Connecting to Guardium Data Protection systems

Stream data from Guardium Data Protection aggregators and collectors by connecting a Guardium Data Protection central manager to Guardium Data Security Center.

Before you begin

Premium This feature is available only in the Premium edition of Guardium Data Security Center.

Verify that Guardium Data Security Center supports the version of Guardium Data Protection you are connecting. For more information, see the planning section.

To open the IBM Security Guardium Data Protection (GDP) integration page, navigate to the main menu. Open this menu by clicking the main menu icon (main menu). Then select Connections > Integrations and click the IBM Security Guardium Data Protection (GDP) card.

Procedure

  1. Read the About information that provides overview for connecting to a Guardium Data Protection system. Click Next to begin.
  2. Enter the central manager hostname where you want to store the Guardium Data Security Center root CA certificate, then click Next.
    For example, my_manager.my_domain.com. This hostname is used to provide pre-formatted commands for you throughout the procedure.
    Note: You need access to the Guardium Data Protection CLI at this host.
  3. Follow the indicated steps to store the root CA certificate on the Guardium Data Protection central manager and distribute it to all managed units.
    If the root certificate exists, you are prompted to overwrite it.
    1. From your terminal, log in to the Guardium Data Protection CLI by using the provided SSH command.
      For example,
      ssh cli@my_manager.my_domain.com
    2. Use the provided store certificate CLI command and follow the prompts to store the certificate.
      Important: Commands that are provided later in the procedure assume that you use gisaascert as the certificate alias. If you use a different alias, you need to manually update subsequent commands to reflect the change.
      For example,
      my_manager.my_domain.com> store certificate keystore trusted console
      
      Please enter a one-word alias to uniquely identify this certificate:
      gisaascert
      
      Please paste your Trusted certificate below in PEM encoded format. A certificate in
      PEM encoded format should include the '-----BEGIN CERTIFICATE-----' and '-----END
      CERTIFICATE-----' tags, as follows:
      
      	-----BEGIN CERTIFICATE-----
      	(Trusted certificate)
      	-----END CERTIFICATE-----
      
      Once done pasting your certificate, press ENTER followed by CTRL-D to continue.
      
      -----BEGIN CERTIFICATE-----
      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn
      NhAAAAAwEAAQAAAIEAuFwKZVaqjDWUOo5SbbPsVIReqqTXPST5i08vzt0qRI0WegZ1MG7h
      zPZ4NCj8Ts5DXZmU123813YVW8I1lXCl+L6CNy1R71lACzI3UGHmixF/axjVwEBe6aSziv
      y7AIy6QZzrq+R7iWI8OW895HDkEv3v5brEqACcM6pchIhhXoEAAAIATvoU5U76FOUAAAAH
      c3NoLXJzYQAAAIEAuFwKZVaqjDWUOo5SbbPsVIReqqTXPST5i08vzt0qRI0WegZ1MG7hzP
      Z4NCj8Ts5DXZmUMgg813YVW8I1lXCl+L6CNy1R71lACzI3UGHmixF/axjVwEBe6aSzivy7
      AIy6QZzrq+R7iWI8OW895HDkEv3v5brEqACcM6pchIhhXoEAAAADAQABAAAAgQCe/zo0Bd
      eWjorlKWNrm1XB2ltunjXHVQEmpUedB97xOiMWNn5lI+v3gcVPbt2S9Y7hxZcqwzH9vKhU
      95yQ4pMwCUkinDdcNESbiQ0nmxxaMNKDJTQ3+phJ6qC5/pTbssbpiZgyEYBqF0jJD01nZ3
      qISy4bPb7svZRBKiUznRyHAQAAAEEAvg4mcBG7WplHQAImqbLWl7e5OxnxY4si5X31RlXA
      7aE7ebpZ0Ek55mj92Cq+r3JtJJ6WCJrb1iBHUkWbybe6xQAAAEEA6CFslVdPWSuTrxsOhd
      kBMpE7r+n9S2bQaQBFlJfxZezeA78sWuIfwG04WUD/7cKQjoSo/drYJbJBqo4VFPUFsQAA
      AEEAy1EZDY87z0AidnKo2GqCiqjnwyW0NLMWhmrEmM8yt5r/0NcKg/6Nsz4ObJvCQNKHXn
      IiKk77AN6L1twliAyJ0QAAAAZub25hbWUBAgM=
      -----END CERTIFICATE-----
      
      [. . .]
      
      Certificate was added to keystore
      
      Restarting GUI service...
      
      SUCCESS: Certificate imported successfully - Keystore has been updated.
    3. Use the provided Guardium Data Protection API command to distribute the certificate from the central manager to its managed units.
      For example,
      grdapi export_certificate alias=gisaascert host=all_managed force=true restart_gui=true
      Warning: This command restarts the user interface on all managed units.
      Run the following command to export the certificate without restarting the user interface.
      grdapi export_certificate alias=gisaascert host=all_managed force=true restart_gui=false
      The certificate distribution completes only after you restart the user interface on the managed units.

      For more information, see export certificate in IBM Guardium Data Protection documentation.

  4. Click Next to continue.
  5. Generate or provide an encoded API token, then use it with the Guardium Data Protection insights_registration API to register the central manager with Guardium Data Security Center.
    1. From your terminal, log in to the Guardium Data Protection CLI by using the provided SSH command.
      For example,
      ssh cli@my_manager.my_domain.com
    2. Click Generate token or enter a token of your own to display a pre-formatted insights_registration Guardium Data Protection API command. Run the provided command to register the central manager with Guardium Data Security Center.
      For example,
      grdapi insights_registration insights_url="https://my.insights.hostname.com" insights_apikey_token="Basic ZmIyNTM5ZGMtMzU2ZC00NmVk123zN2EtMDU3NjMwYjMWNDYyOmZmMmU5N2Y0LTQyYmEtNDQ3MC1hZGM2LTRmZThiOTM3Y2I2NA=="
  6. Click Finish to complete the procedure.

What to do next

After successful integration, the Guardium Data Protection system is displayed in Guardium Data Security Center on the Integrations page. You can complete the following actions:

  • You can set up streaming for Guardium Data Protection aggregators and collectors. For more information, see Export data from Guardium Data Protection systems.
  • You can access the managed units for the central manager by clicking the Central manager name link in the table. After you access the managed units, you can enable them if they are disabled.
  • To delete a central manager, click its checkbox and then click Delete in the banner that opens. You can select multiple central managers to delete.
  • To edit a central manager, select Edit on the right side of the table menu.
  • To disable all managed units of a central manager without deleting it completely, select Disable from the right side of the table menu. To enable the managed units, click the Central manager name link in the table and then enable its managed units.
  • To refresh the list of central managers, click Refresh.
  • You can filter the list of central managers by entering match criteria in the Filter table field.
Note: Guardium Data Security Center pulls only SQL that is audited by using the Log full details rule action. To gain traffic visibility, you must change your policy to include this action (see https://www.ibm.com/docs/en/guardium/latest?topic=actions-log-full-details). You can now import historic data by using Full SQL from Guardium Data Protection to Guardium Data Security Center.