What's new in this release

New features, functions, and enhancements.

12.1 and later IBM Guardium V12.1

Audit process
Support is added to customize the audit process emails. For more information, see Custom email template in Building audit processes.
Certificate management
  • The login page now shows the certificate expiration details and provides a link to manage the certificates.
  • Manage, update, and distribute all your expiring certificates from a central manager to the central manager and its managed units. For more information, see Managing expiring certificates.
  • View all the certificates that expire on the system within a specified threshold. For more information, see show_expiring_certificates.
  • Backup and restore process is enhanced for default and custom certificates. For more information, see Restoring default and custom certificates.
Classifier
Support is added for new custom property, maximum length for large-text data types with PostgreSQL and Sybase.
CLI Commands
Support is added for automating the following CLI Commands:
  • Restart and Start commands: restart datastreams, restart GUI, restart insights_Kafka, restart network, restart processmgr, restart rds_monitoring, restart sniffer_buffer_usage, restart stopped_services, restart system, restart ticket-service, restart alerter, restart guardium_insights, restart icap, restart inspection-core, and start insights_Kafka.
  • Store commands: store disk_space_reserved reset, store dump_data_for_forensics, store mysql_utf8mb4, store quartz_thread_num, store remove_informix_driver_property_IFX_USE_STRENC, store system ipmode, store set_informix_driver_property, store system public key reset, and store system sshd-max-connection.
  • Support commands: support store rdsdiag clean, and support dump_gdm_exception_error.
For more information, see CLI Commands.
Cross-central manager(CM) health view system
Database instance discovery
Run database instance discovery from the central manager on all active S-TAP units for managed unit groups or individual managed units by using the GUI. For more information, see Monitoring managed units.
Database discovered instances rules
  • A new Manage Collectors view was added to the central manager user interface to quickly and easily find the collectors that are participating in the database discovered instances rules processing. From this dialog, the IE_CREATION parameter for each collector can be viewed and updated.
  • The new Discovered instances rules parameters report on the collector shows the timestamp of when the IE_CREATION parameter was last changed and its current setting.
  • Predefined GRDAPI mapping of modify_guard_param provides convenience. The IE_creation parameter can also be viewed or updated from the command line.
For more information, see database discovered instances rules.
Deployment health topology
Support is added for monitored processes report that provides combined information about the Investigation dashboard and Threshold alerter. For more information, see Deployment health topology and table views.
GIM certificates
Support is added to replace the default SHA2 GIM certificate with SHA1 or SHA256 without interrupting the GIM server to GIM client communication. For more information, see Replacing default GIM certificate with SHA1 or SHA256 certificate.
Integration
Ranger HDFS for Hortonworks and Cloudera 7 supports integration with Atlas service.
Policies
  • Support is added to quarantine the users with multiple failed login attempts for the security incident policies. For more information, see Quarantine users with multiple failed logins.
  • Support is added for the following actions in the Session-level policies.
    • Log Full details with replaced values
    • Log Extrusion Counter
    • Log Masked Extrusion Counter
    • Log Only
    • Log Masked Details
    • Audit Only
    • Ignore responses per session
    For more information, see Actions.
  • Support is added to detect the Canadian Social Insurance Number (SIN) pattern. For more information, see Special pattern tests.
Proxy connection
Guardium supports a web proxy to connect to a remote source that requires a proxy server to connect. Use the proxy grdapi to create the proxy connections. For more information, see proxy.
Reports
Support is added for Audit Process Task Details, Available VA Tests - CIS, and Available VA Tests - STIG predefined admin reports.
S-TAP
Universal Connectors
Support is added to centrally manage the Guardium Managed Units on which the Universal Connectors are installed. For more information see, Universal connector configuration.
Vulnerability Assessment
  • Ability to exclude or specify Microsoft SQL to be scanned.
  • Addition of Security Technical Implementation Guide (STIG) Oracle Database 19c benchmark.
  • Available tests report filters by CIS, CVE, APAR, CAS-based, JDBC-based, and user-defined-JDBC-based.
  • Addition of test severity level to the SCAP XML Export.
  • CIS Microsoft SQL Server 2022 1.0 benchmark support.
  • Entitlement reports for CockroachDB.
  • Support is added for DynamoDB.
  • Performance enhancement between central manager and managed units.
  • Purge of older DPS history for older, major release versions.
  • Scanning for Amazon Aurora PostgreSQL.
  • Support for namespaces with HashiCorp Vault integration.
  • Support of multi-tenancy for Oracle 19c pluggable databases (PDB).
  • For a complete list of tests and groups that are added or updated in version 12.1, see Vulnerability Assessment tests and groups in Guardium 12.x. Tests and groups that are added after the release of Guardium version 12.1 are available in the upcoming Quarterly DPS files.
Other enhancements
  • View and manage the security settings components: sshd, ciphers, services. For more information, see secure_settings.
  • Archive and export data on target hosts for specified time intervals. For more information, see aggregation.
  • Configure a proxy to connect GDP and GI. For more information, see insights_registration.
  • Use an API key to run REST API authentication, which never expires, to get an access token to make REST API calls to Guardium. For more information, see create_api_key, list_api_key, and revoke_api_key.

12.0 and later IBM Guardium V12.0

Access management
Guardium 12.0 adds "password last changed" and "password expired" dates to the access management page and to the list_users API output to better support proactive password management.
Active threat analytics
You can now optimize resources and reduce false positives by excluding certain sources such as test data and activities that are performed by automated processes.
Audit process
  • The audit process to-do list adds the ability to quickly change the classification result sets being compared directly from the results-comparison view itself. For more information, see Comparing discovery and classification results.
  • You can now modify the receivers list for active audit processes, including deleting and rearranging existing users. Changes are tracked in the "User activity audit trail" report. For more information, see Audit process receivers.
Certificate management
  • Support is added for automatic retrieval of existing certificates from Venafi using the Guardium CLI.
  • The number of SAN (subject alternative name) slots have increased from nine to 99.
  • The date format in the warning message under the notification icon for expiring certificates has changed from d-m-yyyy to yyyy-mm-dd.
Classifier
  • Support is added for fire with marker option for catalog search rules.
  • Support is added for new custom properties, including maximum length for large-text data types with Microsoft SQL Server and new data-cardinality methods for Oracle.

    For more information, see MS SQL Server (DataDirect), and Oracle (Data Direct - Service Name).

Central management
  • You can now view patch installation status of managed units from central managers.
  • The cross-central-manager health view (cross-CM health view) is a new Guardium unit type that provides aggregated health views for an entire Guardium deployment. These views include health information for all available central managers, aggregators, collectors, and S-TAPs in your environment. For more information, see Viewing deployment health data from multiple central managers.
Database discovered instances rules
  • Ability to specify existing Guardium groups for filter and exclude rules.
  • Ability to delete discovered instances and existing inspection engines that match specified criteria and standard operators.
For more information, see database discovered instances rules.
Datasources
Support is added for creating new groups with username and hostname or IP address criteria.
Entitlement reporting
Support added for EDB PostgreSQL.
External ticketing
Event Management is now integrated with the ServiceNow. For more information, see Configuring an external ticketing system.
GIM
Guardium now uses SHA256 GIM client certificates. For more information, see GIM clients with SHA256 certificates.
IBM® Knowledge Catalog integration
Investigation dashboard
Support added for monitoring and automatic recovery to identify and recover issues in the investigation dashboard. For more information, see Monitoring and automatic recovery for the investigation dashboard.
Network Time Protocol (NTP)
Network Time Protocol (NTP) now uses the chrony time server daemon. The ntp CLI commands are deprecated and replaced by time_server commands. For more information, see the store system time_server CLI command.
Runtime sensitive-object identifier
The Runtime Sensitive Object Identifier is redesigned. You can now manage runtime sensitive object identification by using the new Runtime Sensitive Object Identifier session level policy and report. For more information, see Runtime sensitive-object identifier.
Policies
Session-level policy adds support for SQL criteria, extrusion rules through criteria server data, and the ability to use regex in groups and custom tuples.
S-TAP
  • Define S-TAP clusters for environments with multiple S-taps that are assigned to clusters of database servers. S-TAP clusters allow Guardium to detect traffic at the cluster level, meaning that if one S-TAP in the cluster is active, all S-TAPs assigned to the cluster are also marked as active. S-TAP clusters also support automatic removal of inactive S-TAP connections for active-passive cluster configurations. For more information, see Create and manage S-TAP clusters.
  • Unix S-TAP and External S-TAP support OpenSSL v3.1 and FIPS140-3.
  • External S-TAP supports MongoDB Atlas with MongoDB Compass.
TLS 1.3 support
Guardium now supports TLS 1.2 and 1.3, and support for earlier TLS versions is deprecated. For more information about moving to TLS 1.3, see Managing the TLS version.
Universal connector
  • The universal connector now offers a troubleshooting tool. For more information, see universal connectors.
  • Universal connector plug-ins are now preinstalled. When newer versions of the plug-ins become available, you can choose to upload them manually or wait for the next Guardium patch release to get them automatically updated.
Vulnerability Assessment
  • Ability to display both alias and non-alias value in a report.
  • Ability to find an existing vulnerability assessment by using the Security Assessment Finder screen.
  • Ability to upload MS SQL opensource driver through custom uploads.
  • Ability to export vulnerability assessment results through external feed.
  • Support added for Oracle MySQL enterprise edition 8.0 CIS benchmark version 1.2.0, MongoDB 4.0 and MongoDB 5.0 CIS benchmark version 1.0.0, latest CIS benchmark for Db2, CIS benchmark for PostgreSQL version 15.
  • Support added for Oracle MySQL enterprise edition 8.0 STIG benchmark, ver 1 rel 1, Oracle 19c benchmark.
  • SSL encryption support is added for Oracle 11.x, 12.x, and 19.
  • Support added for Apache Cassandra, Percona MySQL datasources.
  • Support added for Apache Cassandra, PostgreSQL, and PostgreSQL EDB entitlement reports.
For a complete list of tests and groups that are added or updated in version 12.0, see https://www.ibm.com/support/pages/node/7031317. Tests and groups that are added after the release of Guardium version 12.0 are available in upcoming quarterly DPS reports.
Other enhancements
  • RHEL is upgraded from RHEL 7 to RHEL 9
  • The output of all CLI commands (including Guardium API commands) that modify a component of the user’s system now includes the timestamp after the command finishes running.
  • Ability to mark updates as “read” from the notification icon in the UI.