What's new in this release

New features, functions, and enhancements.

IBM Security Guardium V11.3

Datasources

You can now create datasources and CAS database instances for Couchbase versions 6.0.4, all versions of 6.5, and 6.6.0. For more information, see Couchbase.

View the creator of a datasource in the Datasource Definitions page and in the datasources report.

Deployment health views
The deployment health table and topology views add support for a traffic metric, data streams, and universal connector. The deployment health dashboard adds a new central manager limits chart showing central manager connections and processes. The chart values are expressed as a percentage of configurable thresholds. For more information, see Deployment health views.
Discovery and classification support for MongoDB
Discover Sensitive Data now includes support for document-type datasource like MongoDB. For more information, see Discover Sensitive Data.
Encryption keys for Logical Volume Management (LVM) disks
If you use encrypted LVM disks, you can now set up a tang server that automatically unlocks each volume of your encrypted disks when you restart your system. You are no longer required to manually enter the encryption key for each disk. For more information, see Encrypted LVMs.
Guardium universal connector
The Guardium universal connector enables Guardium to get data from potentially any data source's native activity logs without using S-TAPs. The Guardium Universal Connector includes support for MongoDB and Amazon S3, requiring minimal configuration. Users can easily develop plug-ins for other data sources, and install them in Guardium. For more information, see Universal connector.
Hadoop with Ranger HDFS
The S-TAP can consume Ranger audits from HDFS. For more information, see Hadoop integration with Ranger HDFS.
Job history
The new job history view provides a Gantt chart that shows when jobs ran, and for how long. The chart supports audit, aggregation, and data mart jobs, and includes information about start and stop times, duration (current, shortest, longest, and average), and task count. For more information, see Viewing job history.
Manage certificates by using Venafi
Use Venafi to generate, install, and manage GUI and GIM certificates automatically in your standalone or central manager environment. For more information, see Managing certificates by using Venafi.
Manage datasource credentials with AWS Secret Manager
Integrate your GuardiumĀ® system with the Amazon Web Services (AWS) Secrets Manager to securely store, manage, rotate, and retrieve credentials for your datasources that use the Amazon Relational Database Service (RDS). For more information, see Managing datasource credentials with AWS Secrets Manager.
S-TAP and GIM dashboard
The S-TAP and GIM dashboard now offers interactive filtering, historical charts, and configurable traffic metrics. For more information, see S-TAP and GIM dashboard.
Watch this video to learn more about enhancements to the S-TAP and GIM dashboard and to the Deployment Health Topology view.
Tagging for policy rules
Guardium now provides predefined policy rule tags and supports custom tagging of rules. Use tags to quickly create and manage policies that are aligned with specific compliance standards, reporting and auditing requirements, and geographies. For more information, see Tagging policy rules.
Vulnerability Assessment

There are 4 new Vulnerability Assessment tests for Db2.

In the Assessment test selections page in the UI, you can now choose to select from either CIS tests or STIG tests. You can also select CVE tests that are greater than or equal to a specific CVSS score.

Windows S-TAP protocol 8
The new S-TAP protocol 8 reduces CPU usage and memory usage. The two S-TAP protocols co-exist and use the same guard_tap.ini configuration file. You can choose the S-TAP protocol for each S-TAP in your system. For more information, see Windows: S-TAP protocol 8.