Customer uploads
Use Customer Uploads to upload the following types of files: DPS update files, Oracle JDBC drivers, MS SQL Server JDBC drivers, DB2 for z/OS license JAR files, and CSV files.
The Database Protection Subscription Service (DPS) supports the maintenance of predefined assessment tests, SQL based tests, CVEs, APARs, and groups such as database versions and patches.
- Click .
- For DPS Upload, click Browse to locate and select
the file to be uploaded. Then in the Import DPS section, click
to import
the DPS update.Tip: The DPS file can take a long time to install. If you restart the browser, the install stops. Either keep the Customer Uploads window open until you see a status message, or use the CLI commandshow dpsto check install status. Reference the Import DPS pane to see what files have been uploaded. - For Upload DB2 z/OS License jar, click Browse to locate and select the file. Then upload the file.
- For Upload Oracle JDBC driver or Upload MS SQL Server JDBC
driver, locate and select the open source drivers, and then upload the file. Remember: Open source drivers are recommended over Oracle Data Direct drivers or MS SQL Data Direct drivers to:
- Support Windows Authentication for MS SQL Server. In other cases, you can use the Data Direct driver that is preinstall in the Guardium appliance.
- Support the use of streams instead of triggers when you use the Value Change Tracking application for Oracle version 10 or higher.
Use keywords to search and download open source JDBC drivers (for example: open source JDBC driver for MS SQL).
- Use the central manager to distribute the .jar file to managed units. After the file is
successfully uploaded, the GUI needs to be restarted on the central manager and the managed units.
Remember: If you export and import definitions from one unit to another, the subscribed groups are not exported. When you export definitions that reference subscribed groups, make sure that all referenced subscribed groups are installed on the importing unit (or central manager in a federated environment).
When you upload DB2® z/OS® license JAR files, the license takes effect after you restart the GUI.
If the DPS stops for any reason (for example, a server restart or a GUI restart), it is recommended to wait 30 minutes before starting the DPS upload process again.
If you enable ASO (Oracle Advanced Security) on the Oracle server by using the latest Oracle DataDirect driver, refer the following information:SQLNET.CRYPTO_CHECKSUM_SERVER = required SQLNET.ENCRYPTION_SERVER = required SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128) #SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA256) SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)The Oracle JDBC driver does not require a connection property. Download the latest Oracle JDBC driver that is compatible with your database version, then upload that driver to the system by using the Guardium Customer Uploads function.
If you continue to use Oracle DataDirect driver, then you need to specify a connection property to the datasource. When you define the Oracle DataDirect driver connection property, use the following connection string:DataIntegrityLevel=required;EncryptionLevel=required;DataIntegrityTypes=(MD5,SHA1)Restriction: The current Oracle DataDirect driver does not support SHA-256. So, SHA-1 must be used and sqlnet.ora reference (#SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA256)) needs to be commented out. However, if a Guardium customer connects by using SHA-256, they need to use the Oracle JDBC driver instead.For more information on Data Direct connectors, see https://www.progress.com/documentation/datadirect-connectors. Download the Oracle database JDBC User' Guide PDF for a list of command references.
- For Upload CSV to Create/Update Datasources, click
Browse to upload a CSV file or a tab-delimited text file to create or update
datasources. To create a tab-delimited text formatted file (.txt) containing datasource information or use a comma-delimited file structure (.CSV), make sure that you create an excel spreadsheet with the following header columns. You can then upload this file in the Guardium application.Tip: If you use EXCEL, save the file as a tab-delimited text (.txt) file and if you use OpenOffice or Libre Office, save the file as CSV file with TAB Delimiters.
Table 1. create_datasource Parameter Description application Required. Identifies the application for which the datasource is being defined. Use one of the following applications:
ChangeAuditSystem
Access_policy
MonitorValues
DatabaseAnalyzer
AuditDatabase
CustomDomain
Classifier
AuditTask
SecurityAssessment
Replay
Stap_Verification
compatibilityMode The comp ability modes are Default or MSSQL 2000. The processor is instructed which compatibility mode to use when monitoring a table.
conProperty Optional. Use only if additional connection properties must be included on the JDBC URL to establish a JDBC connection with this datasource. The required format is property=value, where each property and value pair is separated from the next by a comma.
For a Sybase database with a default character set of Roman8, enter the following property: charSet=utf8
customURL Optional. Connection string to the datasource; otherwise connection is made by using host, port, instance, properties, and so on, of the previously entered fields. As an example this is useful for creating Oracle Internet Directory (OID) connections.
dbInstanceAccount Optional. Database Account Login Name (software owner) that is used by CAS
dbInstanceDirectory Optional. Directory where database software is installed and is used by CAS
dbName Optional. For a DB2 or Oracle datasource, enter the schema name. For others, enter the database name.
description Optional. Longer description of the datasource.
host Required. The hostname or the IP address.
name Required. Provides a unique name for the datasource on the system.
owner Required. Identifies the Guardium user account that owns the datasource.
password Optional. Password for owner. If used, user must also be used.
port
Optional (integer). Port number.
serviceName Required for Oracle, Informix®, DB2, and IBM® iSeries. For a DB2 datasource, enter the database name. For others, enter the service name.
severity Optional. Severity Classification (or impact level) for the datasource.
shared Optional (Boolean). Set to true to share with other applications. To share the datasource with other users, you must assign roles from the GUI.
type Required. Identifies the datasource type. For a list of supported datasource types, use the list_db_drivers API command:
For more information, see list_db_drivers.grdapi list_db_driversuser Optional. User for the datasource. If used, password must also be used.
role Optional. One or more user roles that can access the datasource. Separate roles by using a semicolon. environmentTitle Required for cloud database service protection. Account name. region Required for cloud database service protection. The AWS region. objectLimit Required for cloud database service protection with native audit. The maximum number of objects found in the classification process that are added automatically to the list of audited objects. See Cloud database service protection. primaryCollector Relevant for cloud database service protection. The collector that extracts the audit data from the cloud database. Important:- Each of the column names must be included in the Excel spreadsheet and saved as a tab-delimited (.txt) file.
- The Created Datasource name is made up of both the name column and the type column.
- Upload file must be saved as a Column Tab Delimited file type.
- Click Upload.
A message appears displaying the values that are uploaded from the .txt file.
- New: Per file upload (if save file and added New Datasource member(s), these members returns the status of NEW.
- Update: Uploading the same datasource on which you made changes returns an Update status.
- Fail: Displayed failed datasource or errors