Stream data from Guardium Data
Protection
aggregators and collectors by connecting a Guardium Data
Protection central manager to Guardium
Data Security Center.
Before you begin
Premium This feature is
available only in the Premium edition of Guardium
Data Security Center.
Verify that Guardium
Data Security Center supports the version of
Guardium Data
Protection you are connecting. For more
information, see the planning section.
To open the IBM Security Guardium Data Protection (GDP) integration page,
navigate to the main menu. Open this menu by clicking the main menu icon (
). Then select
and
click the IBM Security Guardium Data Protection (GDP) card.
Procedure
- Read the About information that provides overview for
connecting to a Guardium Data
Protection system. Click
Next to begin.
- Enter the central manager hostname where you want to store the Guardium
Data Security Center root CA certificate, then click
Next.
For example,
my_manager.my_domain.com
.
This hostname is used to provide pre-formatted commands for you throughout the procedure.
Note: You
need access to the Guardium Data
Protection CLI at this
host.
- Follow the indicated steps to store the root CA certificate on the
Guardium Data
Protection central manager and distribute it to
all managed units.
If the root certificate exists, you are prompted to overwrite
it.
- From your terminal, log in to the Guardium Data
Protection CLI by using the provided
SSH command.
For
example,
ssh cli@my_manager.my_domain.com
- Use the provided store certificate CLI command and follow the
prompts to store the certificate.
Important: Commands that are provided later in the procedure assume that you use
gisaascert as the certificate alias. If you use a different alias, you need
to manually update subsequent commands to reflect the change.
For
example,
my_manager.my_domain.com> store certificate keystore trusted console
Please enter a one-word alias to uniquely identify this certificate:
gisaascert
Please paste your Trusted certificate below in PEM encoded format. A certificate in
PEM encoded format should include the '-----BEGIN CERTIFICATE-----' and '-----END
CERTIFICATE-----' tags, as follows:
-----BEGIN CERTIFICATE-----
(Trusted certificate)
-----END CERTIFICATE-----
Once done pasting your certificate, press ENTER followed by CTRL-D to continue.
-----BEGIN CERTIFICATE-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAIEAuFwKZVaqjDWUOo5SbbPsVIReqqTXPST5i08vzt0qRI0WegZ1MG7h
zPZ4NCj8Ts5DXZmU123813YVW8I1lXCl+L6CNy1R71lACzI3UGHmixF/axjVwEBe6aSziv
y7AIy6QZzrq+R7iWI8OW895HDkEv3v5brEqACcM6pchIhhXoEAAAIATvoU5U76FOUAAAAH
c3NoLXJzYQAAAIEAuFwKZVaqjDWUOo5SbbPsVIReqqTXPST5i08vzt0qRI0WegZ1MG7hzP
Z4NCj8Ts5DXZmUMgg813YVW8I1lXCl+L6CNy1R71lACzI3UGHmixF/axjVwEBe6aSzivy7
AIy6QZzrq+R7iWI8OW895HDkEv3v5brEqACcM6pchIhhXoEAAAADAQABAAAAgQCe/zo0Bd
eWjorlKWNrm1XB2ltunjXHVQEmpUedB97xOiMWNn5lI+v3gcVPbt2S9Y7hxZcqwzH9vKhU
95yQ4pMwCUkinDdcNESbiQ0nmxxaMNKDJTQ3+phJ6qC5/pTbssbpiZgyEYBqF0jJD01nZ3
qISy4bPb7svZRBKiUznRyHAQAAAEEAvg4mcBG7WplHQAImqbLWl7e5OxnxY4si5X31RlXA
7aE7ebpZ0Ek55mj92Cq+r3JtJJ6WCJrb1iBHUkWbybe6xQAAAEEA6CFslVdPWSuTrxsOhd
kBMpE7r+n9S2bQaQBFlJfxZezeA78sWuIfwG04WUD/7cKQjoSo/drYJbJBqo4VFPUFsQAA
AEEAy1EZDY87z0AidnKo2GqCiqjnwyW0NLMWhmrEmM8yt5r/0NcKg/6Nsz4ObJvCQNKHXn
IiKk77AN6L1twliAyJ0QAAAAZub25hbWUBAgM=
-----END CERTIFICATE-----
[. . .]
Certificate was added to keystore
Restarting GUI service...
SUCCESS: Certificate imported successfully - Keystore has been updated.
- Use the provided Guardium Data
Protection API
command to distribute the certificate from the central manager to its managed
units.
For
example,
grdapi export_certificate alias=gisaascert host=all_managed force=true restart_gui=true
Warning: This command restarts the user interface on all managed units.
Run the following command to export the certificate without restarting the user
interface.
grdapi export_certificate alias=gisaascert host=all_managed force=true restart_gui=false
The
certificate distribution completes only after you restart the user interface on the managed
units.
For more information, see export certificate in IBM Guardium Data Protection
documentation.
- Click Next to continue.
- Generate or provide an encoded API token, then use it with the Guardium Data
Protection
insights_registration API to register the central manager with Guardium
Data Security Center.
- From your terminal, log in to the Guardium Data
Protection CLI by using the provided
SSH command.
For
example,
ssh cli@my_manager.my_domain.com
- Click Generate token or enter a token of your own to display a
pre-formatted insights_registration
Guardium Data
Protection API command. Run the provided command
to register the central manager with Guardium
Data Security Center.
For
example,
grdapi insights_registration insights_url="https://my.insights.hostname.com" insights_apikey_token="Basic ZmIyNTM5ZGMtMzU2ZC00NmVk123zN2EtMDU3NjMwYjMWNDYyOmZmMmU5N2Y0LTQyYmEtNDQ3MC1hZGM2LTRmZThiOTM3Y2I2NA=="
- Click Finish to complete the
procedure.
What to do next
After successful integration, the Guardium Data
Protection
system is displayed in Guardium
Data Security Center on the
Integrations page. You can complete the following actions:
- You can set up streaming for Guardium Data
Protection
aggregators and collectors. For more information, see Export data from Guardium Data Protection systems.
- You can access the managed units for the central manager by clicking the Central
manager name link in the table. After you access the managed units, you can enable them
if they are disabled.
- To delete a central manager, click its checkbox and then click Delete in
the banner that opens. You can select multiple central managers to delete.
- To edit a central manager, select Edit on the right side of the table
menu.
- To disable all managed units of a central manager without deleting it completely, select
Disable from the right side of the table menu. To enable the managed units,
click the Central manager name link in the table and then enable its managed
units.
- To refresh the list of central managers, click Refresh.
- You can filter the list of central managers by entering match criteria in the Filter
table field.
Note: Guardium
Data Security Center pulls only SQL that is audited by
using the
Log full details rule action. To gain traffic visibility, you must
change your policy to include this action (see
https://www.ibm.com/docs/en/guardium/latest?topic=actions-log-full-details). You can now import historic data by
using Full SQL from
Guardium Data
Protection to
Guardium
Data Security Center.