How to transfer sensitive data to InfoSphere Discovery

Take sensitive data information, identified and classified in IBM Security Guardium and transfer that information to InfoSphere® Discovery.

Both IBM Guardium and InfoSphere Discovery have the capability to identify and classify sensitive data, such as Social Security Numbers or credit card numbers.

A customer of the IBM Guardium product can use a bidirectional interface to transfer identified sensitive data information from one product to another.

Note: In IBM Guardium , the Classification process is an ongoing process that runs periodically. In InfoSphere Discovery, Classification is part of the Discovery process that usually runs once.
Note: The data will be transferred via CSV files.

The summary of Export/Import procedures is as follows:

Follow these steps:

  1. Export from Guardium - Export Classification Data from IBM Guardium to InfoSphere Discovery
  2. As an admin user in the Guardium® application, go to Tools > Report Building >Classifier Results Tracking > Select a Report > Export Sensitive Data to Discovery (See screenshot).
    Note: Add this report to the UI pane (it is not by default).
    Export, sensitive data to discovery
  3. Click on Customize icon on Report Result screen and specify the search criteria to filter the classification results data to transfer to Discovery.
  4. Run the report and click on Download All Records icon.
  5. Save as CSV and import this file to Discovery according to the InfoSphere Discovery instructions.
  6. Import to Guardium - Import Classification Data from InfoSphere Discovery to IBM Guardium
  7. Export the classification data as CSV from InfoSphere Discovery based on InfoSphere Discovery instructions.
  8. As an admin user in the Guardium application, go to Tools > Report Building >Custom Tables screen, select ClassificationDataImport and click on Upload Data button. (See screenshot).
    Classification Data Import
  9. In Upload Data screen, click on Add Datasource, click on New button, define the CSV file imported from Discovery as new datasource (Database Type = Text). See the following screenshot of CSV Datasource definition.
    Datasource, Definition, CSV, discovery
    Note: Alternatively you can load the data directly from Discovery database if you know how to access the Discovery database and Classification results data.
  10. After defining the CSV as Datasource, click on Add button in Datasource list screen.
  11. In Upload data screen click on Verify Datasource and then Apply.
  12. Click on Run Once Now button to load the data from the CSV.
  13. Go to Report Builder, select Classification Data Import report, Click on Add to Pane to add it to your Portal and then navigate to the report.
  14. Access the Report, click on Customize to set the From/To dates and execute the report.

The report result has the classification data imported from InfoSphere Discovery. Double click to invoke APIs assigned to this report. The data imported from Discovery can be used for the following:

Table 1. CSV Interface signature
Interface Signature Example
Type DB2®
Port 50001
dbName (Schema name for DB2 or Oracle, db name for others) cis_schema
Datasource URL  
TableName MK_SCHED
ColumnName ID_PIN
ClassificationName SSN
RuleDescription Out-of-box algorithm of InfoSphere Discovery
HitRate 70% - not available for export in Guardium Vers. 8.2
ThresholdUsed 60% - not available for export in Guardium Vers. 8.2