Creating a datasource definition

A datasource is a database connection that is created and configured for use with GuardiumĀ® applications such as Vulnerability Assessment and classifier. A datasource can be created either by using the Datasource Definitions tool or by creating and uploading a CSV file by using the Customer Uploads tool in the Guardium user interface. Use the following procedure to define a datasource by using the Datasource Definitions tool. For more information about creating and uploading a CSV file, see Upload CSV file to create or update datasources.

Before you begin

Ensure that the Guardium user has the privileges that are required to access the database. To assign database access privileges to a user, the database administrator must download and run a set of scripts on the database server. For more information, see Database privileges for vulnerability assessments and classification.

Procedure

  1. Open the Datasource Definitions tool by clicking Setup > Tools and Views > Datasource Definitions.
  2. Click the Datasources tab.
  3. Click new to open the Create datasource window. The inputs vary depending on your choice of application, database type, and datasource.
  4. Select an Application type.
  5. Enter a unique name for the datasource.
  6. From the Database type menu, select the database or type of file.
  7. Select Share datasource to share the datasource definition across all Guardium applications. If the datasource is not shared, you can use the definition only with the selected application type.
  8. The authentication protocol depends on your choice of Database type.
    • Select SSL to import server SSL certificate. The Add certificate button is available to datasources that support mutual SSL authentication. The certificate for mutual SSL authentication is added after the datasource configuration is saved.
    • To use LDAP authentication, select LDAP and proceed with assigning datasource credentials.
    • For Kerberos, pick a predefined Kerberos configuration from the Kerberos config menu and enter the Realm and KDC server.
      Tip: To check whether a Kerberos configuration exists on the Guardium GUI, go to Setup > Tools and Views > Kerberos Configuration. To create a new Kerberos configuration that defines your KDC and Realm, click Add.

      The login credentials must be a valid Kerberos user ID and password that is also used for Certificate Authority (CA). Test your Kerberos credentials to ensure that it can be used to log in to the Hive beeline command line.

  9. Select the appropriate Credential type.
    • Choose Assign credentials to manually enter the User name and password for the datasource.
    • Choose External password to obtain your password from an external credential management system. Select your credential management application from the External password type menu.
    • If credentials are not assigned, choose None.
    Tip:

    To learn more about using CyberArk to manage Guardium datasource credentials, see Managing datasource credentials with CyberArk.

  10. Configure the Host name/IP address, Port number, Database, Connection property, and Custom URL. If you use Configuration Auditing System (CAS), click Show advanced options and configure the CAS database instance.
    Note: The inputs vary depending on the type of database you are using. For more information, see Configuring your datasource.
  11. Save the datasource and test the connection. If applicable, add the mutual SSL authentication certificate by using the Add certificate button.