IBM Support

Release of Guardium Data Protection sniffer patch 12.0p4002

Release Notes


Abstract

This technical note provides guidance for installing IBM Security Guardium Data Protection sniffer patch 12.0p4002, including any new features or enhancements, resolved or known issues, or notices associated with the patch.

Content

Patch information
  • Patch file name: SqlGuard-12.0p4002_Snif_Mar_18_2024.tgz.enc.sig
  • MD5 checksum: 8f44c536e88b844840a244e2b5e9ef8c
Finding the patch 
This is an ad hoc patch and is not available on the IBM Fix Central website.
 
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
Installation
Notes:
  • This universal sniffer patch can be installed on all releases of Guardium 12.x
  • This patch restarts the sniffer process.
Overiew:
  1. Download the patch and extract the compressed package outside the Guardium system.
  2. Pick a "quiet" or low-traffic time  to install the patch on the Guardium system.
  3. Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.  This sniffer patch must be installed across all the appliances such as the central manager, aggregators, and collectors.
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
Enhancements
This patch provides the following enhancements:
Issue key Summary
GRD-80350 Tuples improvements for large group processing.
GRD-80227 Regular groups and tuples improvements in reading.
GRD-78572 Fixes related to logging information in alerts, violations, for example. SQL without values, extrusion values in SQL, etc.  Fix for criteria label.
Resolved issues
This patch resolves the following issues:
Patch Issue key Summary APAR
12.0p4001 -- Patch 12.0p4001 on Fix Central --
12.0p4002 GRD-79295 MSSQL: ALTER TABLE XXX ALTER COLUMN XXX DROP MASKED Caused Parser Error DT260785
GRD-72823 STAP disappearing from STAP control GA18432
Known limitations
This patch contains the following known limitations:
Issue key Summary
GRD-80712
The following issues are present:
  • Correct construct ID not available for alerts.
  • Complete SQL logged in alerts when SLP matches, since information about which specific construct and object was fired is unavailable. Object and verb template variables missing for the same reason.
  • Alert actions should go last in the rule when used with log actions, otherwise the log action is not triggered.
Workaround: these issues will be resolved in an upcoming sniffer release.
GRD-80546
Tuples do not support SQL criteria for requests that come with prepared parser information, for example Db2 for zOS, IMS, feed traffic.
Workaround: these issues will be resolved in an upcoming sniffer release.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
03 April 2024

UID

ibm17145759

Page Feedback