modify_guard_param
This generic API updates the values of specific parameters for various Guardium functions.
- Alerting parameters
- Analyze limits parameters
- Classification parameters
- CyberArk parameters
- Data mart parameters
- Datasource parameters
- Health analyzer parameters
- Inspection engine parameters
- Manage SQL parameters
- Nanny parameters
- Offline help parameters
- Quartz scheduler parameters
- Smart card parameters
- Sniffer parameters
- SNMP parameters
- Syslog TCP parameters
- Threat analytics parameters
- Vulnerability Assessment parameters
- Other parameters
This API is available in Guardium V10.5 and later.
REST API syntax
POST
method. Call this API as
follows:
POST https://[Guardium hostname or IP address]:8443/restAPI/modify_guard_param
Parameters
Parameter | Value type | Description |
---|---|---|
paramName | String | Required. One of the parameters that are described in the following sections. |
paramValue | String | The new value for the parameter. |
api_target_host | String |
Specifies the target hosts where the API executes. Valid values:
IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode. |
Alerting parameters
Parameter | Value Type | Description |
---|---|---|
ALERT_VERB_NUM_LIMIT | Integer | Sets the maximum number of SQL verbs to show in the Alert log. Valid value is a positive integer between 1 and 50. The default is 10. |
ANTLR3_REMOVE_COMMENTS | Boolean | Enables or disables logging of comments. Valid values:
Default = 0 |
SMTP_TIMEOUT | Integer | Alerter SMTP Time-Out. |
STARTTLS | String | Sets TLS data encryption for the alerter email server. Valid values:
|
Analyze limits parameters
The analyze limits parameters define thresholds used for the central manager limits tile on the Deployment Health Dashboard and elsewhere. For more information, see Deployment health dashboard.
Parameter | Value Type | Description |
---|---|---|
CLASSIFIER_MEMORY_USAGE_THRESHOLD | Integer |
Valid values: 1 - 100 |
HTTP_GIMSERVER_AUTH_CONNECTIONS_THRESHOLD | Integer |
Valid values: 1 - 100 |
HTTP_GIMSERVER_CONNECTIONS_THRESHOLD | Integer |
Valid values: 1 - 100 |
HTTP_GUI_CONNECTIONS_THRESHOLD | Integer |
Valid values: 1 - 100 |
MYSQL_CONNECTIONS_THRESHOLD | Integer |
Valid values: 1 - 100 |
OPEN_HANDLERS_THRESHOLD | Integer |
Valid values: 1 - 100 |
RUNNING_PROCESSES_THRESHOLD | Integer |
Valid values: 1 - 100 |
UNAUTHENTICATED_CONNECTIONS_THRESHOLD | Integer |
Valid values: 1 - 100 |
CyberArk parameters
Parameter | Value Type | Description |
---|---|---|
CYBERARK_USER_NAME | String | Updates the CyberArk user name. |
CYBERARK_USER_PASSWORD | Encrypted String | Updates the encrypted CyberArk vault user password. |
CYBERARK_VAULT_WEBSERVER_NAME | String | Updates the CyberArk vault web server name. |
Classification parameters
Parameter | Value Type | Description |
---|---|---|
classifier_running_timeout | Integer | Sets a time limit, in minutes, for the housekeeping process (nanny). After the timeout
period, the nanny considers the classifier process to be inactive and restarts it. Valid values: 5 - 720 Default = 30 |
classifier_gather_data | Boolean | Enables or disables the gathering of system data. Valid values:
|
compare_max_row_threshold | Integer | Changes the display threshold value. Default and maximum value: 1000 rows |
Classifier examples
grdapi modify_guard_param paramName=classifier_running_timeout paramValue=50
>grdapi get_guard_param paramName=classifier_gather_data
ID=0
classifier_gather_data value: false
>grdapi modify_guard_param paramName=classifier_gather_data paramValue=1
ID=0
ok
>grdapi get_guard_param paramName=classifier_gather_data
ID=0
classifier_gather_data value: true
ok
grdapi get_guard_param paramName=COMPARE_MAX_ROW_THRESHOLD
ID=0
COMPARE_MAX_ROW_THRESHOLD value: 1000
ok
grdapi modify_guard_param paramName=COMPARE_MAX_ROW_THRESHOLD paramValue=91935
modify_guard_param:
ERR=5059
Error Parameter Value is greater then MAX allowed : 1000
Error in modify_guard_param. Can not process the request
ok
grdapi modify_guard_param paramName=COMPARE_MAX_ROW_THRESHOLD paramValue=999
ID=0
ok
grdapi get_guard_param paramName=COMPARE_MAX_ROW_THRESHOLD
ID=0
COMPARE_MAX_ROW_THRESHOLD value: 999
ok
Data mart parameters
Parameter | Value Type | Description |
---|---|---|
COPYFILE_THREAD_POOL_CORE_SIZE | Integer | For internal use only, tunes the size of the data mart threadpool. |
COPYFILE_THREAD_POOL_IDLE_KEEP_ALIVE_TIME_SEC | Integer | For internal use only, tunes the size of the data mart threadpool. |
COPYFILE_THREAD_POOL_MAX_SIZE | Integer | For internal use only, tunes the size of the data mart threadpool. |
COPYFILE_THREAD_POOL_MAX_TASKS_WAITING | Integer | For internal use only, tunes the size of the data mart threadpool. |
CUSTOM_DATAMART_FILE_REMOVE_EXTRA_BACKSLASH | Binary | Removes an extra backslash from custom data mart files during extraction. |
Datasource parameters
Parameter | Value Type | Description |
---|---|---|
allow_datasource_full_control_by_role | Boolean | Controls whether assigning a role on a datasource gives the role full control over the
datasource. Valid values:
Default = false |
customtable_running_timeout | Integer | Sets a timeout mechanism, in minutes, for a hung custom table data upload. When a datasource hangs, the custom data upload stops after the timeout period and skips to the next datasource in the queue. |
DATASOURCE_CONFIRMATION_EXPIRATION_TIME | Integer | To delete a datasource (or a set of datasources) a confirmation number is required. By default the confirmation number expires after 5 minutes. Use this parameter to change the expiration time to between 4 to 60 minutes. |
MIN_OPTIMIZE_SIZE | Integer | For a specified database, sets the minimum size for optimization. The size must be between 1000 and 10000000. |
Datasources example
grdapi modify_guard_param paramName=allow_datasource_full_control_by_role paramValue=true customtable_running_timeout paramValue=5
grdapi modify_guard_param paramName=paramName=customtable_running_timeout paramValue=5
Health analyzer parameters
These parameters control the predictions of DB sizes and files on disk (/var). For more information, see DB sizes and files on disk (/var).
Parameter | Value Type | Description |
---|---|---|
HEALTH_ANALYZER_DB_LOOKAHEAD_DAYS | Integer | Alerts are sent if the HEALTH_ANALYZER_DB_USAGE_THRESHOLD is predicted to occur in the next
HEALTH_ANALYZER_DB_LOOKAHEAD_DAYS. Default = 14 |
HEALTH_ANALYZER_DB_SAMPLE_DAYS | Integer | The number of immediately preceding days that the DB growth is monitored. Use this parameter
to predict future usage. Default = 7 |
HEALTH_ANALYZER_DB_USAGE_THRESHOLD | Integer | The DB size threshold (in %) at which an alert is sent. 100% size varies according to the
Guardium system type (50% of /var for collector, and 75% of
/var for aggregator). Range is 1 - 100%. Default = 50 |
HEALTH_ANALYZER_VAR_LOOKAHEAD_DAYS | Integer | Alerts are sent if HEALTH_ANALYZER_VAR_USAGE_THRESHOLD is predicted to occur in the next
HEALTH_ANALYZER_VAR_LOOKAHEAD_DAYS. Default = 14 |
HEALTH_ANALYZER_VAR_SAMPLE_DAYS | Integer | Number of days the /var growth is monitored. Use this parameter to
predict future usage. Default = 7 |
HEALTH_ANALYZER_VAR_USAGE_THRESHOLD | Integer | The /var size threshold (in %) at which an alert is sent. Range is 1 - 100%. Default = 50 |
Inspection engine parameters
Before you configure the Database Discovered Instances Rules in the GUI, you need to enable inspection engine creation by setting the IE_CREATION parameter to 1. For more information, see Database discovered instances rules and apply_rules_on_discoveredinstances.
Parameter | Value Type | Description |
---|---|---|
IE_CREATION | Boolean | Required for automatic inspection engine creation. Determines whether Guardium automatically
creates inspection engines on a collector, based on whether inspection engine creation is enabled on
the Database Discovered Instances Rules page. Valid values:
Default = 0 (false) |
IE_PROCESSED_TIMESTAMP | Date |
Timestamp for identifying already considered, discovered instances for IE creation functionality. |
Offline help parameters
To use IBM Documentation without requiring an internet connection, you can use IBM® Documentation Offline to access help files for Guardium and other IBM products. IBM Documentation Offline allows you to view IBM Documentation either as a desktop application or from your corporate intranet. For more information about installing and using IBM Documentation Offline, see https://www.ibm.com/docs/en/offline.
After installing and configuring IBM Documentation Offline, use the following parameters to enable IBM Documentation Offline with Guardium.
Parameter | Value Type | Description |
---|---|---|
HELP_DISABLE | Boolean | Enable or disable IBM Documentation
Offline for
Guardium help links. The setting is disabled by default. Valid values:
|
HELP_HOST | String |
Specify the host name of the system where IBM Documentation Offline is installed. If you leave the server name blank, the online help is directed to www.ibm.com. |
HELP_PORT | String |
Specify the port number for the IBM Documentation Offline configuration. The default value is 443. |
Offline help parameters examples
- The following example uses the GuardAPI to find and set the host
name,
grdapi get_guard_param paramName=HELP_HOST ID=0 HELP_HOST value: test.mycompany.com grdapi modify_guard_param parameter_name=HELP_HOST parameter_value=test.mycompany.com
- The following example uses the GuardAPI to set the port
value,
grdapi modify_guard_param paramName=HELP_PORT paramValue=9443
Manage SQL parameters
These parameters allow you to manage various SQL details.
Parameter | Value Type | Description |
---|---|---|
ALERT_OBJECT_NUM_LIMIT | Integer | Maximum number of SQL objects in one alert message for an object template variable. |
DB2_COMMA_DECIMAL_POINT | Integer | Flag for the ANTLR3 DB2 parser to consider a comma as a numeric precision mark. |
DUMP_DATA_FOR_FORENSICS | Integer | Determines whether to dump full SQL details into the Kafka server. The full SQL details are
used for forensics and analysis. Valid values:
Default = 0 |
LONG_VALUE_SPLIT_IN_CSV | Binary | Allows text to be split into multiple lines during CSV export. |
MAX_SAVED_CONSTRUCTS | Integer | Size of the SQL construct rule. Results are being saved in the session. |
Nanny parameters
These parameters enable and configure sending test messages to the alerter orrsyslog to verify that it is communicating with Guardium.
Parameter | Value Type | Description |
---|---|---|
GENERATE_TOMCAT_DUMP | Binary | Triggers Tomcat core dump. |
NANNY_ALERT_RSYSLOG | Integer | Controls whether the nanny monitors ryslog servers. |
NANNY_ALERT_RSYSLOG_FREQ | Integer | Determines the frequency, in hours, with which the nanny monitors rsyslog servers. |
NANNY_SNIF_CORE | Integer | Captures the nanny snif core count. Default = 0 (disabled) A value of 1, 2, or 3 indicates the number of compressed and encrypted cores to save to the /var/IBM/Guardium/log/snif/cores directory as tar files. Use the fileserver CLI command to upload the compressed snif core tar file. |
NANNY_TEST_RSYSLOG | Integer | Determines whether the nanny process sends test messages to rsyslog. Valid values:
Success messages are severity info, and error messages are severity med (error). Default = 1 |
NANNY_TEST_RSYSLOG_FREQ | Integer | Determines the frequency, in hours, with which the nanny sends test messages to rsyslog.
Default = 0, which sets the frequency to 5 minutes. |
NANNY_TEST_SMTP_ALERTER | Integer | Determines whether the nanny process checks the status of the SMTP alerter. If set to 1 (true), the nanny establishes that connectivity is available to the SMTP relay server on the server side and reports the results to Syslog. Success messages are severity info, and error messages are severity med (error). If the SMTP alerter is down, Guardium attempts to restart it, and reports to Syslog indicating success or failure. Valid values:
Default = 1 |
NANNY_TEST_SMTP_ALERTER_FREQ | Integer | Determines the frequency, in hours, with which the nanny tests the alerter. Default = 0, which sets the frequency to 5 minutes. |
Quartz scheduler parameters
These parameters provide input to the Quartz Job Scheduler.
Parameter | Value Type | Description |
---|---|---|
QUARTZ_LONG_RUNNING_JOB_THRESHOLD | Integer | Defines the Quartz Scheduler long running job threshold in minutes. Default = 600 (minutes). |
QUARTZ_MAX_LONG_RUNNING_JOBS | Integer | Defines the maximum number of long running Quartz Scheduler jobs that is considered
unhealthy. Default = 3. |
QUARTZ_SCHD_ENABLE_MONITOR | Boolean | Enable Quartz Scheduler monitoring. The default is 0 (off). To turn on, set to 1. |
Smart card parameters
This configuration is for logging into the Guardium UI using a smart card. For more details, see Enabling smart card authentication.
Parameter | Value Type | Description |
---|---|---|
ENABLE_OCSP_CHECK | Binary |
Check certificate status via OCSP if smart card authentication is turned on. |
SMART_CARD_MAPPING_REGEX | String | Sets the value of the regular expression (regex) in the Guardium Portal page to match the user information on a smart card. |
Smart card example
grdapi modify_guard_param paramName=SMART_CARD_MAPPING_REGEX paramValue="CN?=?(.*?),?OU?=?Test Agency,?OU?=?Test Department,?O?=?Test Government,?C?=?US"
Sniffer parameters
Use the following parameters to manage Sniffer settings.
Parameter | Value Type | Description |
---|---|---|
ACTIVE_PARSER_ENGINE | Integer |
Controls which parser engine snif will use. Options are:
|
HOST_SERVICE_OS_NAME_CACHE_SIZE | Integer | Allows you to change the size of sniffer held values in host name, service name, or OS user
name caches. Default = 2048. The cache size must be between 1 and 25000. |
INTERNAL_REST_CLIENT_SECRET | Encrypted | The internal REST client secret to allow snif and other components to make internal REST calls. |
INTERNAL_REST_CLIENT_SECRET_PASSWORD | Encrypted | The password for the internal REST client user. |
LOG_GENERAL_RESPONSE_LENGTH | Number | Displays whether the store log_general_response_length CLI command is enabled or disabled. Default = disabled |
PE_TRAINING_PHASE_ONE_LENGTH | Integer | Minimum mandatory training period (in days) for the snif probability engine. |
PE_TRAINING_PHASE_TWO_LENGTH | Integer |
Minimum training period (in hours) where snif must see no new training data. Extended dynamically when new events are encountered. |
SAVED_RESPONSE_QUEUE_SIZE | Integer | Allows you to change the queue size for saved responses. |
SELECTIVE_AUDIT_PRESCREEN_THRESHOLD | Integer |
Snif internally disables the prescreen functionality for performance purposes if total selective audit group member count exceeds this value. |
SNIF_DQ_ARE_LITERALS | Integer |
Controls which database types snif will consider double quoted strings literals by default. |
SNIF_USE_FEED_ANALYZER_THREAD | Integer | Snif use feed analyzer thread. |
UID_CHAIN_PROCESS_ASYNC | Integer | Control synchronous/asynchronous processing of the UID CHAIN in snif. |
SNMP parameters
Use the following parameters to set certain system SNMP settings.
Parameter | Value Type | Description |
---|---|---|
GUARDIUM_SNMP_TRAP_MSG_OID | String | The message for the Guardium SNMP trap OID. The default message is .1.3.6.1.4.1.18708.1.6 . |
GUARDIUM_SNMP_TRAP_OID | String | Specify the Guardium SNMP trap OID. Use this parameter to change how the Alerter sends SNMP traps to older values or to another value that you need to work with a particular server that monitors SNMP traps. For more information, see Configuring the alerter. The default trap OID is .1.3.6.1.4.1.18708.1.1.1 |
SNMP_AUTHENTICATION_PASSWORD | Encrypted | SNMP authentication passphrase. |
SNMP_ENCRYPTION_PASSWORD | Encrypted | SNMP encryption passphrase. |
SNMP_ENGINE_ID | String | If required, change the SNMP engine ID. Use the show system snmp engineid CLI command
to see the current engine ID. Note: Engine ID must be unique.
|
SNMP_USER_AUTHENTICATION_TYPE | String | SNMP user authentication type for v3. |
SNMP_USER_ENCRYPTION_TYPE | String | SNMP user encryption type for v3. |
SNMPV3_USER | String | Create a new SNMP version 3 user account. Guardium recommends that you use the store system snmp user CLI command to create a new user. |
SNMP_VERSION | String | Set the SNMP version for this machine. Valid values = v2c or v3 |
Syslog TCP parameters
These parameters manage TPC reception in syslog.
Parameter | Value Type | Description |
---|---|---|
SYSLOG_TCP_RECEPTION_ON | Integer | Controls whether syslog TCP reception is on. Default = 1 (off) Set to 0 to turn on. |
SYSLOG_TCP_RECEPTION_PORT | Integer | Specify the port to use for syslog TCP reception. Default = 10514. The port number must be between 1 and 65535. |
Threat analytics parameters
Parameter | Value Type | Description |
---|---|---|
EI_FAILED_LOGIN_DB_USER_THRESHOLD | Number | The database user threshold for threat analytics failed log ins. Default = 2. |
EI_FAILED_LOGIN_DISPLAY_DB_USER_LIMIT | Number | :The number of different database users threshold for a failed threat analytics login case. Default = 2. |
EI_FAILED_LOGIN_PER_DB_USER_THRESHOLD | Number | The number of failed log ins per database user threshold for a failed threat analytics login case. Default = 10. |
EI_GRANT_DORMANT_WEEKS_DEFINITION | Number | The number of weeks without activity to register a user as dormant for threat analytics. Default = 8. |
EI_SQL_TIMEOUT_IN_SECONDS | Number | Timeout, in seconds, for executing threat analytics scanners on a query or stored procedure. Default = 300. |
Vulnerability Assessment parameters
Parameter | Value Type | Description |
---|---|---|
ALLOW_NULL_SERVICE_FOR_VA_SUMMARY | Binary | Name for the VA summary. Set as DEFAULT in case of NULL in service. |
INAPPLICABLE_TEST_RESULT_STATUS | Binary |
Allows you to include or exclude test scores for unsupported database versions from the vulnerability assessment test report. 0: excludes tests with results that have the test score "NOT APPLICABLE". 1: includes tests with results that have the test score "NOT APPLICABLE".
Tip: For
vulnerability assessment tests with a defined range of supported database versions, the test returns
a score of "NOT APPLICABLE" when the datasource version is not within the range.
|
SAVE_TEST_RESULT_DETAIL_STRING | Binary |
Controls detailed information of a test result. Default = true, include detail information in the test result. If false, the detail information is not included in the test result. |
Other parameters
Parameter | Value Type | Description |
---|---|---|
CM_HEALTH_VIEW_HOSTNAME | String | For the cross-CM health view.
Hostname of the central manager that the machine is reporting to. Note:
12.0 You
can unregister central managers from the cross-CM health view system
by providing an empty
paramValue for CM_HEALTH_VIEW_HOSTNAME .
Unregistered systems still appear on the aggregated health views of the cross-CM health view system,
but their data is no longer updated and their status may not be listed
accurately.
12.1 and later You can unregister 12.1 central manager from the cross-CM health view system by providing the
central manager name.
To register a central management unit with version earlier to 12.1 and cross-CM health view with
version 12.1, use the following API:
From 12.1, Guardium populates CM_HEALTH_VIEW_HOSTNAME during registration and it cannot be modified. |
ENABLE_GUARDIUM_INSIGHT_STREAMING | Binary | For Guardium Insight streaming. Enable or disable data streaming to Guardium Insights.
Valid values:
|
ESCAPE_FOR_ARCSIGHT | Binary |
Deprecated. |
FUTURE_PARTITION_EXPAND_DELAY_HOURS | Integer | The maximum number of hours to delay before creating future partitions. Change this parameter only
on advice of Guardium Technical Support. Default = 0. |
INFORMIX_SAVED_RESPONSE_QUEUE_SIZE | Integer | Informix queue size for the Save response. |
KEEP_NUMBER_OF_JAVACORE_BUNDLE | Integer | The number of javacore file bundles to keep. The number must be between 1 and 30. Default = 3. |
LDAP_CONN_TIMEOUT_MILLISEC | Integer | Sets the number of milliseconds before the LDAP test connection times out. Default = 5000 (5 seconds) The value must be between 1000 and 300000 ms. |
LOG_TO_APP_USER | String | Log specified attributes to the Application User field. |
PASSWORD_MIN_DAYS | Integer | The minimum days required between a password change. Default = 1 (day). |
PATCH_PRESERVATION | Integer | Controls whether to preserve failed patches. When set to 1 (on), if the patch fails, you can
make corrections and then rerun the patch without having to download it again. Default = 0 (off). |
REMOTE_FILETRANSFER_RESERVE_GB | Integer | The minimum reserve disk space required in remote file transfer between Guardium Data Protection and Guardium Insights. Default = 25. |
SIZE_OF_RAW_STATEMENT_MAP | Integer | Controls the size of the raw statement map. To view the current size of the raw statement
map, use the get_guard_param command. For
example:
Default = 2048 |
12.1 and later UNIVERSAL_CONNECTOR_CONFIGURATION_FLOW_FLEATURE | Integer |
When set to 1, allows you to use the load_all_packages API to load the universal connector package configuration from a specified folder. |
WAF_F5_METHOD | Integer | Customer-specific parameter. No longer used. |
WKC_CONFIGURATION | Encrypted | For internal use only. When decrypted, displays the configuration parameters for the IBM Cloud Pak® for DataIBM Knowledge Catalog integration with Guardium. For more information, see Integrating with IBM Knowledge Catalog for federated data protection. |