IBM Security Guardium data mapping

Edit online

The IBM® Security Guardium® Connected Assets and Risk connector incrementally synchronizes the contents of the IBM Security Guardium asset databases with the data that is managed by the Connected Assets and Risk service.

The following table shows the Connected Assets and Risk connector to Guardium data mapping.

Table 1. Guardium data mapping
CAR vertex	CAR field	Guardium field
Database	name	Database name or service name
	type	Database type
	protocol	database protocol
	port	port
	datasource_name	a concatenation of Database_type, IP, and port
vulnerability	name	VA test name
	description	VA test description
	published_on	date/time of the VA scan
	datasource name	the datasource used by VA scan
	version_level	the version of the database
	results_text	text describing the vulnerability
	recommendation	recommended actions of remediate the vulnerability
	severity	severity of the vulnerability
	category	category of the vulnerability
	assessment_description	VA scan description
	result_details	more specific information
User	user_name	DBUser
account	name	DBUser
	total_risk_score
	threat_analytics_score
	violations_score
	vulnerability_score
	sensitive_objects_score
	select_queries_score
	ddl_queries_score
	dml_queries_score
	administrative_queries_score
	high_volume_activity_score
	off_work_activity_score
	group_state_description

The Connected Assets and Risk connector edge to Guardium data mapping is outlined in the following table.

Table 2. Guardium data mapping for CAR edges
CAR Edge	Description
database_ipaddress	An edge between a database and an ipaddress.
tag	The connector creates 4 tags: GDPR, PCI, CCPA, and SENSITIVE.
tag_edge	An edge linking tag to a database.
database_vulnerability	An edge between a vulnerability and the database it was detected on.
user_account	An edge between user and account.
account_ipaddress	An edge between account and ipaddress - this edge contains attributes of Risk spotter findings regarding users' risk score.