GuardAPI Datasource Functions
Use these GuardAPI commands to create, list, delete, and update Datasource Functions.
create_datasource
Use this command to define a new datasource.
To create Cloud datasources, refer to GuardAPI Cloud Datasource Functions.
Parameter | Value type | Description |
---|---|---|
application | value list | Required. Identifies the application for which the datasource is being defined. It must be one of the following: Access_policy Application User translation AuditDatabase AuditTask ChangeAuditSystem Classifier CustomDomain DatabaseAnalyzer MonitorValues SecurityAssessment Stap_Verification |
compatibilityMode | Compatibility Mode: Choices are Default or MSSQL 2000. The processor is told what compatibility mode to use when monitoring a table. | |
conProperty | comma separated list of property=value | Optional. Use only if additional connection properties must be included on the
JDBC URL to establish a JDBC connection with this datasource. For a Sybase database with a default character set of Roman8, enter the following property: charSet=utf8 |
customURL | Optional. Connection string to the datasource; otherwise connection is made using host, port, instance, properties, etc. of the previously entered fields. As an example this is useful for creating Oracle Internet Directory (OID) connections. | |
dbInstanceAccount | string | Optional. Database Account Login Name that will be used by CAS |
dbInstanceDirectory | string | Optional. Directory where database software was installed that will be used by CAS |
dbName | string | Optional. For a DB2® or Oracle datasource, enter the schema name. For others, enter the database name. |
description | string | Optional. Longer description of the datasource. |
host | string | Required. Can be the host name or the IP address. |
KerberosConfigName | string | Optional. Name of Kerberos configuration already defined in Guardium system |
name | string | Required. Provides a unique name for the datasource on the system. |
password | string | Optional. Password for user. |
port | integer | Optional. Port number. |
savePassword | boolean | Saves and encrypts your authentication credentials on the Guardium appliance. Required if you are defining a datasource with an application that runs as a scheduled task (as opposed to on demand). When set to yes, login name and password are required. |
serviceName | string | Required for Oracle, Informix®, DB2, and IBM® ISeries. For a DB2 datasource enter the database name, for others enter the service name. |
severity | Optional. Severity Classification (or impact level) for the datasource. | |
shared | boolean | Optional. Set to true to share with other applications. To share the datasource with other users, you will have to assign roles from the GUI. |
type | value list | Required. Identifies the datasource type. Valid values: DB2 DB2 for i DB2 for z/OS Informix MS SQL Server MS SQL Server (DataDirect) MySQL NA Netezza Oracle (DataDirect) Oracle (Service Name) Oracle (SID) PostgreSQL Sybase Sybase IQ Teradata The following can be used when the application is CustomDomain or Classifier: TEXT TEXT:FTP TEXT:HTTP TEXT:HTTPS TEXT:SAMBA |
useKerberos | boolean | Optional. Set to yes to use Kerberos authentication. If yes, KerberosConfigName must be supplied. |
useLDAP | boolean | Optional. Set to yes to use LDAP |
user |
string | Optional. User for the datasource. If used, password must also be used. |
useSSL | boolean | Optional. Set to yes to use SSL authentication. |
Example
grdapi create_datasource type=DB2 name=chickenDB2 password=guardium user=db2inst1 dbName=dn0chick application=Access_policy shared=true port=50000 host=chicken.corp.com
create_test_exception
Use this command to add records to the Tests Exceptions. This effects the behavior for vulnerability assessments, if a test on a specific datasource fails it will check the last record of the test exceptions table for that test/datasource such that if the execution date is contained within the from and to dates of the last record the test will be set to PASS, the recommendation will be set to the explanation (from the exceptions record) and the result text will be set to:
Test passed, based on exception approved by: .... effective from date to date.
Parameter | Value type | Description |
---|---|---|
datasourceName | string | Required. Valid name of a defined datasource. |
testDescription | string | Required. A valid test name within Security Assessments. |
fromDate | Required. Beginning date for when the exception is valid. | |
toDate | Required. Ending date for when the exception is valid. | |
explanation | string | Required. A recommendation as to why the test will pass. |
Example
grdapi create_test_exception datasourceName=ORAPROD5 testDescription="CVE-2009-0997" fromDate="2012-07-01 08:00:00" toDate="2012-07-31 08:00:00" explanation="Currently in testing stage"
list_datasource_by_name
Displays a datasource definition identified by a name.
Parameter | Value type | Description |
---|---|---|
name | string | Required. The datasource name. |
api_target_host | string |
Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to the unit on which command is executed. Valid values:
Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. |
Example
CLI> grdapi list_datasource_by_name name=chickenDB2
ID=20000
Datasource DatasourceId=20000
Datasource DatasourceTypeId=2
Datasource Name=chickenDB2
Datasource Description=null
Datasource Host=chicken.corp.com
Datasource Port=50000
Datasource ServiceName=
Datasource UserName=db2inst1
Datasource Password=[B@1415de6
Datasource PasswordStored=true
Datasource DbName=dn0chick
Datasource LastConnect=null
Datasource Timestamp=2008-04-18 15:40:58.0
Datasource ApplicationId=2
Datasource Shared=true
Datasource ConProperty=null
Datasource type =DB2
Application Type = Access_policy
ok
list_datasource_by_id
Displays a datasource definition identified by an ID key.
Parameter | Value type | Description |
---|---|---|
id | integer | Required. The ID number of the datasource to be listed. |
api_target_host | string |
Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to the unit on which command is executed. Valid values:
Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. |
Example
grdapi list_datasource_by_id id=2
delete_datasource_by_name
Deletes the specified datasource definition, unless that datasource is being used by an application. This function removes the datasource, regardless of who created it.
Parameter | Value type | Description |
---|---|---|
name | string | Required. The datasource name. |
api_target_host | string |
Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to the unit on which command is executed. Valid values:
Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. |
Example
grdapi delete_datasource_by_name name=swanSybase
delete_datasource_by_id
Deletes the specified datasource definition, unless that datasource is being used by an application. This function removes the datasource, regardless of who created it.
Parameter | Value type | Description |
---|---|---|
id | integer | Required. The ID number of the datasource to be listed. |
api_target_host | string |
Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to the unit on which command is executed. Valid values:
Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. |
Example
grdapi delete_datasource_by_id id=2
update_datasource_by_name
Updates a datasource definition.
Parameter | Value type | Description |
---|---|---|
name |
string | Required. Identifies the datasource to be updated. |
newName |
string | Optional. Provides a new name, which must be unique for a datasource on the system. |
description |
string | Optional. Longer description of the datasource. |
host |
string | Optional. Can be the host name or the IP address. |
port |
integer | Optional. Port number. |
savePassword | boolean | Saves and encrypts your authentication credentials on the Guardium appliance. Required if you are defining a datasource with an application that runs as a scheduled task (as opposed to on demand). When set to yes, login name and password are required. |
serviceName |
string | Optional. For an Oracle datasource, enter the service name. |
user |
string | Optional. User for the datasource. If used, password must also be used. |
password |
string | Optional. Password for user. If used, user must also be used. |
dbName |
string | Optional. For DB2 datasources, enter the database name. |
conProperty |
Comma separated list of: property=value | Optional. Use only if additional connection properties must be included on the JDBC URL to establish a JDBC connection with this datasource. For a Sybase database with a default character set of Roman8, enter the following property: CHARSET=utf8 |
dbInstanceAccount |
string | Optional. Database Account Login Name that will be used by CAS |
dbInstanceDirectory |
string | Optional. Directory where database software was installed that will be used by CAS |
shared |
boolean | Optional. Set to true to share with other applications. To share the datasource with other users, you will have to assign roles from the GUI. |
customURL |
string | Optional. Connection string to the datasource; otherwise connection is made using host, port, instance, properties, etc. of the previously entered fields. As an example this is useful for creating Oracle Internet Directory (OID) connections. |
severity |
Optional. Severity Classification (or impact level) for the datasource. |
|
api_target_host |
string |
Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to the unit on which command is executed. Valid values:
Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. |
useKerberos | boolean | Optional. Set to yes to use Kerberos authentication. If yes, KerberosConfigName must be supplied. |
useLDAP | boolean | Optional). Set to yes to use LDAP |
useSSL | boolean | Optional. Set to yes to use SSL authentication. |
Example
grdapi update_datasource_by_name name=chickenDB2 newName="chicken DB2" user=" " password=" "
update_datasource_by_id
Updates a datasource definition.
Parameter | Value type | Description |
---|---|---|
id | integer | Required. Identifies the datasource. |
newName | string | Optional. Provides a new name, which must be unique for a datasource on the system. |
description | string | Optional. Longer description of the datasource. |
host | string | Optional. Can be the host name or the IP address. |
port | integer | Optional. Port number. |
savePassword | boolean | Saves and encrypts your authentication credentials on the Guardium appliance. Required if you are defining a datasource with an application that runs as a scheduled task (as opposed to on demand). When set to yes, login name and password are required. |
serviceName | string | Optional. For an Oracle datasource, enter the service name. |
user | string | Optional. User for the datasource. If used, password must also be used. |
password | string | Optional. Password for user. If used, user must also be used. |
dbName | string | Optional. For DB2 datasources, enter the database name. |
conProperty | Comma separated list of property=value | Optional. Use only if additional connection properties must be included on the
JDBC URL to establish a JDBC connection with this datasource. For a Sybase database with a default character set of Roman8, enter the following property: CHARSET=utf8 |
dbInstanceAccount | string | Optional. Database Account Login Name that will be used by CAS |
dbInstanceDirectory | string | Optional. Directory where database software was installed that will be used by CAS |
shared | boolean | Optional. Set to true to share with other applications. To share the datasource with other users, you will have to assign roles from the GUI. |
customURL | string | Optional. Connection string to the datasource; otherwise connection is made using host, port, instance, properties, etc. of the previously entered fields. As an example this is useful for creating Oracle Internet Directory (OID) connections. |
severity | Optional. Severity Classification (or impact level) for the datasource. | |
api_target_host | string |
Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to the unit on which command is executed. Valid values:
Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. |
useKerberos | boolean | Optional. Set to yes to use Kerberos authentication. If yes, KerberosConfigName must be supplied. |
useLDAP | boolean | Optional. Set to yes to use LDAP |
useSSL | boolean | Optional. Set to yes to use SSL authentication. |
Example
grdapi update_datasource_by_id id=20000 user=" " password=" " newName="chickenDB2hooo"
list_db_drivers
List only the name of database drivers Oracle (DataDirect) and MS SQL SERVER (DataDirect) are now supported as datasource types.
list_db_drivers_by_details
Lists each database driver in more details (name, class, driver class, URL, and datasource type ID)