Creating a datasource definition
A datasource is a database connection that is created and configured for use with Guardium® applications such as Vulnerability Assessment and classifier. A datasource can be created by using the Datasource Definitions tool or by creating and uploading a CSV file by using the Customer Uploads tool in the Guardium user interface. You can also create a datasource by using Guardium APIs.
Before you begin
Ensure that the Guardium user has the privileges that are necessary to access the database. To assign database access privileges to a user, the database administrator must download and run a set of scripts on the database server. For more information, see Database privileges for vulnerability assessments and classification.
About this task
- Open the Datasource Definitions tool by clicking .
- Click the Datasources tab.
- Click to open the Create datasource window. The inputs vary depending on your choice of application, database type, and datasource.
- Select an Application type.
- Enter a unique name for the datasource.
- From the Database type menu, select the database or type of file.
- Select Share datasource to share the datasource definition across all Guardium applications. If the datasource is not shared, you can use the definition only with the selected application type.
- The authentication protocol depends on your choice of Database
- Select Use SSL and Import server SSL certificate. The Add certificate option is available to datasources that support mutual SSL authentication. The certificate for mutual SSL authentication is added after the datasource configuration is saved.
- To use LDAP authentication, select LDAP and proceed with assigning datasource credentials.
- For Kerberos, pick a predefined Kerberos configuration from the
Kerberos config menu and enter the Realm and
KDC server. Tip: To check whether a Kerberos configuration exists on the Guardium GUI, go to . To create a new Kerberos configuration that defines your KDC and Realm, click .
The login credentials must be a valid Kerberos user ID and password that is also used for certificate authority (CA). Test your Kerberos credentials to ensure that it can be used to log in to the Hive beeline command line.
- Select the appropriate Credential type.
- Choose Assign credentials to manually enter the User name and password for the datasource.
- Choose External password to obtain your password from an external credential management system. Select your credential management application from the External password type menu.
- If credentials are not assigned, choose None.
- Configure the Host name/IP address, Port
number, Database, Connection property, and
Custom URL. If you use Configuration Auditing System (CAS), click Show advanced
and configure the CAS database
instance. Tip: The inputs vary depending on the type of database you are using. For more information, see Configuring your datasource.
- Save the datasource and test the connection. If applicable, add the mutual SSL
authentication certificate by using the Add certificate
button. The certificate is a PEM file that contains both the private key and the certificate. You must include both the BEGIN and END lines for the private key and certificate. You can also install the certificate by using the CLI. For more information, see Installing an appliance certificate.Note: When you test the connection to an SSL datasource for the first time, you might encounter the following error:
The error occurs when the GUI does not have the correct keystore file for the certificate that is loaded into memory. To fix the error, restart the GUI and test the connection again.
Could not connect to: 'jdbc:db2://hostname:port_number/db_name' for user: 'Your_datasource_name_DB2(Security Assessment)'. DataSourceConnectException: Could not connect to: 'Your_datasource_name_ 22.214.171.124:port_number' for user: 'db2inst1'. Exception: com.ibm.db2.jcc.am.DisconnectNonTransientConnectionException: [jcc][t4][4.15.134] A communication error occurred during operations on the connection's underlying socket, socket input stream.