Datasources
Datasources store information about your database or repository
such as the type of database, the location of the repository, or credentials
that might be associated with it. You must define a datasource in order to
use it with Guardium® applications.
Creating a datasource definition
A datasource is a database connection that is created and configured for use with Guardium applications such as Vulnerability Assessment and classifier. A datasource can be created by using the Datasource Definitions tool or by creating and uploading a CSV file by using the Customer Uploads tool in the Guardium user interface. You can also create a datasource by using Guardium APIs.
Creating a datasource group
A datasource group is a collection of datasources that you can act on as a single unit. You can specify a datasource group in most Guardium applications where you can specify a single datasource, such as security assessments, classification, and discovery scenarios. Create datasource groups from the Datasource Definitions page in the Guardium UI.
Configuring your datasource
The configuration varies depending on the type of database you are using.
Configuring custom properties for your datasources
Enrich your datasources by defining and assigning custom properties.
Working with existing datasources
After you create a datasource definition, you can clone, modify, or delete the datasource.
Reporting on datasources
Guardium provides reports on the datasources that are in your environment and any changes made to them.
Defining a datasource using a service name
You can define a datasource that enables your users to connect to an Oracle database by using the service name by using a custom URL.
Managing KDC definitions
If your datasource requires authentication using Kerberos, you can specify the information needed for Guardium to obtain a Kerberos ticket before making the connection.
Managing datasource credentials with CyberArk
Guardium supports the CyberArk Application Password Provider, a robust solution to the numerous maintenance and security challenges that arise in managing passwords. Use CyberArk to securely store, provision, audit, and manage your Guardium datasource credentials.
Managing datasource credentials with AWS Secrets Manager
Integrate your Guardium system with the Amazon Web Services (AWS) Secrets Manager to securely store, manage, rotate, and retrieve credentials for your datasources that use the Amazon Relational Database Service (RDS).
Managing datasource credentials with HashiCorp
Integrate your Guardium system with HashiCorp to securely store, manage, rotate, and retrieve credentials for all supported datasources.You can configure your Guardium system to authenticate to the HashiCorp vault by using a username and password with no Transport Layer Security (TLS), server-side authentication with TLS, or client-side authentication with TLS. If you use client-side authentication with TLS, you must create and import a client signed certificate on all your systems such as the central manager and managed units, if any.