Creating a datasource definition

A datasource is a database connection that is created and configured for use with Guardium® applications such as Vulnerability Assessment and classifier. A datasource can be created by using the Datasource Definitions tool or by creating and uploading a CSV file by using the Customer Uploads tool in the Guardium user interface. You can also create a datasource by using Guardium APIs.

Before you begin

Ensure that the Guardium user has the privileges that are necessary to access the database. To assign database access privileges to a user, the database administrator must download and run a set of scripts on the database server. For more information, see Database privileges for vulnerability assessments and classification.

You can also create a datasource group for any applications that use datasources. A datasource group can be static (based on available datasources), or dynamic (based on criteria).

About this task

Use the following procedure to define a datasource by using the Datasource Definitions tool.

Procedure

  1. Open the Datasource Definitions tool by clicking Setup > Tools and Views > Datasource Definitions.
  2. Click the Datasources tab.
  3. Click new to open the Create datasource window. The inputs vary depending on your choice of application, database type, and datasource.
  4. Select an Application type.
  5. Enter a unique name for the datasource.
  6. From the Database type menu, select the database or type of file.
  7. Select Share datasource to share the datasource definition across all Guardium applications. If the datasource is not shared, you can use the definition only with the selected application type.
  8. The authentication protocol depends on your choice of Database type.
    • Select Use SSL and Import server SSL certificate. The Add certificate option is available to datasources that support mutual SSL authentication. The certificate for mutual SSL authentication is added after the datasource configuration is saved.
    • To use LDAP authentication, select LDAP and proceed with assigning datasource credentials.
    • For Kerberos, pick a predefined Kerberos configuration from the Kerberos config menu and enter the Realm and KDC server.
      Tip: To check whether a Kerberos configuration exists on the Guardium GUI, go to Setup > Tools and Views > Kerberos Configuration. To create a new Kerberos configuration that defines your KDC and Realm, click Add.

      The login credentials must be a valid Kerberos user ID and password that is also used for certificate authority (CA). Test your Kerberos credentials to ensure that it can be used to log in to the Hive beeline command line.

  9. Select the appropriate Credential type.
    • Choose Assign credentials to manually enter the User name and password for the datasource.
    • Choose External password to obtain your password from an external credential management system. Select your credential management application from the External password type menu.
    • If credentials are not assigned, choose None.
  10. Configure the Host name/IP address, Port number, Database, Connection property, and Custom URL. If you use Configuration Auditing System (CAS), click the Advanced tab and configure the CAS database instance.
    Tip: The inputs vary depending on the type of database you are using. For more information, see Configuring your datasource.
  11. Optional: Click the Custom tab and select a property from a list of customized values to assign to the datasource. If the custom properties are not configured, you can temporarily save the datasource and assign the properties later. For more information, see Configuring custom properties for your datasources.
  12. Save the datasource and test the connection. If applicable, add the mutual SSL authentication certificate by using the Add certificate button.
    The certificate is a PEM file that contains both the private key and the certificate. You must include both the BEGIN and END lines for the private key and certificate. You can also install the certificate by using the CLI. For more information, see Installing an appliance certificate.
    Note: When you test the connection to an SSL datasource for the first time, you might encounter the following error:
    
     Could not connect to: 'jdbc:db2://hostname:port_number/db_name' for user: 'Your_datasource_name_DB2(Security Assessment)'. DataSourceConnectException: Could not connect to: 'Your_datasource_name_ 123.123.123.123:port_number' for user: 'db2inst1'. Exception: com.ibm.db2.jcc.am.DisconnectNonTransientConnectionException: [jcc][t4][2030][11211][4.15.134] A communication error occurred during operations on the connection's underlying socket, socket input stream.
    The error occurs when the GUI does not have the correct keystore file for the certificate that is loaded into memory. To fix the error, restart the GUI and test the connection again.

What to do next

You can use the options in the menu to test the connection for one or more datasources, add the datasources to a group, and update the credentials or custom properties, if necessary.