create_cloud_datasource

This command creates a cloud datasource, for classification, vulnerability assessment, and object auditing on cloud databases (cloud database service protection).

This API is available in Guardium V10.1.4 and later.

REST API syntax

This API is available as a REST service with the POST method. Call this API as follows:
POST https://[Guardium hostname or IP address]:8443/restAPI/cloud_datasource

GuardAPI syntax

create_cloud_datasource parameter=value

Parameters

Parameter Value type Description
application String Required. The application type to be used with this data source. For valid values, call create_cloud_datasource from the command line with --help=true.
cloudTitle String Required. Name of a cloud account already defined in Guardium. For valid values, call create_cloud_datasource from the command line with --help=true.

For more information, see create_cloudTitle.

compatibilityMode String The mode used when monitoring a table.
conProperty String Use only if additional connection properties must be included on the JDBC URL to establish a JDBC connection with this data source. The required format is property=value, where each property and value pair is separated by a comma.
customURL String Connection string to the data source. If not provided the connection is made by using the host, port, instance, and other properties of the previously entered fields. You can, for example, use this method to create Oracle Internet Directory (OID) connections.
cyberarkConfigName String The name of the CyberArk configuration on your Guardium system. For valid values, call create_cloud_datasource from the command line with --help=true.
cyberarkObjectName String The CyberArk object name for the Guardium datasource.
dbInstanceAccount String Database Account Login Name that is used by the Configuration Auditing System (CAS).
dbInstanceDirectory String Directory where database software is installed that is used by CAS.
dbName String For a Db2® or Oracle data source, enter the schema name. For others, enter the database name.
description String Longer description of the data source.
externalPasswordTypeName String For valid values, call create_cloud_datasource from the command line with --help=true.
host String Required. The hostname or the IP address of the server that is hosting the DB you are monitoring.
importServerSSLcert Boolean Valid values:
  • 0 (false)
  • 1 (true)
KerberosConfigName String Name of Kerberos configuration already defined in Guardium system.
name String Required. A unique name for the data source in the Guardium system.
objectLimit Integer Required. The maximum number of sensitive objects found in the classification process that are added automatically to the list of audited objects. Default = 20.
password String Password for user.
port Integer Port number.
primaryCollector Integer The collector that extracts the audit data from the cloud database.
region String Required for AWS only. For valid values, call create_cloud_datasource from the command line with --help=true.
savePassword Boolean Saves and encrypts your authentication credentials on the Guardium appliance. Required if you are defining a data source with an application that runs as a scheduled task (as opposed to on demand). When set to yes, login name and password are required. Valid values:
  • 0 (false)
  • 1 (true)

Default = 1 (true)

serviceName String Required for Oracle, Informix®, Db2, and IBM® i. For a Db2 data source, enter the database name; for others, enter the service name.
severity String Severity Classification (or impact level) for the data source. For valid values, call create_cloud_datasource from the command line with --help=true.
shared String Set to true or Shared to share with other applications. To share the data source with other users, you need to assign roles from the GUI. Valid values:
  • Shared
  • Not Shared
  • true
  • false
type String Required. Identifies the data source type. For valid values, call create_cloud_datasource from the command line with --help=true.
useExternalPassword Boolean Valid values:
  • 0 (false)
  • 1 (true)
useKerberos Boolean Set to yes to use Kerberos authentication. If yes, KerberosConfigName must be supplied. Valid values:
  • 0 (false)
  • 1 (true)
useLDAP Boolean Set to yes to use LDAP. Valid values:
  • 0 (false)
  • 1 (true)
user String User for the data source. If used, password must also be used.
useSSL Boolean Set to yes to use SSL authentication. Valid values:
  • 0 (false)
  • 1 (true)
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

This example defines a cloud data source that is named cloud9, associated with cloud account NYSW, by using the access policy application.

grdapi create_cloud_datasource cloudTitle=nysw application="Access Policy" host=11.11.11.11 name=cloud9 primaryCollector=coll56 region=ca-central-1 type="Oracle (DataDirect - SID)"