What's new in this release
New features, functions, and enhancements.
12.1 and later IBM Guardium V12.1
- Audit process
- Support is added to customize the audit process emails. For more information, see Custom email template in Building audit processes.
- Certificate management
-
- The login page now shows the certificate expiration details and provides a link to manage the certificates.
- Manage, update, and distribute all your expiring certificates from a central manager to the central manager and its managed units. For more information, see Managing expiring certificates.
- View all the certificates that expire on the system within a specified threshold. For more information, see show_expiring_certificates.
- Backup and restore process is enhanced for default and custom certificates. For more information, see Restoring default and custom certificates.
- Classifier
- Support is added for new custom property, maximum length for large-text data types with PostgreSQL and Sybase.
- CLI Commands
- Support is added for automating the following CLI Commands:
- Restart and Start commands:
restart datastreams
,restart GUI
,restart insights_Kafka
,restart network
,restart processmgr
,restart rds_monitoring
,restart sniffer_buffer_usage
,restart stopped_services
,restart system
,restart ticket-service
,restart alerter
,restart guardium_insights
,restart icap
,restart inspection-core
, andstart insights_Kafka
. - Store commands:
store disk_space_reserved reset
,store dump_data_for_forensics
,store mysql_utf8mb4
,store quartz_thread_num
,store remove_informix_driver_property_IFX_USE_STRENC
,store system ipmode
,store set_informix_driver_property
,store system public key reset
, andstore system sshd-max-connection
. - Support commands:
support store rdsdiag clean
, andsupport dump_gdm_exception_error
.
- Restart and Start commands:
- Cross-central manager(CM) health view system
-
- Manage patches for central managers and its managed units on cross-CM health view systems. For more information, see Managing patches on a cross-CM health view system.
- Register and unregister central managers to the cross-CM health view system from the Patch Management page or by using API. For more information, see Viewing cross-CM health view deployment health data.
- Database instance discovery
- Run database instance discovery from the central manager on all active S-TAP units for managed unit groups or individual managed units by using the GUI. For more information, see Monitoring managed units.
- Database discovered instances rules
-
- A new Manage Collectors view was added to the central manager user interface to quickly and easily find the collectors that are participating in the database discovered instances rules processing. From this dialog, the IE_CREATION parameter for each collector can be viewed and updated.
- The new Discovered instances rules parameters report on the collector shows the timestamp of when the IE_CREATION parameter was last changed and its current setting.
- Predefined GRDAPI mapping of modify_guard_param provides convenience. The IE_creation parameter can also be viewed or updated from the command line.
- Deployment health topology
- Support is added for monitored processes report that provides combined information about the Investigation dashboard and Threshold alerter. For more information, see Deployment health topology and table views.
- GIM certificates
- Support is added to replace the default SHA2 GIM certificate with SHA1 or SHA256 without interrupting the GIM server to GIM client communication. For more information, see Replacing default GIM certificate with SHA1 or SHA256 certificate.
- Integration
- Ranger HDFS for Hortonworks and Cloudera 7 supports integration with Atlas service.
- Policies
-
- Support is added to quarantine the users with multiple failed login attempts for the security incident policies. For more information, see Quarantine users with multiple failed logins.
- Support is added for the following actions in the Session-level policies.
- Log Full details with replaced values
- Log Extrusion Counter
- Log Masked Extrusion Counter
- Log Only
- Log Masked Details
- Audit Only
- Ignore responses per session
- Support is added to detect the Canadian Social Insurance Number (SIN) pattern. For more information, see Special pattern tests.
- Proxy connection
- Guardium supports a web proxy to connect to a remote source that requires a proxy server to connect. Use the proxy grdapi to create the proxy connections. For more information, see proxy.
- Reports
- Support is added for Audit Process Task Details, Available VA Tests - CIS, and Available VA Tests - STIG predefined admin reports.
- S-TAP
-
- Support is added to schedule S-TAP diagnostics from the S-TAP Diagnostic Scheduler user interface. For more information see, Scheduling S-TAP diagnostics.
- Support is added for S-TAP to deliver encrypted and unencrypted login packets that contain Kerberos username to the Collector. S-TAP matches the session with the Kerberos username by using the Security Support Provider Interface (SSPI) data as the key. The following parameters are added to support this feature: SSPI_NAME_LIMIT, SSPI_NAME_TTL, SSPI_SESSION_TTL, and SSPI_SESSION_MEMORY. For more information, see General parameters and Protocol 8 General parameters.
- The enhanced S-TAP load-balancing feature aims to eliminate data loss during the collector failover process. For more information, see S-TAP load-balancing models and configuration guidelines for Linux® and Unix, and S-TAP load balancing models and configuration guidelines for Windows.
- The Internal Load Balancer (ILB) helps avoid data loss caused due to collector overload. For more information, see S-TAP load-balancing models and configuration guidelines for Linux and UNIX, and S-TAP load balancing models and configuration guidelines for Windows.
- Support added to increase K-TAP throughput with dynamic ring buffers. For more information, see Increasing S-TAP and K-TAP throughput with dynamic ring buffers.
- Universal Connectors
- Support is added to centrally manage the Guardium Managed Units on which the Universal Connectors are installed. For more information see, Universal connector configuration.
- Vulnerability Assessment
-
- Ability to exclude or specify Microsoft SQL to be scanned.
- Addition of Security Technical Implementation Guide (STIG) Oracle Database 19c benchmark.
- Available tests report filters by CIS, CVE, APAR, CAS-based, JDBC-based, and user-defined-JDBC-based.
- Addition of test severity level to the SCAP XML Export.
- CIS Microsoft SQL Server 2022 1.0 benchmark support.
- Entitlement reports for CockroachDB.
- Support is added for DynamoDB.
- Performance enhancement between central manager and managed units.
- Purge of older DPS history for older, major release versions.
- Scanning for Amazon Aurora PostgreSQL.
- Support for namespaces with HashiCorp Vault integration.
- Support of multi-tenancy for Oracle 19c pluggable databases (PDB).
- For a complete list of tests and groups that are added or updated in version 12.1, see Vulnerability Assessment tests and groups in Guardium 12.x. Tests and groups that are added after the release of Guardium version 12.1 are available in the upcoming Quarterly DPS files.
- Other enhancements
-
- View and manage the security settings components: sshd, ciphers, services. For more information, see secure_settings.
- Archive and export data on target hosts for specified time intervals. For more information, see aggregation.
- Configure a proxy to connect GDP and GI. For more information, see insights_registration.
- Use an API key to run REST API authentication, which never expires, to get an access token to make REST API calls to Guardium. For more information, see create_api_key, list_api_key, and revoke_api_key.
12.0 and later IBM Guardium V12.0
- Access management
- Guardium 12.0 adds "password last changed" and "password expired" dates to the access management page and to the list_users API output to better support proactive password management.
- Active threat analytics
- You can now optimize resources and reduce false positives by excluding certain sources such as test data and activities that are performed by automated processes.
- Audit process
-
- The audit process to-do list adds the ability to quickly change the classification result sets being compared directly from the results-comparison view itself. For more information, see Comparing discovery and classification results.
- You can now modify the receivers list for active audit processes, including deleting and rearranging existing users. Changes are tracked in the "User activity audit trail" report. For more information, see Audit process receivers.
- Certificate management
-
- Support is added for automatic retrieval of existing certificates from Venafi using the Guardium CLI.
- The number of SAN (subject alternative name) slots have increased from nine to 99.
- The date format in the warning message under the notification icon for expiring certificates has
changed from
d-m-yyyy
toyyyy-mm-dd
.
- Classifier
-
- Support is added for fire with marker option for catalog search rules.
- Support is added for new custom properties, including maximum length for large-text data types
with Microsoft SQL Server and new data-cardinality
methods for Oracle.
For more information, see MS SQL Server (DataDirect), and Oracle (Data Direct - Service Name).
- Central management
-
- You can now view patch installation status of managed units from central managers.
- The cross-central-manager health view (cross-CM health view) is a new Guardium unit type that provides aggregated health views for an entire Guardium deployment. These views include health information for all available central managers, aggregators, collectors, and S-TAPs in your environment. For more information, see Viewing deployment health data from multiple central managers.
- Database discovered instances rules
-
- Ability to specify existing Guardium groups for filter and exclude rules.
- Ability to delete discovered instances and existing inspection engines that match specified criteria and standard operators.
- Datasources
- Support is added for creating new groups with username and hostname or IP address criteria.
- Entitlement reporting
- Support added for EDB PostgreSQL.
- External ticketing
- Event Management is now integrated with the ServiceNow. For more information, see Configuring an external ticketing system.
- GIM
- Guardium now uses SHA256 GIM client certificates. For more information, see GIM clients with SHA256 certificates.
- IBM® Knowledge Catalog integration
-
- You can now use an external credential manager (AWS Secrets Manager, CyberARK, or HashiCorp) to supply credentials to the IBM Knowledge Catalog - Guardium integration.
- The Guardium-IBM Knowledge Catalog integration includes several updates to how PII is captured during an upgrade. For more information, see Integrating with IBM Knowledge Catalog for federated data protection .
- To learn more information about supported datasources for IBM Knowledge Catalog, see Integrating with IBM Knowledge Catalog for federated data protection and Adding User-Defined Functions (UDFs) for IBM Knowledge Catalog - Guardium integration.
- Investigation dashboard
- Support added for monitoring and automatic recovery to identify and recover issues in the investigation dashboard. For more information, see Monitoring and automatic recovery for the investigation dashboard.
- Network Time Protocol (NTP)
- Network Time Protocol (NTP) now uses the chrony time server daemon. The ntp CLI commands are deprecated and replaced by time_server commands. For more information, see the store system time_server CLI command.
- Runtime sensitive-object identifier
- The Runtime Sensitive Object Identifier is redesigned. You can now manage runtime sensitive object identification by using the new Runtime Sensitive Object Identifier session level policy and report. For more information, see Runtime sensitive-object identifier.
- Policies
- Session-level policy adds support for SQL criteria, extrusion rules through criteria server data, and the ability to use regex in groups and custom tuples.
- S-TAP
-
- Define S-TAP clusters for environments with multiple S-taps that are assigned to clusters of database servers. S-TAP clusters allow Guardium to detect traffic at the cluster level, meaning that if one S-TAP in the cluster is active, all S-TAPs assigned to the cluster are also marked as active. S-TAP clusters also support automatic removal of inactive S-TAP connections for active-passive cluster configurations. For more information, see Create and manage S-TAP clusters.
- Unix S-TAP and External S-TAP support OpenSSL v3.1 and FIPS140-3.
- External S-TAP supports MongoDB Atlas with MongoDB Compass.
- TLS 1.3 support
- Guardium now supports TLS 1.2 and 1.3, and support for earlier TLS versions is deprecated. For more information about moving to TLS 1.3, see Managing the TLS version.
- Universal connector
-
- The universal connector now offers a troubleshooting tool. For more information, see universal connectors.
- Universal connector plug-ins are now preinstalled. When newer versions of the plug-ins become available, you can choose to upload them manually or wait for the next Guardium patch release to get them automatically updated.
- Vulnerability Assessment
-
- Ability to display both alias and non-alias value in a report.
- Ability to find an existing vulnerability assessment by using the Security Assessment Finder screen.
- Ability to upload MS SQL opensource driver through custom uploads.
- Ability to export vulnerability assessment results through external feed.
- Support added for Oracle MySQL enterprise edition 8.0 CIS benchmark version 1.2.0, MongoDB 4.0 and MongoDB 5.0 CIS benchmark version 1.0.0, latest CIS benchmark for Db2, CIS benchmark for PostgreSQL version 15.
- Support added for Oracle MySQL enterprise edition 8.0 STIG benchmark, ver 1 rel 1, Oracle 19c benchmark.
- SSL encryption support is added for Oracle 11.x, 12.x, and 19.
- Support added for Apache Cassandra, Percona MySQL datasources.
- Support added for Apache Cassandra, PostgreSQL, and PostgreSQL EDB entitlement reports.
- Other enhancements
-
- RHEL is upgraded from RHEL 7 to RHEL 9
- The output of all CLI commands (including Guardium API commands) that modify a component of the user’s system now includes the timestamp after the command finishes running.
- Ability to mark updates as “read” from the notification icon in the UI.