Creating an API integration
Create an application programming interface (API) integration to load data sets that are imported from external systems into Guardium® Data Security Center. This data can later be retrieved for data security operations.
Before you begin
To see the various settings, open the main menu by clicking the main menu icon. After opening the menu, click Configurations and then click Integrations. On the Discover tab, select Create API integration.
Procedure
- Read the About information and click Next.
- Select an existing data set or create a new data set to import external data, and then
click Next. For information on how to create a data set, see Working with data sets.
- In the Configure connection window, follow the on-screen instructions.
- Public SSL certificate: Enter the server certificate details (to learn how to obtain an SSL certificate, see Obtaining an SSL certificate).
- Select the Authentication type.
- If you choose Basic, enter your credentials in the Username and Password fields.
- If you choose Authentication header, enter the Header name and Value for the API key.
- If you do not require API authentication, choose None.
- If you need to specify additional headers for the API key, enter the Header name and Value.
- Select True to specify pagination for the API.
- To retrieve data by records, select Record offset and then specify the limit and offset query parameters.
- To retrieve data by number of pages, select Page offset and then specify the limit and offset parameters.
- Based on the columns that you add when you create a data set, you see additional fields to provide information.
- After completing the configuration settings, click
Test connection to make sure that the Guardium Data Security Center can connect to the API server. The JSON response is displayed on the right side of the window. The following example shows the JSON response with two records from the National Institute of Standards and Technology (NIST) CVE API.
{ "resultsPerPage": 2, "startIndex": 0, "totalResults": 270747, "format": "NVD_CVE", "version": "2.0", "timestamp": "2024-11-20T19:03:24.053", "vulnerabilities": [ { "cve": { "id": "CVE-1999-0095", "sourceIdentifier": "cve@mitre.org", "published": "1988-10-01T04:00:00.000", "lastModified": "2019-06-11T20:29:00.263", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The debug command in Sendmail is enabled, allowing attackers to execute commands as root." }, { "lang": "es", "value": "El comando de depuración de Sendmail está activado, permitiendo a atacantes ejecutar comandos como root." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N\/AC:L\/Au:N\/C:C\/I:C\/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:eric_allman:sendmail:5.58:*:*:*:*:*:*:*", "matchCriteriaId": "1D07F493-9C8D-44A4-8652-F28B46CBA27C" } ] } ] } ], "references": [ { "url": "http:\/\/seclists.org\/fulldisclosure\/2019\/Jun\/16", "source": "cve@mitre.org" }, { "url": "http:\/\/www.openwall.com\/lists\/oss-security\/2019\/06\/05\/4", "source": "cve@mitre.org" }, { "url": "http:\/\/www.openwall.com\/lists\/oss-security\/2019\/06\/06\/1", "source": "cve@mitre.org" }, { "url": "http:\/\/www.osvdb.org\/195", "source": "cve@mitre.org" }, { "url": "http:\/\/www.securityfocus.com\/bid\/1", "source": "cve@mitre.org" } ] } }, { "cve": { "id": "CVE-1999-0082", "sourceIdentifier": "cve@mitre.org", "published": "1988-11-11T05:00:00.000", "lastModified": "2008-09-09T12:33:40.853", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWD ~root command in ftpd allows root access." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N\/AC:L\/Au:N\/C:C\/I:C\/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ftp:ftp:*:*:*:*:*:*:*:*", "matchCriteriaId": "30D7F58F-4C55-4D19-984C-79B6C9525BEB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ftpcd:ftpcd:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D85A7F5-C187-4707-8681-F96A91F58318" } ] } ] } ], "references": [ { "url": "http:\/\/www.alw.nih.gov\/Security\/Docs\/admin-guide-to-cracking.101.html", "source": "cve@mitre.org" } ] } } ] }
You can import this JSON response into Guardium Data Security Center. - Click Next.
- In the Map data window, use the JMESPATH query to map the JSON
response to the data set columns in Guardium Data Security Center. The following example uses JMESPATH query to map the JSON response from step 9.To import the basic information about the CVEs such as
id
,publishedDate
, anddescription
into Guardium Data Security Center by using the API integration, you must use the following aggregation query.vulnerabilities[].cve.{id: id, published: publishedDate, description: join('; ', descriptions[].value)}
To get the aggregation query:- Under API response, from the
vulnerabilities
array, select thecve
property. - Define the transformed JSON with three properties:
id
,published
, anddescription
. - The properties
id
andpublished
do not require transformation and are ready to use. Forcve.descriptions
, which is an array that cannot be stored in a single data set column, you need to transform thedescriptions
property. Use the JMESPATH join operator to concatenate the values in thedescriptions
property.
The Aggregated JSON output is as follows:{ "id": "CVE-1999-0095", "published": null, "description": "The debug command in Sendmail is enabled, allowing attackers to execute commands as root.; El comando de depuración de Sendmail está activado, permitiendo a atacantes ejecutar comandos como root." }, { "id": "CVE-1999-0082", "published": null, "description": "CWD ~root command in ftpd allows root access." } ]
Use this aggregated data to map
id
,published
, anddescription
from the Destination column to the corresponding columns in the Source field. - Under API response, from the
- Click Next.
- In the Next steps window, click Finish.