Creating an API integration

Create an application programming interface (API) integration to load data sets that are imported from external systems into Guardium® Data Security Center. This data can later be retrieved for data security operations.

Before you begin

To see the various settings, open the main menu by clicking the main menu icon. After opening the menu, click Configurations and then click Integrations. On the Discover tab, select Create API integration.

Procedure

  1. Read the About information and click Next.
  2. Select an existing data set or create a new data set to import external data, and then click Next.
    For information on how to create a data set, see Working with data sets.
  3. In the Configure connection window, follow the on-screen instructions.
  4. Public SSL certificate: Enter the server certificate details (to learn how to obtain an SSL certificate, see Obtaining an SSL certificate).
  5. Select the Authentication type.
    • If you choose Basic, enter your credentials in the Username and Password fields.
    • If you choose Authentication header, enter the Header name and Value for the API key.
    • If you do not require API authentication, choose None.
  6. If you need to specify additional headers for the API key, enter the Header name and Value.
  7. Select True to specify pagination for the API.
    • To retrieve data by records, select Record offset and then specify the limit and offset query parameters.
    • To retrieve data by number of pages, select Page offset and then specify the limit and offset parameters.
  8. Based on the columns that you add when you create a data set, you see additional fields to provide information.
  9. After completing the configuration settings, click Test connection to make sure that the Guardium Data Security Center can connect to the API server.
    The JSON response is displayed on the right side of the window. The following example shows the JSON response with two records from the National Institute of Standards and Technology (NIST) CVE API.
    {
        "resultsPerPage": 2,
        "startIndex": 0,
        "totalResults": 270747,
        "format": "NVD_CVE",
        "version": "2.0",
        "timestamp": "2024-11-20T19:03:24.053",
        "vulnerabilities": [
            {
                "cve": {
                    "id": "CVE-1999-0095",
                    "sourceIdentifier": "cve@mitre.org",
                    "published": "1988-10-01T04:00:00.000",
                    "lastModified": "2019-06-11T20:29:00.263",
                    "vulnStatus": "Modified",
                    "cveTags": [],
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "The debug command in Sendmail is enabled, allowing attackers to execute commands as root."
                        },
                        {
                            "lang": "es",
                            "value": "El comando de depuración de Sendmail está activado, permitiendo a atacantes ejecutar comandos como root."
                        }
                    ],
                    "metrics": {
                        "cvssMetricV2": [
                            {
                                "source": "nvd@nist.gov",
                                "type": "Primary",
                                "cvssData": {
                                    "version": "2.0",
                                    "vectorString": "AV:N\/AC:L\/Au:N\/C:C\/I:C\/A:C",
                                    "accessVector": "NETWORK",
                                    "accessComplexity": "LOW",
                                    "authentication": "NONE",
                                    "confidentialityImpact": "COMPLETE",
                                    "integrityImpact": "COMPLETE",
                                    "availabilityImpact": "COMPLETE",
                                    "baseScore": 10.0
                                },
                                "baseSeverity": "HIGH",
                                "exploitabilityScore": 10.0,
                                "impactScore": 10.0,
                                "acInsufInfo": false,
                                "obtainAllPrivilege": true,
                                "obtainUserPrivilege": false,
                                "obtainOtherPrivilege": false,
                                "userInteractionRequired": false
                            }
                        ]
                    },
                    "weaknesses": [
                        {
                            "source": "nvd@nist.gov",
                            "type": "Primary",
                            "description": [
                                {
                                    "lang": "en",
                                    "value": "NVD-CWE-Other"
                                }
                            ]
                        }
                    ],
                    "configurations": [
                        {
                            "nodes": [
                                {
                                    "operator": "OR",
                                    "negate": false,
                                    "cpeMatch": [
                                        {
                                            "vulnerable": true,
                                            "criteria": "cpe:2.3:a:eric_allman:sendmail:5.58:*:*:*:*:*:*:*",
                                            "matchCriteriaId": "1D07F493-9C8D-44A4-8652-F28B46CBA27C"
                                        }
                                    ]
                                }
                            ]
                        }
                    ],
                    "references": [
                        {
                            "url": "http:\/\/seclists.org\/fulldisclosure\/2019\/Jun\/16",
                            "source": "cve@mitre.org"
                        },
                        {
                            "url": "http:\/\/www.openwall.com\/lists\/oss-security\/2019\/06\/05\/4",
                            "source": "cve@mitre.org"
                        },
                        {
                            "url": "http:\/\/www.openwall.com\/lists\/oss-security\/2019\/06\/06\/1",
                            "source": "cve@mitre.org"
                        },
                        {
                            "url": "http:\/\/www.osvdb.org\/195",
                            "source": "cve@mitre.org"
                        },
                        {
                            "url": "http:\/\/www.securityfocus.com\/bid\/1",
                            "source": "cve@mitre.org"
                        }
                    ]
                }
            },
            {
                "cve": {
                    "id": "CVE-1999-0082",
                    "sourceIdentifier": "cve@mitre.org",
                    "published": "1988-11-11T05:00:00.000",
                    "lastModified": "2008-09-09T12:33:40.853",
                    "vulnStatus": "Analyzed",
                    "cveTags": [],
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CWD ~root command in ftpd allows root access."
                        }
                    ],
                    "metrics": {
                        "cvssMetricV2": [
                            {
                                "source": "nvd@nist.gov",
                                "type": "Primary",
                                "cvssData": {
                                    "version": "2.0",
                                    "vectorString": "AV:N\/AC:L\/Au:N\/C:C\/I:C\/A:C",
                                    "accessVector": "NETWORK",
                                    "accessComplexity": "LOW",
                                    "authentication": "NONE",
                                    "confidentialityImpact": "COMPLETE",
                                    "integrityImpact": "COMPLETE",
                                    "availabilityImpact": "COMPLETE",
                                    "baseScore": 10.0
                                },
                                "baseSeverity": "HIGH",
                                "exploitabilityScore": 10.0,
                                "impactScore": 10.0,
                                "acInsufInfo": false,
                                "obtainAllPrivilege": true,
                                "obtainUserPrivilege": false,
                                "obtainOtherPrivilege": false,
                                "userInteractionRequired": false
                            }
                        ]
                    },
                    "weaknesses": [
                        {
                            "source": "nvd@nist.gov",
                            "type": "Primary",
                            "description": [
                                {
                                    "lang": "en",
                                    "value": "NVD-CWE-Other"
                                }
                            ]
                        }
                    ],
                    "configurations": [
                        {
                            "nodes": [
                                {
                                    "operator": "OR",
                                    "negate": false,
                                    "cpeMatch": [
                                        {
                                            "vulnerable": true,
                                            "criteria": "cpe:2.3:a:ftp:ftp:*:*:*:*:*:*:*:*",
                                            "matchCriteriaId": "30D7F58F-4C55-4D19-984C-79B6C9525BEB"
                                        },
                                        {
                                            "vulnerable": true,
                                            "criteria": "cpe:2.3:a:ftpcd:ftpcd:*:*:*:*:*:*:*:*",
                                            "matchCriteriaId": "1D85A7F5-C187-4707-8681-F96A91F58318"
                                        }
                                    ]
                                }
                            ]
                        }
                    ],
                    "references": [
                        {
                            "url": "http:\/\/www.alw.nih.gov\/Security\/Docs\/admin-guide-to-cracking.101.html",
                            "source": "cve@mitre.org"
                        }
                    ]
                }
            }
        ]
    }
    
    You can import this JSON response into Guardium Data Security Center.
  10. Click Next.
  11. In the Map data window, use the JMESPATH query to map the JSON response to the data set columns in Guardium Data Security Center.
    The following example uses JMESPATH query to map the JSON response from step 9.
    To import the basic information about the CVEs such as id, publishedDate, and description into Guardium Data Security Center by using the API integration, you must use the following aggregation query.
    vulnerabilities[].cve.{id: id, published: publishedDate, description: join('; ', descriptions[].value)}
    To get the aggregation query:
    • Under API response, from the vulnerabilities array, select the cve property.
    • Define the transformed JSON with three properties: id, published, and description.
    • The properties id and published do not require transformation and are ready to use. For cve.descriptions, which is an array that cannot be stored in a single data set column, you need to transform the descriptions property. Use the JMESPATH join operator to concatenate the values in the descriptions property.
    The Aggregated JSON output is as follows:
      {
        "id": "CVE-1999-0095",
        "published": null,
        "description": "The debug command in Sendmail is enabled, allowing attackers to execute commands as root.; El comando de depuración de Sendmail está activado, permitiendo a atacantes ejecutar comandos como root."
      },
      {
        "id": "CVE-1999-0082",
        "published": null,
        "description": "CWD ~root command in ftpd allows root access."
      }
    ]

    Use this aggregated data to map id, published, and description from the Destination column to the corresponding columns in the Source field.

  12. Click Next.
  13. In the Next steps window, click Finish.

Results

To view the data that you imported, navigate to Integrations menu and click Datasets.

What to do next

After you create the API integration, you can create a workflow, where you can setup API import to run on a schedule. For more information see, Creating a workflow.