What's new in this release

Edit online

New features, functions, and enhancements.

IBM Guardium 12.2.2

A-TAP for Redis
A new application-level tap supports monitoring of encrypted traffic on Redis databases. The Guardium® A-TAP mechanism monitors communication between internal components of the database server. The data is unencrypted in the application layer, where A-TAP picks it up and sends to a Kernel TAP (K-TAP), which is a proxy to pass data to Software TAP (S-TAP®). From there, it is sent to the Guardium collector.
Automatic cloud file system expansion
Support added for a robust, persistent, and fully automated cloud filesystem expansion mechanism that continuously monitors disk size changes and expands storage when necessary, enabling flexible, scalable, and reliable cloud deployments with zero manual intervention.
Edge Gateway 2.1 enhancements
  • External image registry support: Edge Gateway 2.1 now supports deployment using self-managed external image registries. This enhancement enables air-gapped deployments and simplifies installation in restricted environments such as AWS Elastic Kubernetes Service (EKS) clusters without public internet access.
  • API to download Edge Gateway images: A new Guardium REST API allows administrators to download all Edge Gateway images as a single tar archive. This enables you to scan images for security and load them into private image registries before deployment.
  • Enhanced installation process: The Edge Gateway installation workflow has been enhanced to support external registries and improved image handling. Deployment bundles automatically reflect the configured registry settings, reducing manual steps.
  • Terraform®-based deployment: Edge Gateway 2.1 introduces Terraform modules for automated deployment across AWS EKS, Red Hat® OpenShift®, and K3s. Terraform supports full end-to-end provisioning, including cluster creation, storage configuration, metrics server installation, and Edge Gateway deployment.
  • Cloud data streaming: Edge Gateway can now process database streaming traffic from AWS and Microsoft™ Azure cloud services. Administrators can assign Edge Gateway nodes as stream processors, with automatic load balancing when multiple Edge Gateway instances are selected.
  • Windows™ and External S-TAP support: In addition to Linux®-UNIX® S-TAP, Edge Gateway 2.1 adds support for Windows S-TAP and External S-TAP traffic sources. Required ports and hostnames are displayed directly in the Central Manager UI for simplified configuration.
  • Improved Edge Gateway upgrade workflow: Upgrading from Edge Gateway 2.0 to 2.1 introduces a new upgrade script to accommodate changes in image handling. After this release, future Edge Gateway upgrades will follow a simplified process without additional manual steps.
Executive dashboard

Several usability and insight-driven improvements were added to the executive dashboard. These updates make the dashboard more actionable, financially relevant, and easier to interpret, aligning technical data with executive decision‑making needs.

  • Flexible date filters: Added predefined time ranges (Today, Last 3 days, 7 days, and 14 days) in addition to custom date selection, making trend analysis faster and more intuitive.
  • Cost savings in USD: Potential savings can now be viewed either in hours or in U.S. dollars. This provides executives with clearer, business-oriented value metrics.
  • Transparent ROI calculations: The dashboard now displays the explicit formulas and assumptions used to calculate savings. (For example, full-time employee, hours per analysis, and cost rates.) You can edit input values to perform a quick "what-if" analysis and immediately see the impact on savings.
  • Improved trend visualization: Aggregate totals (such as total assets or appliances) are now shown as trend indicators instead of additional bars, improving graph readability.
  • Clearer asset and health insights: Enhanced visuals differentiate total versus connected appliances and S-TAPs, helping you to quickly identify non-responsive or unhealthy components. Tabular views explain discrepancies directly, reducing confusion.
Long-term retention and reporting
Streaming to Edge Gateway from S-TAP
Modernize how Guardium agents deliver data to Guardium Data Protection. This feature enables agents to connect to Edge Gateway—a scalable, Kubernetes-based service architecture—replacing the traditional rigid connection model to individual connectors. You can stream to Edge Gateway from Windows S-TAP and from Linux S-TAP .
Threat Detection
Guardium now provides an SQL injection detection mechanism that extends the collector's scanning capabilities to analyze SQL executed inside stored procedures and dynamically executed SQL statements (EXEC, EXECUTE, EXECUTE IMMEDIATE). See Added coverage for threat detection for more information.
The new Advanced Data Security Policy improves existing policy-based Advanced Threat Analytics detections.
Advanced threats are now detected. See Threat descriptions for more information.
The active threat analytics and case user interfaces are now modernized. These user interfaces are redesigned to be more intuitive. Navigation time is reduced and data accessibility is enhanced. This enables faster and more accurate investigations.
You can now reopen closed cases. See Investigating cases and Reopening cases in bulk for more information.
Universal connector
  • New preinstalled plug-ins are available for universal connector workflows in central manager. For more information, see Configuring universal connectors by using a central manager.
  • New APIs are available to streamline credential management and support automated deployment workflows. You can now create, delete, retrieve, and update credentials for data source connections by using APIs. For more information, see Creating credentials.
UI Modernization: support information gathering, access manager, and portal pages
Key experiences are updated with responsive UIs that improve efficiency and clarity. To support phased adoption, Guardium APIs are available to reenable the legacy UI pages independently for each of these pages.
  • Support Information Gathering page now provides a single, unified page to configure, run, and review diagnostic collections, with tabbed views for system logs, S-TAP diagnostics, and looper logs, along with improved filtering, sorting, and inline status confirmations. To reenable the legacy UI, use the GuardAPI command grdapi MODIFY_GUARD_PARAM paramName=LEGACY_SUPPORT_INFORMATION_GATHER_ENABLED paramValue=1
  • The Access Manager page has been redesigned with a tab-based layout for users, roles, and applications, offering advanced user filtering, streamlined role and permission management, inline validation, and support for custom role-based navigation. To reenable the legacy UI, use the GuardAPI command grdapi MODIFY_GUARD_PARAM paramName=LEGACY_PORTAL_ENABLED paramValue=1
  • The Portal page has been redesigned with a left‑hand navigation tree, separating portal configuration, authentication methods, and multi‑factor authentication for easier discovery and management. To reenable the legacy UI, use the GuardAPI command grdapi MODIFY_GUARD_PARAM paramName=LEGACY_ACCESSMGR_ENABLED paramValue=1
Vulnerability Assessment
  • Support for new data sources: MongoDB Atlas 8.0.16 and MarkLogic 11.3.3, 12.0.0.
  • Data source currency updates: EDB PostgreSQL 17.5, IBM® Db2® (LUW) 12.1, and Oracle MySQL 8.4.
  • Microsoft Entra ID authentication support for Azure SQL Database.
  • Modifiable severity and threshold values for Assessment Tests reports.
  • Support for running Guardium Vulnerability Assessment (VA) Scanner on AWS EKS: The Guardium VA Scanner Helm Chart provides a production‑ready, Kubernetes‑native way to deploy and manage the VA Scanner. It enables secure, scalable, and automated vulnerability assessments by connecting scanner pods running on Kubernetes or EKS to a central Guardium Data Protection server, with support for Helm‑based installation, auto‑scaling, secure authentication, and continuous assessment execution across supported databases.

IBM Guardium 12.2.1

Active Threat Analytics case management
Improved case management in Active Threat Analytics, offering enhanced severity and category insights, and streamlined case closure processes.
Aggregator performance improvements
The Guardium aggregator now offers a Parallel Query option to speed up report generation and reduce latency during concurrent workloads. It uses partition-aware routing and temporary staging tables to minimize data scans and optimize memory at runtime. The Parallel Query option is available only for newly created or cloned reports in the Access, Exception, and Policy Violation domains. For more information, see Modifying the runtime parameters.
Archive and backup/restore support for S3 compatible storage protocols
In Guardium 12.0, Amazon Elastic Container Service (ECS) support was added for archive and backup/restore. As of Guardium 12.2.1, this has been replaced by S3 compatible, which supports systems that implement the Amazon S3 (Simple Storage Service) API.
Certificates for Guardium Cryptography Manager (GCM)
A new GuardAPI (get_certificates) has been added that allows you to retrieve a list of certificates for your Guardium systems. You can also use the API to retrieve the certificates for all managed units, all units plus the central manager, individual units, or for the local host.
Change tracker certificate management
Two new CLI commands are added to enhance the change tracker certificate management functionality. For more information, see Certificate CLI Commands.
  • show certificate stored: Displays certificate stores that are managed by Guardium as shown in the CERTIFICATE_STORAGE_OBJECT_INFO table.
  • show certificate exceptions: Displays certificates that are exempted from expiry by change-tracker as shown in the CERTIFICATE_MONITORING_EXCEPTION table.
CLI user management

The GuardAPI change_cli_password command is enhanced to support password updates for all CLI users, including the admin cli account and guardcli (guardcli1,...,guardcli9) accounts. You must have accessmgr privileges to access this command. For more information, see change_cli_password.

Configuring proxy settings with certificates

To configure proxy settings with a certificate, use the store certificate keystore trusted console command to import the proxy CA certificate into the GDP keystore across all managed units. The certificate alias can be any arbitrary value. The alias name does not affect functionality. For more information, see store certificate.

DHCP support for virtual machines
You can now enable DHCP on virtual machines by using the store network dhcp <on|off> CLI command for automated IP address assignment, simplified network management, and enhanced flexibility in VM configuration or redeployment. For more information, see Configuring a virtual appliance with DHCP.
DPDPA compliance template
A new policy template is available for monitoring compliance with the Digital Personal Data Protection Act (DPDPA). The template includes predefined monitoring rules and data groupings that reduce deployment time and ensure coverage of DPDPA requirements. For more information, see Smart assistant for compliance monitoring.
Edge Gateway
Modernize your data collection with a new Kubernetes-based monitoring pipeline. The Edge Gateway is built for high performance and scalability, making it easy to monitor both on-premises and cloud environments while reducing appliance management. With seamless integration into existing Guardium aggregators, Guardium Data Security Center SaaS, and the new long-term retention feature, the Edge Gateway offers a modern alternative to Guardium collectors. For more information, see Modernizing data collection with the Edge Gateway.
Long term retention and reporting
Store multiple years of audit data with our new user-managed option for long term retention and reporting. Meet compliance requirements and control costs by using your own S3-compatible object storage. Easily manage and monitor storage with data lake and datamart extraction reports.

Note that Edge Gateway ingestion into long term retention is supported.

SOX ticket reconciliation
Maintain SOX compliance with greater efficiency and accuracy by using AI-powered automation to compare user activity logs with change tickets from systems like ServiceNow. Save thousands of annual compliance hours by reducing the need for manual, repetitive, and error-prone daily checks. For more information, see Configuring generative AI.
Storage support for backup and restore
Support added for backup and restore from S3-compatible storage. The previously supported ECS protocol now supports S3, and it has been renamed to S3 Compatible in Guardium user interfaces.
S-TAPs
For more information about new features and enhancements to the S-TAP, GIM, and CAS agents, see their corresponding release notes:
Universal connector
Universal connector (UC) fixes are now delivered in cumulative patches separate from Guardium Data Protection appliance bundle patches. When you install Guardium 12.2.1 (GPU 12.0p210), your UC will upgrade to what is included in the GPU only if the UC on the system where you are installing GPU 12.0p210 is older than the UC that is included in GPU 12.0p210.
  • Preinstalled UC plug-ins for AlloyDB, Milvus, Singlestore, and Sybase.
  • Additional UC plug-ins for configuration through the central manager workflow for AlloyDB, Dynamo over S3SQS, Dynamo over SQS, Microsoft SQL Server on prem over JDBC, Milvus, Oracle over pipe, SingleStore, and Snowflake over JDBC.
  • CloudWatch-based Kafka connectors for Aurora PostgreSQL over Cloudwatch Logs and AWS PostgreSQL over Cloudwatch Logs.
  • Java Database Connectivity (JDBC)-based Kafka connectors for Microsoft SQL Server on AWS, Microsoft SQL Server on Azure, SAP HANA, Sybase, and Teradata.
  • AWS CloudWatch Kafka source connector.

Additional enhancements include API for bulk CSV upload, SSL connection with sniffer, mini_snif load balancing, and error handling for Logstash-based universal connectors to handle critical log errors.

Vulnerability management hub
A new vulnerability management UI provides an alternative, vulnerability-centric focus and a more interactive experience for users. It takes the information contained in the View Results report and turns it into a unified, fluid experience, with progressive disclosure. For more information, see Using the modernized vulnerability management UI.
Unified Discovery and Classification v1.1
Unified Discovery and Classification v1.1 has been released. View its release notes here.
New supported platforms and databases

Operating systems

  • Red Hat 10 x86_64

Activity Monitoring (DAM)

  • MarkLogic v11.2.0 and v11.3.2
  • HyperSQL v2.7.4

Linux-UNIX S-TAP

  • MongoDB v8.2
  • EDB Postgres v17.5
  • Postgres v18.0
  • Yugabyte v2025.1.0.1
  • MariaDB v12.0.2
  • Redis 7.22

Windows S-TAP

  • PostgreSQL 18
  • EDB Postgres 17.6
  • MariaDB 12.0
  • Mongo 8.2

Vulnerability Assessment

  • Teradata 20
  • Azure PostgreSQL Flexible Server / PaaS (All Versions - Azure Services)
  • Azure MySQL Flexible Server / PaaS (All Versions - Azure Services)

Most supported platforms information is available in the Guardium Supported Datasources matrix. For all other supported platforms and system requirements information, including Vulnerability Assessment, platforms that are supported by External S-TAP, information about IBM i, and hardware or virtual machine requirements, see System Requirements for Guardium 12.2.1

IBM Guardium 12.2

A modernized UI for select screens
Select UI screens have now been modernized with a refreshed, contemporary look that enhances usability while maintaining the underlying functionality. Updates include tabbed pages for more intuitive navigation, expandable rows and side panels that reveal contextual details, and stepped flows with wizard-based forms that simplify complex tasks. As part of this effort, the following pages have been converted from Struts to the modern UI framework: Welcome Page, Central Management, Global Profile, Anomaly Detection, System Configuration, Distribute Report Builder, and Definitions Import/Export.
Active Threat Analytics
  • Improved case management for high volumes of cases by closing multiple active threat analytics cases simultaneously, and automatically closing matching cases from an exclusion list. For more information, see Closing cases in bulk and Excluding items from Active Threat Analytics.
  • Improved case explainability with a detailed view on the observations that are related to Outlier detections in a case.
  • Identify and assess risky users from the Active Threat Analytics dashboard with the integration of Risk Spotter. For more information, see Investigating cases.
  • Centralize your case investigation and management by adding threat categories based on a policy rule or a threshold alert directly from the Active Threat Analytics dashboard. For more information, see Creating threat categories from policy rules and Creating threat categories from threshold alerts.
  • Retrieve detailed information for Active Threat Analytics cases by using the get_ata_case_info API. For more information, see get_ata_case_info.
  • Enhanced monitoring and investigation capabilities by adding the following predefined reports:
    • Use the Admin user accessing production in the first time report to identify admin users who access a production database for the first time within a specified period. For more information, see Predefined admin reports.
    • Use the Users accessing from multiple client IPs report to identify users that login to the database by using multiple client IPs within a specified time frame. For more information, see Predefined user reports.
Baseline configuration
Establish a standardized set of parameters that serves as a reference point for monitoring your Guardium units. Automate baseline comparisons by scheduling regular evaluations against selected Guardium units, allowing for timely identification and resolution of any deviations. For more information, see Configuring a baseline.
Certificate management
When managing the expiring certificates, you can retrieve the CSRs (certificate signing requests) for all managed units from the central manager instead of logging individually into each managed unit. The CSRs are sent in an email, enabling bulk retrieval.
Compliance monitoring
The smart assistant for compliance monitoring now allows you to set up vulnerability assessments for your data sources.
The smart assistant now allows you to add alerts for generated regulation policies when you specify the compliance type.
These compliance regulations have been added:
  • North American Electric Reliability Corporation (NERC)
  • National Institute of Standards and Technology (NIST)
  • The Digital Operational Resilience Act (DORA)
  • New York Department of Financial Services (NYDFS)
Viewing CVE information reports
  • View all Common Vulnerabilities and Exposures (CVEs) fixed in Guardium release 12.0 and later directly on the Guardium CVE Information page.
  • Filter CVEs relevant to your patch version by importing CSV files from Nessus or Qualys vulnerability scanner agents to your Guardium system. View the filtered CVE list on the Filtered CVE Information page.

    For more information, see Viewing Common Vulnerabilities and Exposures information reports.

CyberArk integration for backup and archive
Address audit concerns related to credential management when you access the S3 bucket for archive or backup actions. CyberArk allows you to use a temporary credential for every instance and helps you preserve the master secret from being compromised.
Data compliance
The new data compliance feature allows you to develop a custom data compliance program. You can create your own controls (procedures that measure whether your organization's data complies with relevant regulations, standards, and policies) and thresholds (allowing you to view the performance of your compliance controls in a measurable way). The feature offers a Data compliance hub, which provides a central view of your compliance posture.
Enterprise hub
The cross-CM health view feature is renamed to enterprise hub. In Guardium 12.0 and 12.1, the original name remains visible; Guardium versions 12.2 and up display the new name. The enterprise hub is a Guardium unit type that provides aggregated health views for an entire Guardium deployment. These views include health information for all available central managers, aggregators, collectors, and S-TAPs in your environment. After you build an enterprise hub, you can centrally manage patches, certificates, and distribute configuration profiles for all the central managers that are associated with that unit. For more information, see Create an enterprise hub.
Enterprise load balancer configuration
Set up group associations for universal connector profiles by using the enterprise load balancer configuration for universal connector unit type. For more information, see Enterprise load balancing.
Executive dashboard
The executive dashboard consolidates critical security metrics into an accessible format, enabling decision-makers to make informed decisions that safeguard the organization's data assets. Use the dashboard for answers to questions about compliance, asset protection, potential data loss, and the strategic value of IBM Guardium. For more information, see Using the executive dashboard. Guardium is planning to implement exciting improvements to the dashboard in subsequent releases. This plan encompasses a suite of engaging enhancements—including, but not limited to, customizable features and a variety of cutting-edge charts—ensuring a more dynamic and tailored user experience.
Unified Discovery and Classification
Unified Discovery and Classification provides discovery and classification capabilities that allow you to find and protect your cloud environment data, SaaS application data, and on-premises application data. Unified Discovery and Classification is an independent component of Guardium Data Protection that is included with your Guardium Data Protection license. To learn more about Unified Discovery and Classification, see the product overview and accompanying topics.

Unified Discovery and Classification can be used with Guardium Data Protection 12.0 and later.

Internal load balancer
The Internal Load Balancer (ILB) now includes an improved mechanism for preventing data loss on both the S-TAP and managed units' sides by distributing sessions intelligently and ensuring efficient use of managed units. It predicts managed unit load in real time, simplifies configuration, and enhances responsiveness under high load.
Mail encryption
Guardium can now send mail messages using S/MIME. The messages will have digital signatures to verify origin and integrity, and they will be encrypted using FIPS 140-3 compliant algorithms.
Policies
The Suspicious administrative activity (start time range) rule has been added to the Administrative users and applications policy template. This rule finds and reports suspicious activity related to users with administrative privileges after a specified start time.
Red Hat OpenShiftVirtualization
Added support to deploy the Guardium Data Protection virtual appliance on Red Hat OpenShift Virtualization. For more information, see Red Hat OpenShift Virtualization.
S-TAP parameters
  • Collaborate Kerberos sessions with Unix S-TAP by using collaborate_kerberos_enabled parameter so that session-level policies based on DB_user can be triggered on time.
  • Effectively manage and balance Oracle Advance Security Option (ASO) A-TAP traffic across multiple collectors by using aso_enabled parameter to help ensure accurate data correlation and maintain optimal system performance.
  • The Windows S-TAP firewall parameter VERDICT_RESUME_DELAY enables S-TAP to allow database sessions to make progress when all collectors down.
Patch management
The patch management feature is now available on both the central manager and enterprise hub (previously known as cross-CM health view). For more information, see Managing patches on a central manager or enterprise hub.
Updated Db2 for z/OS® JDBC driver
The Db2 for z/OS JDBC driver is updated to version 4.33.x. You might need to update your Db2 JDBC license. If so, test your connection in a staging environment and contact the Db2 Support team if licensing issues arise.
User management
You can now create users that only have access to the Guardium API. Users created with this setting cannot access the Guardium user interface.
Vulnerability Assessment (VA) scanner
The VA scanner enhances the existing VA security assessment feature with an independent, containerized application that runs outside the Guardium collector. You can now improve scalability and resource utilization by running vulnerability assessments outside of the Guardium Data Protection system. For more information, see Simplifying vulnerability assessments through containerization.

IBM Guardium 12.1

Audit process
Support is added to customize the audit process emails. For more information, see Custom email template in Building audit processes.
Certificate management
  • The login page now shows the certificate expiration details and provides a link to manage the certificates.
  • Manage, update, and distribute all your expiring certificates from a central manager to the central manager and its managed units. For more information, see Managing expiring certificates.
  • View all the certificates that expire on the system within a specified threshold. For more information, see show_expiring_certificates.
  • Backup and restore process is enhanced for default and custom certificates. For more information, see Restoring default and custom certificates.
Classifier
Support is added for new custom property, maximum length for large-text data types with PostgreSQL and Sybase.
CLI commands
Support is added for automating the following CLI commands:
  • Restart and Start commands: restart datastreams, restart GUI, restart insights_Kafka, restart network, restart processmgr, restart rds_monitoring, restart sniffer_buffer_usage, restart stopped_services, restart system, restart ticket-service, restart alerter, restart guardium_insights, restart icap, restart inspection-core, and start insights_Kafka.
  • Store commands: store disk_space_reserved reset, store dump_data_for_forensics, store mysql_utf8mb4, store quartz_thread_num, store remove_informix_driver_property_IFX_USE_STRENC, store system ipmode, store set_informix_driver_property, store system public key reset, and store system sshd-max-connection.
  • Support commands: support store rdsdiag clean, and support dump_gdm_exception_error.
For more information, see CLI Commands.
Cross-central manager (CM) health view system
Database instance discovery
Run database instance discovery from the central manager on all active S-TAP units for managed unit groups or individual managed units by using the GUI. For more information, see Monitoring managed units.
Database discovered instances rules
  • A new Manage Collectors view was added to the central manager user interface to quickly and easily find the collectors that are participating in the database discovered instances rules processing. From this dialog, the IE_CREATION parameter for each collector can be viewed and updated.
  • The new Discovered instances rules parameters report on the collector shows the timestamp of when the IE_CREATION parameter was last changed and its current setting.
  • Predefined GRDAPI mapping of modify_guard_param provides convenience. The IE_creation parameter can also be viewed or updated from the command line.
For more information, see database discovered instances rules.
Deployment health topology
Support is added for monitored processes report that provides combined information about the Investigation dashboard and Threshold alerter. For more information, see Deployment health topology and table views.
GIM certificates
Support is added to replace the default SHA2 GIM certificate with SHA1 or SHA256 without interrupting the GIM server to GIM client communication. For more information, see Replacing default GIM certificate with SHA1 or SHA256 certificate.
Integration
Ranger HDFS for Hortonworks and Cloudera 7 supports integration with Atlas service.
Policies
  • Support is added to quarantine the users with multiple failed login attempts for the security incident policies. For more information, see Quarantine users with multiple failed logins.
  • Support is added for the following actions in the Session-level policies.
    • Log Full details with replaced values
    • Log Extrusion Counter
    • Log Masked Extrusion Counter
    • Log Only
    • Log Masked Details
    • Audit Only
    • Ignore responses per session
    For more information, see Actions.
  • Support is added to detect the Canadian Social Insurance Number (SIN) pattern. For more information, see Special pattern tests.
Proxy connection
Guardium supports a web proxy to connect to a remote source that requires a proxy server to connect. Use the proxy grdapi to create the proxy connections. For more information, see proxy.
Reports
Support is added for Audit Process Task Details, Available VA Tests - CIS, and Available VA Tests - STIG predefined admin reports.
S-TAP
Universal connector
Support is added to centrally manage the Guardium managed units on which the universal connectors are installed. For more information see, Configuring universal connectors by using a central manager.
Vulnerability Assessment
  • Ability to exclude or specify Microsoft SQL to be scanned.
  • Addition of Security Technical Implementation Guide (STIG) Oracle Database 19c benchmark.
  • Available tests report filters by CIS, CVE, APAR, CAS-based, JDBC-based, and user-defined-JDBC-based.
  • Addition of test severity level to the SCAP XML Export.
  • CIS Microsoft SQL Server 2022 1.0 benchmark support.
  • Entitlement reports for CockroachDB.
  • Support is added for DynamoDB.
  • Performance enhancement between central manager and managed units.
  • Purge of older Guardium Database Protection Service (DPS) history for older, major release versions.
  • Scanning for Amazon Aurora PostgreSQL.
  • Support for namespaces with HashiCorp Vault integration.
  • Support of multi-tenancy for Oracle 19c pluggable databases (PDB).
  • For a complete list of tests and groups that are added or updated in version 12.1, see Vulnerability Assessment tests and groups in Guardium 12.x. Tests and groups that are added after the release of Guardium version 12.1 are available in the upcoming quarterly DPS updates.
Other enhancements
  • View and manage the security settings components: sshd, ciphers, services. For more information, see secure_settings.
  • Archive and export data on target hosts for specified time intervals. For more information, see aggregation.
  • Configure a proxy to connect GDP and GI. For more information, see insights_registration.
  • Use an API key to run REST API authentication, which never expires, to get an access token to make REST API calls to Guardium. For more information, see create_api_key, list_api_key, and revoke_api_key.

IBM Guardium 12.0

Access management
Guardium 12.0 adds "password last changed" and "password expired" dates to the access management page and to the list_users API output to better support proactive password management.
Active threat analytics
You can now optimize resources and reduce false positives by excluding certain sources such as test data and activities that are performed by automated processes.
Audit process
  • The audit process to-do list adds the ability to quickly change the classification result sets being compared directly from the results-comparison view itself. For more information, see Comparing discovery and classification results.
  • You can now modify the receivers list for active audit processes, including deleting and rearranging existing users. Changes are tracked in the "User activity audit trail" report. For more information, see Audit process receivers.
Certificate management
  • Support is added for automatic retrieval of existing certificates from Venafi using the Guardium CLI.
  • The number of SAN (subject alternative name) slots have increased from nine to 99.
  • The date format in the warning message under the notification icon for expiring certificates has changed from d-m-yyyy to yyyy-mm-dd.
Classifier
  • Support is added for fire with marker option for catalog search rules.
  • Support is added for new custom properties, including maximum length for large-text data types with Microsoft SQL Server and new data-cardinality methods for Oracle.

    For more information, see MS SQL Server (DataDirect), and Oracle (Data Direct - Service Name).

Central management
  • You can now view patch installation status of managed units from central managers.
  • The cross-central-manager health view (cross-CM health view) is a new Guardium unit type that provides aggregated health views for an entire Guardium deployment. These views include health information for all available central managers, aggregators, collectors, and S-TAPs in your environment. For more information, see Viewing deployment health data from multiple central managers.
Database discovered instances rules
  • Ability to specify existing Guardium groups for filter and exclude rules.
  • Ability to delete discovered instances and existing inspection engines that match specified criteria and standard operators.
For more information, see database discovered instances rules.
Data sources
Support is added for creating new groups with username and hostname or IP address criteria.
Entitlement reporting
Support added for EDB PostgreSQL.
External ticketing
Event Management is now integrated with the ServiceNow. For more information, see Configuring an external ticketing system.
GIM
Guardium now uses SHA256 GIM client certificates. For more information, see GIM clients with SHA256 certificates.
Investigation dashboard
Support added for monitoring and automatic recovery to identify and recover issues in the investigation dashboard. For more information, see Monitoring and automatic recovery for the investigation dashboard.
Network Time Protocol (NTP)
Network Time Protocol (NTP) now uses the chrony time server daemon. The ntp CLI commands are deprecated and replaced by time_server commands. For more information, see the store system time_server CLI command.
Runtime sensitive-object identifier
The Runtime Sensitive Object Identifier is redesigned. You can now manage runtime sensitive object identification by using the new Runtime Sensitive Object Identifier session level policy and report. For more information, see Runtime sensitive-object identifier.
Policies
Session-level policy adds support for SQL criteria, extrusion rules through criteria server data, and the ability to use regex in groups and custom tuples.
S-TAP
  • Define S-TAP clusters for environments with multiple S-taps that are assigned to clusters of database servers. S-TAP clusters allow Guardium to detect traffic at the cluster level, meaning that if one S-TAP in the cluster is active, all S-TAPs that are assigned to the cluster are also marked as active. S-TAP clusters also support automatic removal of inactive S-TAP connections for active-passive cluster configurations. For more information, see Create and manage S-TAP clusters.
  • Unix S-TAP and External S-TAP support OpenSSL v3.1 and FIPS140-3.
  • External S-TAP supports MongoDB Atlas with MongoDB Compass.
TLS 1.3 support
Guardium now supports TLS 1.2 and 1.3, and support for earlier TLS versions is deprecated. For more information about moving to TLS 1.3, see Managing the TLS version.
Universal connector
  • The universal connector now offers a troubleshooting tool. For more information, see universal connectors.
  • Universal connector plug-ins are now preinstalled. When newer versions of the plug-ins become available, you can choose to upload them manually or wait for the next Guardium patch release to get them automatically updated.
Vulnerability Assessment
  • Ability to display both alias and nonalias values in a report.
  • Ability to find an existing vulnerability assessment by using the Security Assessment Finder screen.
  • Ability to upload MS SQL opensource driver through custom uploads.
  • Ability to export vulnerability assessment results through external feed.
  • Support added for Oracle MySQL enterprise edition 8.0 CIS benchmark version 1.2.0, MongoDB 4.0, and MongoDB 5.0 CIS benchmark version 1.0.0, latest CIS benchmark for Db2, CIS benchmark for PostgreSQL version 15.
  • Support added for Oracle MySQL enterprise edition 8.0 STIG benchmark, ver 1 rel 1, Oracle 19c benchmark.
  • SSL encryption support is added for Oracle 11.x, 12.x, and 19.
  • Support added for Apache Cassandra, Percona MySQL data sources.
  • Support added for Apache Cassandra, PostgreSQL, and PostgreSQL EDB entitlement reports.
For a complete list of tests and groups that are added or updated in version 12.0, see https://www.ibm.com/support/pages/node/7031317. Tests and groups that are added after the release of Guardium version 12.0 are available in upcoming quarterly Guardium Database Protection Service (DPS) updates.
Other enhancements
  • RHEL is upgraded from RHEL 7 to RHEL 9
  • The output of all CLI commands (including Guardium API commands) that modify a component of the user’s system now includes the timestamp after the command finishes running.
  • Ability to mark updates as “read” from the notification icon in the UI.