Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection 12.1, including any new features or enhancements, resolved or known issues, or associated notices.
Content
Download Guardium 12.1
IBM Passport Advantage
On Passport Advantage, you can find the Guardium Product Image - ISO file, licenses, product keys, and manuals. You can download only the products that your site is entitled. If you need assistance to find or download a product from the Passport Advantage site, contact the Passport Advantage team at 800-978-2246 (8:00 AM - 8:00 PM ET) or by email at paonline@us.ibm.com.
IBM Support Fix Central
On Fix Central, you can find upgrades, Guardium Patch Update (GPU) files, individual patches, and the current versions of database agents, such as S-TAP and Guardium Installation Manager (GIM). If you need assistance to find a product on Fix Central, contact IBM Support.
Install Guardium 12.1
Guardium 12.1 is available as an ISO product image on Passport Advantage. If the downloaded package is in .zip format, extract it outside of the Guardium appliance before you upload or install it. Review the latest version of theses release notes just before you install. Install Guardium across all of the appliances, such as the central manager, aggregators, and collectors. For detailed steps, see Installing your Guardium Data Protection system.
Guardium 12.1 is available as an ISO product image on Passport Advantage. If the downloaded package is in .zip format, extract it outside of the Guardium appliance before you upload or install it. Review the latest version of theses release notes just before you install. Install Guardium across all of the appliances, such as the central manager, aggregators, and collectors. For detailed steps, see Installing your Guardium Data Protection system.
Upgrade to Guardium 12.1
Before you upgrade, confirm that your appliance meets the minimum requirements. Upgrade your firmware to the latest versions provided by your vendor. If you use a Guardium appliance, check Fix Central for the latest firmware.
You can upgrade to Guardium 12.1 from Guardium systems that are running on version 12.0 and later. The best approach for upgrading Guardium depends on the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. See Identifying the correct upgrade path to review upgrade scenarios and identify the correct upgrade path for your Guardium systems. Review the latest version of theses release notes just before you install.
Attention
Patch signing certificate expiration
The patch signing certificate expires March 29, 2025. A modified GPU file is signed with an updated certificate.
(MD5SUM: 57b0c01b0c072a678b9fe6572a7d2b5f. Filename: SqlGuard-12.0p100_GPU_Sep_2024_V12.1.tgz.enc.sig)
Special Guardium Database Protection Service file (for Vulnerability Assessment only)
The Guardium Database Protection Service (DPS) file named Guardium_V12_Quarterly_DPS_2024_Q3_20240827.enc (MD5SUM: ec30454bb5f014eaf3745fb7fe0e5247) must be applied after you upgrade to Guardium 12.1 from versions 11.x or 12.0. Note: This is a Special DPS file for the Guardium 12.1 release. Do not apply it to previous versions of Guardium.
The 12.1 ISO product image on Passport Advantage already includes the information from this Special DPS file, so there is no need to apply any previous Quarterly DPS files. In the future, you can apply the upcoming Quarterly DPS files as usual, starting with 4Q 2024.
Central management metadata changes
Due to access management metadata changes in Guardium 12.1, users may experience limited functionality in the user interface for any managed unit that is running on a lower version. Be sure to upgrade your managed units to version 12.1, or apply the latest bundle, for the lower versions to restore the functionality. There will not be updates for Guardium 11.4 streams and earlier.
New features and enhancements
Central management
- Ability to run database instance discovery with Replace Inspection Engines from within the central manager
- Additional visibility into key Guardium services from central manager
-
Enhanced deployment inventory view that highlights the primary collector (managed unit)
-
Visibility into database discovered instances rules IE_CREATION parameter status
Certificate management
-
Central management for expiring certificates
-
Changes to back up and restore of certificates based on expiration, or whether custom or default
- New entry in keystore under alias 'snif'
Cross-central-manager health views
From the Patch Management user interface on a cross-central manager health view (cross-CM health view) Guardium unit, you can view and update patches for multiple 12.1 and later Guardium Data Protection central managers and their associated managed units. For lower-level central managers to show up in patch management, they must be upgraded to version 12.1 and registered again.
Datasources
Configurable, large datatypes length in classifier for PostgreSQL and Sybase Adaptive Server Enterprise (ASE)
Internal load balancer between S-TAP and Sniffer
The internal load balancer (ILB) assesses data load and helps prevent data loss by proactively forecasting the load on the collector, and by redirecting traffic to another collector to balance the load in near real time.
Policies
- Alert triggering once per request in data security policies with CLI configuration and in session level policies with criteria and action parameter label
- Session-level policy additions, new criteria, new actions support, improvement for custom Tuples, and new security incidents
- Capture of Hadoop cluster name as part of server description field
- Inclusion of all custom tables, domains, and queries when exporting a complete Guardium Data Protection policy
- New security incident policy template for connection quarantine
- Optimization of user interface requests on policy builder user interface
- Verification of Canadian Social Insurance Number (SIN) in data security policies and session-level policies
S-TAP
- Ability to schedule S-TAP diagnostics from the user interface
- Ability to report on S-TAP installed parameters with query report builder
- Added column filters to S-TAP by cluster view for information including status, connectivity, and traffic.
- Enhanced enterprise load balancer graphical user interface
- Enhanced S-TAP verification including IE verification status
- Global session key for improved session uniqueness
- Implementation of Percona for MySQL for S-TAP Control and S-TAP verification
- For more information about new S-TAP features and enhancements, see the IBM Guardium Data Protection Windows Agents 12.1.0.112 and IBM Guardium Data Protection Linux and UNIX Agents 12.1.0.0 r118024 release notes.
System enhancements
- Support for API key to obtain access token for Guardium REST API authentication
- Support for backups to Dell ECS platform by using S3 protocol
-
Upgrade of Apache Solr to version 8.11.3
-
Upgrade of dojo components to resolve CVEs
-
Upgrade of IBM Storage Protect (formerly known as IBM Spectrum Protect and IBM Tivoli Storage Manager) to version 8.1.23
Universal Connector and Apache Kafka integration
Multiple kafka-node managed units can be configured together to create a kafka-cluster to support Universal Connector and Kafka integration.
- Ability to exclude or specify Microsoft SQL to be scanned
- Addition of Security Technical Implementation Guide (STIG) Oracle Database 19c benchmark
- Available tests report filters by CIS, CVE, APAR , CAS-based, JDBC-based, and user-defined-JDBC-based
- Addition of test severity level to the SCAP XML Export
- CIS Microsoft SQL Server 2022 1.0 benchmark support
- Entitlement reports for CockroachDB
- Performance enhancement between central manager and managed units
- Purge of older DPS history for older, major release versions
- Scanning for Amazon Aurora PostgreSQL
- Support for namespaces with HashiCorp Vault integration
- Support of multi-tenancy for Oracle 19c pluggable databases (PDB)
- For a complete list of tests and groups added or updated in version 12.1, see Vulnerability Assessment tests and groups in Guardium 12.x. Tests and groups that are added after the release of Guardium version 12.1 will be available in upcoming Quarterly DPS files.
Sniffer updates
The following sniffer patches are included in Guardium 12.1. The latest sniffer patch patch that is included in Guardium 12.1 is version 12.0p4005.
| Sniffer patch number | Issue key | Summary | APAR |
|---|---|---|---|
|
12.0p4000
|
|||
|
12.0p4001
|
|||
|
12.0p4002
|
|||
|
12.0p4003
|
|||
|
12.0p4004
|
GRD-77365
|
Some expected Microsoft SQL Server queries not logged on collector
|
DT382325
|
|
GRD-82553
|
Successful Microsoft SQL Server ALTER PROCEDURE statement caused PARSER_ERROR
|
DT386758
|
|
|
GRD-83434
|
Sniffer crashing due to record larger than 64,000 characters with AWS feed traffic
|
DT391328
|
|
|
GRD-84172
|
Query rewrite issue on count(*) with IBM Db2 SQL query
|
DT391634
|
|
|
12.0p4005
|
GRD-86720
|
Fix certificate negotiation for IBM Db2 for z/OS
|
New supported platforms and databases
Data Activity Monitoring (DAM)
- Amazon Redshift
- Amazon Relational Database Service (RDS) for SQL Server
- OpenSearch
- Percona for MySQL
- YugabyteDB
Linux-UNIX S-TAP
- Apache Cassandra 4.1.3
- Apache CouchDB 3.3.2
- CockroachDB v.23.2.0
- Debian 12
- Elasticsearch 8.10.4
- VMware Greenplum 7
- MariaDB 11.2.0
- MongoDB 7.0.1
- MySQL 8.3.0
- Neo4j 5.15
- OCI Support for OUA
- OpenSearch 2.11.1
- OpenText Vertica 24.1
- Oracle Database 23ai on Oracle Cloud Infrastructure
- Oracle Solaris SPARC (for Guardium File Activity Monitor (FAM) only)
- Percona for MySQL 8.0
- PostgreSQL 16
- SAP HANA 2.0 SPS 07
- SUSE Linux Enterprise Server 15 SP5
- YugabyteDB 2.20.5.0
Windows S-TAP
- Apache CouchDB 3.3.2
- Elasticsearch 8.10.4
- MariaDB v.11.2.0
- MongoDB 7.0.1
- MySQL 8.3.0
- Neo4j 5.15
- PostgreSQL 16
Vulnerability Assessment
- Amazon DynamoDB all versions Amazon Web Services
- CockroachDB 23.2, 24.1 (On-Premises and on Amazon EC2)
Deprecated commands, platforms, and functionality
Deprecated CLI commands
| Old command | New command |
|---|---|
| store cert_key sniffer | store certificate sniffer console |
|
restore cert_key sniffer <backup | default>
|
restore certificate sniffer
|
|
store storage centera
|
store storage ecs |
| import file (centera choice) | import file (ecs new choice) |
|
store system signature [on | off]
|
store openssl_sha1_signature [on|off]
|
Platforms and software that are no longer supported
Dell Centera
Deployment on IBM Cloud is not currently supported in Guardium Data Protection 12.1. If you require support, please submit an idea on the IBM Product Support portal at ideas.ibm.com.
Deprecated functionality
FAM discovery agent (crawler)
Known limitations and workarounds
| Component | Issue key | Summary |
|---|---|---|
|
CAS
|
GRD-86722
|
Store system service disable CAS is not getting preserved after upgrading from 12.0 to 12.1.
Workaround: Run the following command: store system service disable cas
|
|
Central management
|
GRD-82597
|
Patches are listed in the user interface only after the CLI command is run.
Workaround: Run the CLI command show system patch available after the patches are uploaded to the cross-CM health view.
|
|
Central management
|
GRD-85755
|
Different dates are visible for expiring certificates between central manager and managed unit.
|
|
FAM
|
GRD-79768
|
Using FAM is not supported on the Solaris operating system for Linux-UNIX S-TAP versions 12.0 and 12.1. Guardium does not support Transport Layer Security (TLS) 1.3 in Guardium version 12.0 and later on the Solaris operating system.
Workaround: To use a TLS connection on Solaris with FAM, enable TLS 1.2 instead. |
|
FAM
|
GRD-84070
|
For Solaris and AIX, FAM rules may not be applied to certain operations on file descriptors, such as changing the owner or permissions for a file. There is no workaround at this time.
|
|
GIM
|
GRD-74281
|
GIM transitional bundles (SHA1) cannot be uploaded to Guardium 12.1 when FIPS mode is on.
Workaround: Turn off FIPS mode to upload SHA 1 GIM bundles. |
|
FIPS mode
|
GRD-87470
|
When FIPS mode is on, storing certificates using externally generated CSRs fail. This is caused by using legacy mode in OpenSSL, which is disallowed when FIPS mode is turned on.
Workaround: Temporarily disable FIPS mode. |
|
GuardAPI
|
GRD-86727
|
When a backup is taken from the source environment with FIPS ON and TLS 1.2 and restored on 12.1 target environment with TLS default (TLS 1.2, TLS1.3), you will not be able to execute the grdapi enable_fips_tls all=true command to enable TLS 1.2 on the target environment.
Workaround: Execute the command grdapi enable_all_tls all=true.Then, execute the command grdapi enable_fips_tls all=true. |
|
GUC
|
GRD-86812
|
For GUC, observed a discrepancy between version shown on different pages.
|
|
Installing Guardium by using GPU
|
GRD-87500
|
When you run the CLI command show os_version for a 12.1 GPU environment only, the incorrect version will display. Output will show "OS version: Red Hat Enterprise Linux release 9.2", while correct version is actually "Red Hat Enterprise Linux release 9.4". This is only an issue for GPU; ISO will display correctly.
|
|
Installing Guardium by using ISO
|
GRD-80726
|
The following warning message is displayed during ISO installation: "Warning: Deprecated Driver is detected: 'iptables' will not be maintained in a future major release and may be disabled."
Resolution: Ignore the warning message. Guardium 12.0 and 12.1 use "iptables" even though it's deprecated in RHEL9. |
|
MySQL
|
GRD-87617
|
While the script grdapi enable_fips_tls all=false is going on, the MySQL is not up, so any operations will be interrupted.
Workaround: Users should stay off the machine for the 2-4 minutes it takes for the script to complete. |
|
S-TAP
|
GRD-79759
|
SSL dynamic loading doesn't work on AIX platform.
|
|
S-TAP
|
GRD-85979
|
Redaction does not work with Postgres 16 databases. Some patterns are too wide and result in redaction of packet metadata, which corrupts the stream and causes the session to drop. Currently no known workaround.
|
|
S-TAP
|
GRD-86475
|
Not able to see file activities in File activity. This is related to S-TAP FAM on Linux.
Workaround: Uninstall kpatch. |
|
S-TAP
|
GRD-86946
GRD-87122
|
IBM Db2 instances may experience instability or traffic is not captured after S-TAP 12.1 upgrade from S-TAP 11.5.4.1_r115368_1 or S-TAP 12.0.0.0_r115418_v12_0_1.
Workaround: Stop your database before you upgrade, or restart the database after you upgrade if traffic stopped capturing.
|
|
S-TAP
|
GRD-87414
|
MySQL client hang after enabling query rewrite (QRW) default state 1 and detach query is performed.
Workaround: No workaround is currently available. A fix will be provided in future patches |
|
S-TAP
|
GRD-87461
|
When the Guardium appliance has TLS 1.2 and FIPS enabled, and S-TAP for IBM Db2 for z/OS connects for TLS 1.2 traffic, the S-TAP is unstable.
Workaround: Disable FIPS.
|
|
TLS
|
GRD-86541
|
Unable to log in to UI after restoring a 12.1 (TLS 1.2) backup onto a 12.1 (TLS 1.2, TLS 1.3) environment due to TLS version mismatch due to the TLS setting in the distribution.properties file.
Workaround: You must manually set TLS to TLS 1.2 before enabling FIPS mode. From within the CLI, run grdapi enable_fips_tls all=false to set TLS to TLS 1.2. If you are still unable to login, run the following command sequence within the CLI:
grdapi enable_all_tls all=false
grdapi enable_fips_tls all=false
store system fips on
restart system
|
|
TLS
|
GRD-87148
|
When a backup is taken from the source environment with FIPS OFF and TLS 1.2 is restored on 12.1, the target environment, which was previously with TLS 1.3, then has TLS set to default (TLS 1.2, TLS 1.3).
Workaround: Execute the command grdapi enable_all_tls all=true if you want to set TLS 1.3. |
|
TLS
|
GRD-87205
|
jdk.tls.disabledAlgorithms does not display correct values for TLS in java.security.
|
|
TLS
|
GRD-87213
|
MySQL server goes down after consecutive change in TLS configuration. Unable to log in to UI after restoring a 12.1 (TLS 1.2) backup onto a 12.1 (TLS 1.2, TLS 1.3) environment due to TLS version mismatch with the TLS setting in the distribution.properties file.
Workaround: From within the CLI, run grdapi enable_fips_tls all=false to set TLS to TLS 1.2. If you are still unable to login, run the following command sequence within the CLI: grdapi enable_all_tls all=false
grdapi enable_fips_tls all=false Note: If the grdapi command does not work, file an IBM Support case for a support engineer to review.
|
|
Universal Connector
|
GRD-56968
|
Previously added Universal Connector configuration is added on managed unit after rebuild and re-registration of managed unit to the same central manager.
|
|
Universal Connector
|
GRD-83282
|
Data loss observed when adding and removing Apache Kafka nodes from cluster
Workaround: Minimum of 3 brokers should be used while creating a cluster, if more are required, more must be added before configuring Universal Connectors. |
|
Universal Connector
|
GRD-85764
|
On central manager switch, all Universal Connector profiles and credentials are duplicated.
Workaround: Delete the Universal Connector profiles from the Datasource Profile page. However, credentials cannot be removed. |
|
Universal Connector
|
GRD-86940
|
Universal Connector Kafka cluster nodes are not part of backup.
Workaround: This will be fixed in a future patch. |
|
Universal Connector
|
GRD-87275
|
New template supported in 12.1 for Amazon CloudWatch plugin with RoleARN credentials does not work.
Workaround: If you want to use the New Cloudwatch template, then use access keys and token instead of RoleARN. Or continue to use legacy flow with RoleARN, which is still supported. |
|
Universal Connector
|
GRD-87290
|
If you upgrade from version 12.0 to 12.1, Teradata JDBC traffic is not captured by Universal Connector.
Workaround: On managed unit GUI, restart the Universal Connector from the Universal Connector configuration page.
|
|
Universal Connector
|
GRD-87469
|
In a mixed environment where managed units are at different versions of Guardium prior to 12.1, the Enable/Disable Universal Connector option from the Actions menu on the Datasource Management page will not work.
Workaround: To enable the Universal Connector, run the following command from central manager: grdapi run_universal_connector api_target_host=<host name or IP address of a managed unit>
To disable the Universal Connector, run the following command from central manager: grdapi stop_universal_connector api_target_host=<host name or IP address of a managed unit>
|
|
Universal Connector
|
GRD-87498
|
Universal Connector can be unstable on a FIPS-enabled environment.
Workaround: If Universal Connector stopped working on the FIPS-enabled environment, then perform the following steps:
1. On the managed unit, run grdapi run_universal_connector overwrite_old_instance="true" debug=3
2. From the Data Source Profile page, restart Universal Connector from the Actions menu.
|
|
Universal Connector
|
GRD-87550
|
Universal Connector profiles and credentials are duplicated after every central manager switch.
|
|
Universal Connector
|
GRD-87602
|
If you upgrade from version 12.0 to 12.1, the Apache Kafka functionality in Universal Connector will not work.
Workaround: To use the Kafka functionality in Universal Connector, upgrade your environment to version 12.1 from patch 12.0p20 or any patch above it. |
|
Upgrade
|
GRD-72251
|
The admin-only configuration is not retained after a system backup and restore, or during an upgrade.
Workaround: After completing the restore or upgrade, run the following command from the CLI: grdapi store system admin-only on. A fix will be provided in future patches. |
|
Upgrade
|
GRD-78855
|
If the backup of CyberArk and SAML enabled source environment is restored on to the target environment, then CyberArk and SAML configurations are not retained.
Workaround for SAML: Reconfigure SAML on the target environment after the restore is completed. A fix will be provided in future patches. Workaround for CyberArk: In the restored environment, apply the CyberArk patch and install CyberArk by using the store cyberark install command. A fix will be provided in future patches. |
|
Upgrade
|
GRD-85648
|
CLI commands 'import file' and 'restore backup' are not able to copy a file from a remote server back to Guardium appliance if the remote server password contains a single (') or double (") quotation character. No workaround is available.
|
|
Upgrade
|
GRD-86042
|
11.4 backup is failing to restore on for central manager and AGG.
|
|
Upgrade
|
GRD-86511
|
Import file functionality does not work when there is special character in the directory name.
Workaround: Rename the directory to exclude the special characters and then use the directory that does not have special characters in the name. |
|
Upgrade
|
GRD-87726
|
If ' or \ character is contained in the password for the backup server used in GUI for System backup/Data archive/Result Archive(Audit)/Result Export(Files), the backup or the archive will fail.Workaround: Use a password on the backup server that does not contain ' or \ characters.
|
|
User Custom Tables
|
GRD-85898
|
Data Insert error for custom Table - Snowflake Objects privilege granted with grant option.
|
|
Vulnerability Assessment
|
GRD-87299
|
In Vulnerability Assessment, TEST_ID=2374 'No Authorization To CREATE ANY LIBRARY Privilege' must be run under user ‘sys’ or an error will occur. This will be fixed in a future patch.
|
Resolved issues
| Issue key | Summary | APAR |
|---|---|---|
| GRD-62943 | SMTP authenicator type defaults to NULL when changing the alerter config | GA18437 |
| GRD-65026 | When a CLI password expires and a new password is required, Guardium CLI forces a change of the password twice instead of once | GA18118 |
| GRD-68423 |
Addresses various causes of missing Microsoft SQL Server DB_USERs in reports.
|
DT249847 |
| GRD-69107 | Add more details to consolidated installer output when wrong parameter value is provided for ktap_allow_module_combos | GA18396 |
| GRD-69268 | Audit jobs scheduled to run from Central Manager on aggregators failing to start on time | GA18452 |
| GRD-69999 | Disk usage issues when using Universal Connector due to the /var/lib/docker/overlay2/<hex str>/merged/merged partition growing fast | GA18317 |
| GRD-70493 | While creating a custom domain, "Column 'DS_NAME' in the field list is ambiguous" message is returned. This only applies to "While creating a custom domain that JOIN domains from entitlements...", not generally. | GA18469 |
| GRD-70966 | Aggregator query performance | DT276414 |
| GRD-71296 | Version 11.5 p520 aggregator MySQL occasionally crashed during data archive | GA18454 |
| GRD-71384 | Adv S-TAP Verify: java.lang.Exception: Too many records returned | DT259358 |
| GRD-71840 |
Improved redact function to reduce occurrence of data mismatch that could break data structure.
|
DT249854 |
| GRD-71882 | Purge / Archive uses "flush tables" | GA18456 |
| GRD-72402 | java.sql.SQLException: Timeout error when accessing Management--Module Installation-Setup | GA18494 |
| GRD-72875 | 11.4p470 installation failure | GA18434 |
| GRD-72919 | Alert per session is wrongly triggered for A-TAP traffic | DT260599 |
| GRD-72932 |
Addresses various causes of garbage DB_USERs in reports.
|
DT249848 |
| GRD-73171 | When trying to activate A-TAP, '/' character at the end of value for db_base parameter in guardctl command causes error | GA18476 |
| GRD-73574 | Windows S-TAP library for Db2 might cause IBM Db2 instance crash | DT244227 |
| GRD-73623 | Unable to observe data on "Suspected SQL Injection Cases" | GA18462 |
| GRD-74053 | GIM client can't connect to GIM server by "GimConnector returned with error code 72057594037927935" | DT249842 |
| GRD-74083 | Report generated from the audit process does not provide all results | DT249843 |
| GRD-74093 | Snowflake Vulnerability Assessment report runs for a long time and eventually times out | DT270085 |
| GRD-74437 | Core memory dumps are generated on one of the database servers. This is due to a memory leak in the code that is used to process data from Kerberos cache. | DT260590 |
| GRD-74577 | Unable to open/edit alert - java.lang.NullPointerException | GA18455 |
| GRD-74597 | On the Active Risk Spotter page, "Investigate risky users" does not work | GA18461 |
| GRD-74703 | A custom alert class file failed to send to the repository database | DT386367 |
| GRD-74765 | java.lang.ArrayIndexOutOfBoundsException error when classification is run on some tables | DT270218 |
| GRD-74770 | Oracle Cloud Infrastructure configuration displays empty results when user executes `show network verify`command | GA18464 |
| GRD-74797 | Command cannot stop SLON capture:“support store slon off". It is stuck at: "Please, wait..." status | GA18479 |
| GRD-74831 | Incorrect status for GIM and S-TAP in GIM Server | DT244164 |
| GRD-75080 | When one or more guardcli accounts are disabled, an "Update database failure" error message appears while updating the CLI password in Access Manager | DT259323 |
| GRD-75092 | Unable to import S-TAP/GIM module. "This bundle exists in the Guardium system" error message appears. | DT259584 |
| GRD-75941 | Include TLS version in grdapi get_secured_protocols_info | DT259587 |
| GRD-76012 | Adv S-TAP Verify: java.net.UnknownHostException: <string>: Name or service not known | DT259362 |
| GRD-76256 | Windows S-TAP inactive after upgrade to version 11.5.0.258 | DT249830 |
| GRD-76337 | Unicode REDACT doesn't work with a certain pattern of data | DT255187 |
| GRD-76418 | High CPU causes latency on the Mongo A-TAP application | DT260771 |
| GRD-76624 | In version 11.5, clicking Search users in the Audit process to-do list page returns an error | GA18482 |
| GRD-76913 | Error in disabling custom Java ciphers | DT270396 |
| GRD-76964 | A large number of event ID 5156 "The Windows Filtering Platform has permitted a connection" is reported against Windows S-TAP | DT256988 |
| GRD-76965 | Windows CAS environment variable change is always reflected in 1 hour | DT255445 |
| GRD-76970 | IBM Storage Protect vulnerability mitigation | DT258503 |
| GRD-77003 | Archive fails with error: 18151815; message: "Internal error: Failed to generate partition syntax,MESSAGE_TEXT" | DT277206 |
| GRD-77062 | "Manage login access by IP address" does not block SSH login in version 12.0 | DT249844 |
| GRD-77080 | The database monitor service starts automatically even after setting WSTAP_ENABLED=0 | DT259533 |
| GRD-77309 | Sybase server 15.7 crashes S-TAP 11.5.4.1_r115368 AIX 7.2 TL3 SP3 | DT260803 |
| GRD-77441 | Importing Windows GIM and S-TAP bundles resulted in the "Unexpected error occurred. Contact the system administrator during import" message | DT276407 |
| GRD-77451 | Windows OS crash by correlator.sys (version 11.4.0.258), Bug Check 0xC2 | DT259462 |
| GRD-77510 | Sybase segmentation fault after A-TAP activation | GA18498 |
| GRD-77523 | Show alias option does not work for Health Deployment table | GA18499 |
| GRD-77579 | Resource deployment on Central Manager doesn't show all MongoDB servers (monitored by Unified Connector) | DT276393 |
| GRD-77615 | Deployment Health Table: The disk space status does not get reset after the disk full condition is resolved | DT259580 |
| GRD-77725 | Microsoft SQL Server (DataDirect - Dynamic Port): can't create a data source without specifying the instance name | DT382361 |
| GRD-78249 | Admin/accessmgr reconciliation fails with CyberArk after SAML enable with OKTA | DT270057 |
| GRD-78255 | Discovered database instances not in discovered instances report | DT383111 |
| GRD-78308 | Version 12 failed at post installation action - migrator check | DT276355 |
| GRD-78380 | S-TAP agent not showing up on collector | DT259582 |
| GRD-78417 | Archive fails after deleting scplog.log by using diag utility | DT259993 |
| GRD-78711 | Unhook_calls: restoring original system calls interfering with system restart | DT381623 |
| GRD-78817 | In version 12.0, TLS 1.0 and 1.1 are enabled and cannot be disabled | DT276324 |
| GRD-78855 | Backup restore didn't restore the SAML and CyberArk configuration from version 11.5 to version 12 | DT276401 |
| GRD-79051 | NULL' S-TAP group name in associate S-TAP and managed units appears randomly | DT383379 |
| GRD-79206 | The correlation alert is not triggered despite data-matching criteria | DT270105 |
| GRD-79665 | Export_config command not working | DT380778 |
| GRD-79754 | During restore from backup version 10.6 to version 11.5, Guardium tries to read the archive through an incorrect port (and does not allow modification) | DT276383 |
| GRD-79780 | Error using system backup or data archive to IBM Storage Protect after p535 | DT270368 |
| GRD-80188 | Cannot disable GAM with setting WINSTAP_ENABLEGAM = 0 | DT365798 |
| GRD-80246 | SMTP configuration authentication error mails in WAIT status | DT378190 |
| GRD-80247 | System config backup small size | DT391600 |
| GRD-80264 | The deprecated parameter TCP_ALIVE_MESSAGE still appears in Guard_Tap.ini and product documentation | DT395103 |
| GRD-80324 | Windows S-TAP upgrade to version 11.4_r110400363_1 failed with "Unable to create shortcut(s)" message | DT378640 |
| GRD-80467 | Unified Connector is automatically enabled after restart GUI/Restart System/Restart Network | DT382408 |
| GRD-80710 | Adding any columns from the "Threat case comments" entity to the analytic case observation report removes cases with no comments from the output | DT381232 |
| GRD-81037 | S-TAP on Linux for System z causes server crash on Red Hat 8 s390 | DT383107 |
| GRD-81054 | Updated Perl to 5.38.2 (64-bit) |
DT378448 |
| GRD-81148 | EMEA-Import Job fails on aggregator | DT386513 |
| GRD-81564 | CLI command `support analyze tables` checked table instead of analyzing table | DT382406 |
| GRD-81658 | Since p535 upgrade, IBM Storage Protect archives don't work | DT381371 |
| GRD-81732 | p535 failed on db_patch with error - ALIAS is marked as crashed | DT389544 |
| GRD-81763 | In the Inspection engine configuration page, if two or more inspection engines are added, all of the inspection engines cannot be started or stopped | DT386931 |
| GRD-81825 | Flex Load is broken for SUSE 15 with update 5 | DT382296 |
| GRD-81943 | Version 12.0 Transport Layer Security (TLS) and hidden remote procedure call (RPC) services vulnerability | DT391527 |
| GRD-82017 | Venafi commands fail on versions 11.4 and 11.5 | DT394191 |
| GRD-82128 | S-TAP agent path vulnerability | DT395053 |
| GRD-82299 | Unable to complete the setup of custom GIM certificates managed by Venafi | DT393955 |
| GRD-82469 | In version 12.x, public time servers are coming up and cannot be deleted | DT394146 |
| GRD-82527 | Issue with Central Manger CLI message:"Failed to query server: Connection timed out" | DT392818 |
| GRD-82556 | Code is not working when pushing to group: grdapi export_config type=remotelog | DT391870 |
| GRD-82731 | p1234 needs to be installed more than once on the Central Manager | DT391476 |
| GRD-83014 | The managed unit audit process run stopped after Central Manager "Distribute Uploaded Jar Files" | DT386932 |
| GRD-83222 | Test connection to Apache Cassandra fails with "The native metadata is inconsistent" error | DT393997 |
| GRD-83537 | cli_userauth appliance attempts to renew unix password | DT392817 |
| GRD-83668 | Unable to SSH after installing patch SQL Guard-12.0p15_Bundle_Apr_23_2024 | DT392659 |
| GRD-83801 | GIM bundles show not available status and are missing version data | DT393161 |
| GRD-84011 | Test collector stopped sending policy alerts to user facility | DT394214 |
| GRD-85335 | S-TAP kernel panic during MongoDB upgrade attempt | DT395319 |
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
28 March 2025
UID
ibm17167047