Asset inventory
IBM Guardium® Insights SaaS provides a unified view where you can manage an inventory of data assets and their associated context information. For example, risk events, vulnerability assessment results, data classification results, business tags, and other related attributes. The broader view of the asset risk information helps you to easily view and identify the critical risks and prioritize mitigation activities.
Premium This feature is available only in the Premium edition of Guardium Insights SaaS.
- Using the public AssetIngestion API
- Through a Kafka pipeline
- Datamart ingestion tables from IBM® Guardium Data Protection and streams.
- Health information of Guardium Data Protection S-TAPs and cloud sources.
- Vulnerability assessment scans and data classification scans from Guardium Data Protection.
Applications such as IBM Guardium DSPM, IBM Guardium AI Security, and IBM Guardium Quantum Safe can use the public AssetIngestion API to ingest assets into the inventory.
Asset types
- Databases
- A collection of interrelated data items in an organized way. For example, MySQL or PostgreSQL.
- Applications
- Software programs that are developed to accomplish specific tasks that the user wants. For example, Instagram or YouTube.
- Endpoints
- The system that is the origin or destination of a session. The endpoints can be physical devices, for example, mobile devices, desktop computers, virtual machines, embedded devices, or servers. An endpoint can also be a URL to access web services that are running on a server.
- Storage
- A functional unit to store the unstructured data. For example, S3 buckets, cloud storage, or file systems. Every storage can be associated with various resources.
- Models
- A set of functions and algorithms that are trained and tested on a data set to provide predictions or decisions. For example, large language models (LLMs).
For more information about Guardium Insights SaaS APIs, see Using the Guardium Insights SaaS API.
Asset definition criteria
- Database of the same type along with IP address, hostname, or a subscription.
- Application that is hosted on an IP address or hostname, or both.
- Application with a subscription.
- Endpoint device with IP address, MAC address, or hostname.
- Storage such as on-prem or cloud storage, with resources hosted on an IP address, hostname, or a subscription.
- Model that is deployed with training data sets.
Asset list view
Use the Asset inventory page to view and manage the assets. The default asset view lists all the assets in the inventory along with their attributes. To access the page, click Asset inventory in the main menu () at the upper left of the page.
- Drill down to view and manage an individual asset. For more information, see Investigating assets and their risk attributes.
- Merge or split assets. For more information, see Asset merging and splitting.
- View and manage tagging rules. For more information, see Creating auto-tagging rules.
- View and manage custom tags. For more information, see Managing tags.
Asset information on the overview dashboard
Dashboard card | Description |
---|---|
New assets identified | Number of assets that are identified through the data ingestion process in the last 24 hours. |
Unmonitored assets | Number of assets that are not monitored for the database traffic. |
Dormant assets | Number of assets that are not active since the last 30 days. |
Untagged assets | Number of assets that are not assigned with any data criticality or business tags. |
Highest asset tag count | Top five asset tags for the selected category. |
Vulnerability trend (last one month) | Trend of open vulnerabilities with severity in different ordinal values such as critical, major, and minor in the last one month. You can view the trend chart for the selected category and tag. |
Assets with open vulnerabilities (last seven days) | Number of open vulnerabilities based on platform and severity. You can view the bar chart for the selected category and tag. |
Classification scan status | Classification scan status for the assets based on compliance category tags. |
Vulnerability scan status | Vulnerability scan status for the assets based on various platforms. You can view the chart for the selected category and tag. |