQL SERVER (DataDirect - Dynamic Port)
- MySQL
- Netezza
- Oracle
- Oracle (DataDirect - Service Name)
- Oracle (DataDirect - SID)
- PostgreSQL
- SAP HANA
- Sybase
- Sybase IQ
- Teradata
Unsupported databases cannot be reconciled and are ignored with an error message.
Attention: Microsoft Excel format (XLS) is not supported. When
exporting CSV from Excel, verify that the CSV file is created with complete rows and is not missing
delimiters for empty fields.
About this task
Reconciling database inventory (asset reconciliation) compares databases that are known to
Guardium with an external, user-provided list of databases. Asset reconciliation accepts CSV or CMDB
inputs and categorizes databases as existing only in Guardium, only in the external list, or as
existing in both Guardium and the external list. For databases that are known to Guardium, the
reconciliation process shows information about where the database is used, for example, in a
datasource definition or with compliance monitoring. Asset reconciliation also supports an allowlist
of databases that are not known to Guardium that can be ignored in the future.
Procedure
-
Browse to .
- Select the Databases tab and click Reconcile
assets to open the Reconcile database inventory
dialog.
- Select the list of databases to compare with databases that are known to Guardium.
- To use a CSV file, select Compare to CSV file.
- Click Browse and select a CSV file that contains the list of
databases to compare.
- Click Load to begin working with the CSV file.
- Use the drop-down menus to map columns from the CSV file to specific database
information.
For example, to map host information, use the
Host
name/IP menu to select the column name that contains the hostnames or IP address of your
databases.
Note:
- Database type is a required field and must match one of the supported
databases. For example, the strings Db2 LUW or Db2 v11
do not match the expected value, Db2.
- Columns containing Instance name, Server name, and
Service name information are automatically assigned based on the associated
database type. For example, in a CSV file that contains Db2 instance names and Oracle service names
in a single column, mapping that column to either Instance name or
Service name fields assigns the value to the correct field for the database
type.
- Click OK.
- To use CMDB, select Compare to CMDB.
- Select an existing CMDB URL or click to add a new one.
To add a
new URL, define the Type (for example, Service Now),
URL from the CMDB provider, and account credentials.
- Select a Table to reconcile.
- Click Load to begin working with the CMDB
records.
- Use the drop-down menus to map fields from the CMDB records to specific database
information.
For example, to map host information, use the
Host
name/IP menu to select the column name that contains the hostnames or IP address of your
databases.
Note: Columns that contain Instance name,
Server name, and Service name information are
automatically assigned based on the associated database type. For example, in the CMDB table that contains Db2
instance names and Oracle service names in a single column, mapping that column to either
Instance name or Service name fields assigns the value
to the correct field for the database type.
- Click Run Now or
Schedule.
- Begin working with the Asset reconciliation results dialog.
- Databases not in Guardium
- This table shows databases that are listed in the input (either CSV or CMDB) that are not known
to Guardium.
- Select databases and click Add to allowlist to prevent them from
appearing in this table during future reconciliations. You are asked to provide a brief
justification for adding the databases to the allowlist.
- Select databases and click Add to Guardium inventory to add them to
Guardium's list of known databases. After the databases are added to the inventory, they are
available for use with compliance monitoring and other features.
- Databases only in Guardium
- This table shows databases that are known to Guardium but not listed in the input. In addition,
the table indicates whether Guardium has observed traffic on the databases and how the databases are
used in Guardium (for example in datasource definitions or compliance monitoring).
- Select databases and click to remove them from the Guardium list of known databases.
- Matched databases
- This table shows databases that are listed in the input and that are also known to Guardium. In
addition, the table indicates whether Guardium has observed traffic on the databases and how the
databases are used in Guardium (for example, in datasource definitions or compliance
monitoring).
- Rows rejected
- This table lists rows from the input that identify an unsupported database type or do not
contain enough information to uniquely identify a database. Each entry contains a brief description
of the problem with the input.
- Allowlist databases
- This table lists databases in the input that can be ignored during the reconciliation
process.