Release Notes
Abstract
This technical note provides guidance for installing IBM Guardium Data Protection 12.2, including any new features or enhancements, resolved or known issues, or associated notices.
Content
Download Guardium 12.2
IBM Passport Advantage
On Passport Advantage, you can find the Guardium Product Image - ISO file, licenses, product keys, and manuals. You can download only the products that your site is entitled. If you need assistance to find or download a product from the Passport Advantage site, contact the Passport Advantage team at 800-978-2246 (8:00 AM - 8:00 PM ET) or by email at paonline@us.ibm.com.
IBM Support Fix Central
On Fix Central, you can find upgrades, Guardium Patch Update (GPU) files, individual patches, and the current versions of database agents, such as Software TAP (S-TAP) and Guardium Installation Manager (GIM). If you need assistance to find a product on Fix Central, contact IBM Support.
Install Guardium 12.2
Guardium 12.2 is available as an ISO product image on Passport Advantage. If the downloaded package is in .zip format, extract it outside of the Guardium appliance before you upload or install it. Review the latest version of these release notes just before you install. Install Guardium across all of the appliances, such as the central manager, aggregators, and collectors. For detailed steps, see Installing your Guardium Data Protection system.
Guardium 12.2 is available as an ISO product image on Passport Advantage. If the downloaded package is in .zip format, extract it outside of the Guardium appliance before you upload or install it. Review the latest version of these release notes just before you install. Install Guardium across all of the appliances, such as the central manager, aggregators, and collectors. For detailed steps, see Installing your Guardium Data Protection system.
Note: Clients who use the 12.2 ISO product image to build a G-machine also need to load the special Guardium Database Protection Service (DPS) 12.2 file.
Upgrade to Guardium 12.2
Before you upgrade, confirm that your appliance meets the minimum requirements. Upgrade your firmware to the latest versions provided by your vendor. If you use a Guardium appliance, check Fix Central for the latest firmware.
You can upgrade to Guardium 12.2 from Guardium systems that are running on version 12.0 and later. The best approach for upgrading Guardium depends on the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. See Identifying the correct upgrade path to review upgrade scenarios and identify the correct upgrade path for your Guardium systems. Review the latest version of theses release notes just before you install.
Note: Clients who upgrade also need to load the special Guardium Database Protection Service (DPS) 12.2 file.
Note: The Guardium system will restart during the upgrade process for all of the patch installations, so schedule the upgrades in batches during low database traffic times to minimize audit gaps. Do not reboot the appliance while the patch installations are in progress. Contact IBM Support if there is an issue with patch installation.
Attention
Special Guardium Database Protection Service file (for Vulnerability Assessment only)
The special Guardium Database Protection Service (DPS) file named Guardium_V12_Quarterly_DPS_2025_Q3_20250815.enc (MD5SUM 5f0ff5cba4ef2bef0380f408c6d7bc54) or the latest quarterly Guardium 12.x DPS update from Fix Central must be applied after you upgrade to Guardium 12.2 from versions 11.x, 12.0, or 12.1. Be sure to also check Fix Central for the latest Rapid Response DPS release and apply it after uploading the special file or latest quarterly update.
Guardium Installation Manager
If your Guardium Installation Manger (GIM) agent is not connected after you upgrade your Guardium appliance to 12.2 (and assuming GIM service port 8446 is open), restart tomcat manually from the command-line interface with the restart gui command.
Port requirements
Guardium administrators should close port TCP 8586 if they are not using Guardium Data Security Center.
Transport Layer Security (TLS)
While Guardium supports TLS 1.3, not all add-ons and features currently provide TLS 1.3 support. Until you know that every part of your Guardium system supports TLS 1.3, do not disable TLS 1.2.
New features and enhancements
Active Threat Analytics
- Centralized case investigation and management with ability to add threat categories based on policy rules or threshold alerts directly from the Active Threat Analytics dashboard.
- Detailed view of the observations related to Outlier detections in a case.
- Enhanced monitoring and investigation capabilities with two additional predefined admin reports to identify admin users who access a production database for the first time and those who log in to the database by using multiple client internet protocols.
- Improved case management for high volumes of cases by closing multiple active threat analytics cases simultaneously and automatically closing matching cases from an exclusion list.
- Integration of Risk Spotter to identify and assess risky users from the Active Threat Analytics dashboard.
- Retrieval of detailed Active Threat Analytics cases information with API command get_ata_case_info.
Audit Process Builder
- Option to make comments mandatory before signing off on audit process results.
- User activity audit trial improvements to track updates if for Policy installation, edit and add policies and rules, Upload Modules, Set up by client and GIM Global Parameters.
Baseline configuration
The new baseline configuration feature helps you to establish a standardized set of parameters that serves as a reference point for monitoring your Guardium units. Automate baseline comparisons by scheduling regular evaluations against selected Guardium units, allowing for timely identification and resolution of any deviations.
Certificate management
- Automatic identification of managed units based on common name (CN), subject alternative names (SAN), and wildcards certificates.
- Bulk retrieval of certificate signing requests (CSR) for all managed units from the central manager to manage expiring certificates.
- Certificate distribution status reports.
Compliance monitoring
- Smart assistant for compliance monitoring provides the ability to set up data source vulnerability assessments and alerts for generated regulation policies.
- Compliance regulation templates for National Institute of Standards and Technology (NIST), North American Electric Reliability Corporation (NERC), New York Department of Financial Services (NYDFS), and The Digital Operational Resilience Act (DORA).
Data compliance
- Ability to set up a custom data compliance program with controls to measure your compliance with relevant regulations, standards, and policies, and thresholds to measure the performance of your compliance controls.
- Data compliance hub provides a central view of your compliance posture.
Enterprise hub
- The cross-CM health view feature is renamed to enterprise hub. In Guardium 12.0 and 12.1, the original name remains visible; Guardium versions 12.2 and later display the new name.
- Distribution of configuration profiles can be done from enterprise hub to central managers and managed units.
Executive dashboard
The executive dashboard consolidates critical security metrics into an accessible format, enabling decision-makers to make informed decisions that safeguard the organization's data assets. Use the dashboard for answers to questions about compliance, asset protection, potential data loss, and the strategic value of IBM Guardium.
The Guardium team is planning to implement exciting improvements to the dashboard in subsequent releases. This plan encompasses a suite of engaging enhancements including, but not limited to, customizable features and a variety of cutting-edge charts, ensuring a more dynamic and tailored user experience.
Unified Discovery and Classification
Modern, unified discovery and classification capabilities that allow you to find and protect your cloud environment data, SaaS application data, and on-premises application data. Unified Discovery and Classification is an independent component of Guardium Data Protection that is included with your Guardium Data Protection license.
Internal load balancer
Improved mechanism for preventing data loss on both the S-TAP and managed unit sides by distributing sessions intelligently and ensuring efficient use of managed units. It predicts managed unit load in real time, simplifies configuration, and enhances responsiveness under high load.
Mail encryption
Ability to send encrypted mail messages from Guardium appliance using Secure/Multipurpose Internet Mail Extensions. The messages contain digital signatures to verify origin and integrity, and are encrypted by using Federal Information Processing Standards (FIPS) 140-3 compliant algorithms.
Patch management
The patch management feature is now available on both the central manager and enterprise hub (previously known as cross-CM health view). New in Guardium 12.2 is patch distribution through the patch management page on the central manager (Manage > System View > Patch Management).
Policies
- Ability to uninstall and reinstall security policies on managed units, and a policy from a central manager.
- Ability to update group members without policy changes.
- Additional security incidents detection with session-level policy templates for blind SQL injection detection, encrypted session detection, quantum safety detection (insecure TLS connections), and suspicious administrative activity (start time range) rules.
- New query rewrite (QRW) action with session-level policies.
- Query rewrite verdicts not applied to fully encrypted database instances.
- Session-level policy additions and new criteria, actions support, rule definitions, and tokens.
Proactive Kernel TAP (K-TAP) generation
The Guardium team developed an automated workflow that proactively monitors major Linux kernel vendors, including Red Hat, SUSE, Oracle, and others, and initiates the generation and testing of K-TAP modules for newly released kernels. This automation significantly accelerates K-TAP release cycles, reducing delivery timeframes from approximately two weeks to just a few days in most cases.
Linux-UNIX Software TAP (S-TAP)
- Automatic discovery of MongoDB instances.
- Backup load balancer assignment.
- Custom S-TAP bundles in GIM setup.
- Internal load balancer enhancement.
- Enterprise load balancer support for Oracle Advance Security Option (ASO) traffic.
- Modification of inspection engines with guard-config-update script.
- Option to perform Kerberos session correlation locally.
- Seamless S-TAP upgrade with A-TAP continuity.
For more information about new features and enhancements to the Linux and UNIX S-TAP, GIM, and CAS agents, see their corresponding release notes:
- Guardium Data Protection Linux-UNIX S-TAP 12.2.0.0 r121306
- Guardium Data Protection Linux-UNIX GIM 12.2.0.0 r121306
- Guardium Data Protection Linux-UNIX CAS 12.2.0.0 r121306
Windows Software TAP (S-TAP)
- Internal load balancer enhancement.
- Firewall parameter for database sessions to make progress when all collectors are down: VERDICT_RESUME_DELAY.
- Parameter for Windows PCRE regular expressions: PCRE_REGEX_ENABLED.
For more information about new features and enhancements to Windows agents, see their corresponding release notes:
For more information about new External S-TAP features and enhancements, see the Guardium Data Protection External S-TAP 12.2.1 release notes.
System enhancements
- Support for Apache Solr 9.8.1
- Support for Microsoft Azure as a remote storage option for backup, restore, and data archiving.
- Support for Nutanix Acropolis Hypervisor (AHV) 10.3
- Support for Nutanix Acropolis Operating System (AOS) 7.1
- Support for Red Hat OpenShift Virtualization
- Utilization of Java 17 and support for FIPS 140-3.
Universal connector
- Bulk data source profile configuration templates to create, test, and install multiple data source profiles at once.
- Java Database Connectivity (JDBC) credentials over TLS for Oracle Unified Audit (OUA).
- Enterprise load balancing for universal connectors. Set up group associations for universal connector profiles by using the enterprise load balancer configuration for OUA-based Oracle universal connector.
- Manage Apache Kafka clusters by using cruise control
- New preinstalled universal connector plug-ins:
- OpenSearch over CloudWatch
- Azure Databricks over Event Hub
- Capella over Capella Input
- Trino for Apache Hive
- Additional universal connector plug-ins available for configuration through the central manager workflow:
- Apache Solr over Pub/Sub
- DocumentDB over CloudWatch Logs
- FireStore over Pub/Sub
- GCP Big Query over Pub/Sub
- MongoDB over Mongo Atlas
- MySQL over Pub/Sub
- Neptune over Cloudwatch Logs
- PostgreSQL over Pub/Sub
- Redshift over Cloudwatch Logs
- Redshift over S3
- S3 over SQS
- Spanner over Pub/Sub
- Universal connector fixes are now delivered in cumulative patches separate from Guardium Data Protection appliance bundle patches. When you install Guardium 12.2 (GPU 12.0p200), your universal connector will upgrade to what is included in the GPU only if the universal connector on the system where you are installing GPU 12.0p200 is older than the universal connector that is included in GPU 12.0p200.
User interface modernization
- Modern, refreshed look that enhances usability, such as:
- Tabbed pages that logically organize content, making navigation more intuitive.
- Expandable rows and side panels that reveal details contextually, reducing on-screen clutter.
- Stepped flows and wizard-based forms that break down complex tasks into manageable steps, improving usability.
- Struts-to-modern user interface conversion of the Welcome, Central Management, Global Profile, Anomaly Detection, System, Distribute Report Builder, and Definitions Import/Export pages.
Vulnerability Assessment
- Containerized Vulnerability Assessment Scanner improves the scalability and performance of data source scanning.
- View all Common Vulnerabilities and Exposures (CVEs) fixed in Guardium release 12.0 and later directly on the Guardium CVE Information page.
- Filter CVEs relevant to your patch version by importing CSV files from Nessus or Qualys vulnerability scanner agents to your Guardium system. View the filtered CVE list on the Filtered CVE Information page.
For a complete list of tests and groups added or updated in version 12.2, see Vulnerability Assessment tests and groups in Guardium 12.x. Tests and groups that are added after the release of Guardium version 12.2 will be available in upcoming Quarterly DPS files.
Sniffer updates
The following sniffer patches are included in Guardium 12.2. The latest sniffer patch that is included in Guardium 12.2 is version 12.0p4013. Sniffer patches are cumulative, they contain all previous sniffer patches for that major version.
| Sniffer patch number | Issue key | Summary | APAR |
|---|---|---|---|
12.0p4006 | See release notes for sniffer patch 12.0p4006 | ||
12.0p4007 | See release notes for sniffer patch 12.0p4007 | ||
12.0p4008 | See release notes for sniffer patch 12.0p4008 | ||
12.0p4009 | See release notes for sniffer patch 12.0p4009 | ||
12.0p4011 | See release notes for sniffer patch 12.0p4011 | ||
12.0p4012 | See release notes for sniffer patch 12.0p4012 | ||
12.0p4013 | GRD-108510 | Add alert template variable to include RTTE reasoning for real-time alerts: %%RTTEData |
New supported platforms and databases
Data Activity Monitoring (DAM)
- Milvus
- Oceanbase
- TigerGraph
Linux-UNIX S-TAP
- Amazon Linux 2 and Amazon Linux 2023 (Limited to ARM64 and x86 architectures and has support for Apache Cassandra, MongoDB, MySQL, Oracle (x86 only), and PostgreSQL)
- Apache Cassandra 5.0.2
- DataStax Cassandra DSE 6.9.9
- CockroachDB 25.1.2
- Couchbase 7.6.4
- CounchDB 3.4.2
- EDB Postgres 17.4
- Elasticsearch 8.15.3
- IBM Db2 12.1
- Informix 15.0
- MariaDB 11.5.2
- MongoDB 8.0.8
- MySQL 8.4.2
- Neo4j 2025.08
- PostgreSQL 17.5
- Redis 7.8.2
- SingleStore 8.7.18
- Sybase ASE 16.1
- Teradata 20.0
- Vertica 25.2
- Ubuntu 24 on x86 and s390x
Windows S-TAP
- Couchbase 7.6.3
- CouchDB 3.4.2
- EDB Postgres 17.4
- Elasticsearch 8.15.3
- IBM Db2 12.1
- Informix 15.0
- MaridDB 11.5.2
- MongoDB 8.0.5
- MySQL 8.4.2
- Neo4j 2025.04
- Oracle 23ai Free
- PostgreSQL 17.2
- Sybase ASE 16.1
Vulnerability Assessment
- Amazon DocumentDB 5.x versions Amazon Web Services
- Amazon ElastiCache all versions Amazon Web Services
- Aerospike Graph
- Amazon Neptune Database all versions Amazon Web Services
- Couchbase Capella all versions Couchbase Services
- IBM Db2 13 for z/OS
- Microsoft Azure Cosmos all versions Azure Services
- Microsoft Azure PostgreSQL Flexible Service
- MongoDB 7.0
- Neo4j 5.x, 5.1x, and 5.2x (up to 5.24)
- YugabyteDB all versions Amazon EC2
Most supported platforms information is available in the Guardium Supported Datasources matrix. For all other supported platforms and system requirements information, including Vulnerability Assessment, platforms that are supported by External S-TAP, information about IBM i, and hardware or virtual machine requirements, see System Requirements for Guardium 12.2.
Deprecated commands, platforms, and functionality
Deprecated CLI commands
| Old command | New command |
|---|---|
store unit type cmhealthview | store unit type enterprisehub |
Known limitations and workarounds
| Component | Issue key | Summary |
|---|---|---|
| Apache Solr | GRD-109074 | With the Apache Solr upgrade in Guardium Data Protection 12.2, the old Solr data (from before the upgrade) on central manager and managed units will not be returned on the Quick Search page. This includes units upgraded to 12.2 and units that are at a lower version than the central manager. No workaround is available. |
| Apache Solr | GRD-110065 | Guardium 12.2 does not automatically invoke Apache Solr repair to detect issues in the environment. Workaround: You must manually invoke solr_repair through the command-line interface. |
| Apache Solr | GRD-110083 | If after running grdapi enable_quick_search in some edge cases, the nodes appear down on the quick search UI. Workaround: Run the CLI command store solr rebuild_shards on the central manager. |
| Apache Solr | GRD-110107 | If you register a lower version managed unit after the central manager is upgraded to Guardium 12.2, the Apache Solr certificate is not distributed on the managed unit. Workaround: Manually push patch 1138 to the managed unit to install the Solr certificate. |
| Apache Solr | GRD-110246 | On Guardium 12.2, if you enable or disable FIPS mode on the environment, then Apache Solr may go down on managed units. Workaround: Execute the GuardAPI command restart_solr on impacted managed units. |
| Apache Solr | GRD-110559 | If Apache Solr does not work on managed units after upgrading to Guardium 12.2, run the CLI command store solr rebuild_shards |
| Central manager | GRD-102666 | Due to changes in behavior to TLS enablement in 12.2, if you run the get_secured_protocols_info from a central manager to a managed unit that is still in version 11.x, it may inaccurately show the TLS version if deprecated protocols are enabled. The returned information may not be correct. |
| Central manager | GRD-108384 | During the backup central manager process, when the primary central manager switched back from the secondary central manager, you may receive an “API Connection Failed: Guardium is unable to connect to the server” error on the Data compliance page. Workaround: Restart the feature with the GuardAPI command grdapi restart_data_compliance. |
| Central manager | GRD-108467 | When you run the CLI command grdapi get_secured_protocols_info fullscan=1 in a 12.2 central manager, any 11.5 managed unit will incorrectly report that TLS is configured for versions 1.2 and 1.3 when TLS on the managed unit is actually set for version 1.2 only. |
| Central manager | GRD-108655 | After switch from central manager to backup central manager, the cruise control functionality present in Kafka Cluster Management will not work on the new central manager. |
| Central manager | GRD-110531 | While using the CLI to register an aggregator and collector to the central manager, you might see the message “Fail: Successfully registered unit, logging out of cli session” even when registration is successful. |
| Certificate | GRD-108347 | The CLI command store certificate smime sender only supports SCP or SFTP to import your pfx file into the Guardium appliance. Do not use other options in the list. |
| Compliance monitoring | GRD-106731 | If your data source is configured for the universal connector, only the following data sources are supported in the Compliance Monitoring page: DB2, ORACLE, INFORMIX, MYSQL, MS SQL SERVER, SYBASE, TERADATA, POSTGRESQL, NETEZZA, SAP HANA, and MONGODB. This will be fixed in a future release. |
| CyberArk | GRD-110672 | Before re-installing the CyberArk patch, the corresponding entry for that Guardium system should be removed from the CyberArk vault server and CyberArk needs to be uninstalled. |
| Data compliance | GRD-105573 | If a user imports the data compliance control charts after the threshold is run manually, the system does not display any data in the charts. Workaround: Manually refresh the page. The system will then display data in the charts. |
| Data compliance | GRD-105644 | If you have data compliance enabled and you restart your Guardium system, you may receive an “API Connection Failed: Guardium is unable to connect to the server” error. Workaround: Restart the feature with the command grdapi restart_data_compliance. |
| Data compliance | GRD-105756 | Data compliance is not supported on IPv6-only environments. No workaround is currently available. |
| Data compliance | GRD-108010 | Delayed or rerun Thresholds show today’s age instead of the TO_DATE for the report run. No workaround is currently available. This will be fixed in a future release. |
| Data compliance | GRD-110249 | In rare instances, compliance templates may deploy a threshold without a selected metric or measure column. If this occurs you will see that the threshold and control remains unmeasured for a long period of time after deployment. You can confirm the issue exists by reviewing the threshold settings and observing that there is no selected column for either the measure or the metric. Workaround: To resolve the error, delete the reports the threshold uses, the threshold and the control. Then redeploy the template. |
Data compliance | GRD-110323 | In large environments with busy central managers, it was observed that threshold values may unexpectedly report zero in situations where many other processes ran at the same time as the threshold calculations. Workaround: Until this issue is resolved, users are encouraged to schedule threshold calculation at a time when audit processes and other scheduled jobs are not running. This can be done in Setup > Tools and Views > Threshold Update Job Configuration. |
| Enterprise load balancer | GRD-106684 | Invalid error message displays on the Enterprise Load Balancer Properties page when an out-of-range value is entered for the following properties:
Workaround: Enter valid values. |
| Executive Dashboard | GRD-106494 | IBM DB2 for z/OS and IMS DB do not consistently appear in the Asset Inventory page cards. They will appear if there are active S-TAP for z/OS agents. |
| Executive Dashboard | GRD-109156 | For some times after midnight (00:00) in the date time picker, the calendar refers to the previous day with a period (.) underneath the day’s number instead of the current date. |
| External S-TAP | GRD-110116 | Enterprise load balancer is not supported by External S-TAP. Ensure that enterprise load balancing is not configured on the collector. |
GIM | GRD-74281 | GIM transitional bundles (SHA1) cannot be uploaded to Guardium 12.2 when FIPS mode is on. Workaround: Turn off FIPS mode to upload SHA 1 GIM bundles. |
| GIM | GRD-103379 | When upgrading a GIM client from a major version that supports GIM bundle changes to a major version that does not support GIM bundle changes (versions earlier than 12.2), the GIM Client Status report may display outdated values in the Active Certificate-related columns. Workaround: To avoid seeing outdated certificate values in the report, you can perform a GIM connection reset. This action clears the stale data and refreshes the client status. |
| GIM | GRD-109036 | If your GIM agent is not connected after you upgrade your Guardium appliance to 12.2 (and assuming GIM service port 8446 is open), restart tomcat manually from the command-line interface with the restart gui command. |
| GuardAPI | GRD-104958 | Running GuardAPI commands is not currently supported on Kafka nodes. |
| Guardium Data Security Center and Guardium Insights | INS-59195 | Before upgrading any Guardium Data Protection appliances to 12.x, you should perform the workaround of disabling all the collectors from Guardium Data Security Center and Guardium Insights. Clients will encounter problems if the collectors are still enabled during the upgrade. Workaround:
|
Install | GRD-103896 | During the patch installation process for Guardium 12.2, the following warning message might appear and be added to the patch log: “Warning: The system is configured to read the RTC time in the local time zone.” This is only a warning and the message will disappear after the patch installation is complete. Workaround: Use the CLI command 'timedatectl set-local-rtc 0' to set the real-clock time (RTC) to Coordinated Universal Time (UTC). |
| Linux-UNIX S-TAP | GRD-99873 | S-TAP traffic capture for IBM Db2 on Solaris 5.10 might occasionally be incomplete. As a result, some queries might not be logged and are missing from reports. No workaround is currently available. |
Linux-UNIX S-TAP | GRD-104759 | DataStax Cassandra remote traffic queries are not logged in the Full SQL report when configured with DataStax auditing for a non-existing database. The query is logged in the SQL ERROR report instead. No workaround is currently available. |
| Linux-UNIX S-TAP | GRD-105535 | Oceanbase Oracle mode redaction is not currently supported in Guardium 12.2. |
| Linux-UNIX S-TAP | GRD-106202 | Some login errors may be missed as application-level response errors in HTTP/1 traffic aren't analyzed due to their non-standard nature. Only responses with HTTP/1 500 error codes are recognized as login failures. |
| Linux-UNIX S-TAP | GRD-108710 | Since the following platforms do not support updated SSL ciphers that are required to negotiate a secure connection in FIPS 140-3 mode with a Guardium 12.2 managed unit, aggregator, or stand-alone collector, they must fall back to using an unencrypted connection:
|
Linux-UNIX S-TAP | GRD-109484 | While attempting to create an OceanBase datasource in Oracle mode for S-TAP verification, the connection fails, preventing the datasource from being created successfully. |
| Mail encryption | GRD-106564 | The "Active":true JSON field for ALERTER_SMIME_CONFIG is ignored in favor of the GuardAPI parameter ALERTER_SMIME_ACTIVE to determine whether or not S/MIME is activated. Workaround: Users can control whether S/MIME is on or off by changing ALERTER_SMIME_ACTIVE by calling grdapi from the CLI with the following command: grdapi modify_guard_param paramName=ALERTER_SMIME_ACTIVE paramValue=true. |
| Risk Spotter | GRD-110440 | After applying patch 12.0p125, the dynamic auditing policy setup on Risk Spotter is removed from the UI. Workaround: Go to Active Risk Spotter > Policy and related modules > Dynamic Auditing and select the policy that is installed on the collector from the list. |
| TLS | GRD-108626 | Unable to connect using JDBC credentials over TLS when TLS version 1.3 is enabled, as Oracle 19c Enterprise Edition does not support this TLS version. Workaround: You can use Oracle 23ai database which supports TLS version 1.3. |
| TLS | GRD-110500 | Important: While Guardium supports TLS 1.3, not all add-ons and features currently provide TLS 1.3 support. Until you know that every part of your Guardium system supports TLS 1.3, do not disable TLS 1.2. |
| Universal connector | GRD-103771 | In a Guardium on Oracle Cloud Infrastructure environment, when creating an Apache Kafka cluster through Kafka Cluster Management, the node initialization fails. Workaround: For proper Kafka cluster setup in an Oracle Cloud Infrastructure environment, the correct hostname and domain name are required and should not exceed 64 characters. To find this information, open the Kafka Cluster Management interface, select your virtual machine name, click Networking, and look for the Hostname and Internal FQDN fields. The domain is the string after the hostname. The hostname and domain that are visible on the Networking page are the values you can use when running the CLI commands store system hostname <value> and store system domain <value>. |
| Universal connector | GRD-103946 | After you modify a cluster on the Kafka Cluster Management page, the Kafka Metrics dashboards might initially display 0 for all values. After a delay, the graph values reappear. |
| Universal connector | GRD-105697 | To ensure optimal performance of your enterprise load balancer, it’s important to avoid having unassigned profiles on Guardium. If you currently have any unassigned profiles, follow these steps:
By completing these steps, your profiles are automatically managed within the groups you defined. This eliminates the need for default profiles and ensures there is no additional overhead from managing unassigned profiles. |
| Universal connector | GRD-106690 | When collectors in the Primary group go down, the enterprise load balancer does not assign all available managed units from the Failover group at once. Instead, it allocates them one by one, with some delay between each allocation. This sequential allocation leads to a noticeable delay in recovery when multiple collectors fail at the same time, since the Failover managed units are not brought online simultaneously. |
| Universal connector | GRD-108368 | The deployed status of the installed universal connector profile is seen as "Installing the Profile" on the restored environment for the central management flow. Workaround: Reinstall the problematic universal connector profiles from the Central Manager as follows: 1. Go to Manage > Universal Connector > Datasource Profile Management. 2. Select the problematic universal connector profiles. 3. Click Install > Reinstall. The deployed status is properly visible after reinstallation is complete. |
| Universal connector | GRD-109491 | When creating a universal connector data source profile for Apache Kafka, the profile name must consist of only letters, numbers, underscores (_), or hyphens (-) since it’s also used as the topic name in Kafka. Avoid using any other characters. |
| Universal connector | GRD-110250 | While rebooting a Kafka node machine or its UI, if the central manager is not up and reachable, the Kafka node machine tries to remove itself from an established Kafka cluster. This leads to the instability of the Kafka cluster and potential traffic monitoring loss if universal connectors are active. Workaround: First, start or restart the central manager. After the central manager comes up, verify that the UI is up and running fine. Then boot up the Kafka node machines. |
Universal connector | GRD-110311 | In a large deployment (>50 MUs), correlation alerts defined on the Kafka Cluster might not fire as expected. |
| Universal connector | GRD-86940 | Universal Connector Kafka cluster nodes are not part of backup. This will be fixed in a future patch. |
Unified Discovery and Classification | Custom sensitivities are scanned for on-premises databases only and not for cloud and SaaS instances. Enhancements to expand custom sensitivities to cloud and SaaS will be coming soon. | |
Unified Discovery and Classification | Encrypted connections (SSL) to on-premises databases are not supported in version 1.0. | |
Vulnerability Assessment Scanner | GRD-110361 | Vulnerability Assessment Scanner does not work on Guardium aggregators. The following error message appears if you try to run it on an aggregator: "ERROR DatasourceConnections". This will be fixed in a future release. Workaround: Run the Vulnerability Assessment Scanner only on managed units. |
Resolved issues
| Issue key | Summary | APAR |
|---|---|---|
| GRD-63344 | Oracle Unified Audit (OUA) DB instance information lost after operating system reboot with GIM | GA18052 |
| GRD-71179 | Restart supervisor service INIT start on Solaris 11 servers to avoid S-TAP failing to start after reboot. | DT389799 |
| GRD-74027 | Added DB_NAME for CouchDB to avoid mistaking for Couchbase traffic | DT433671 |
| GRD-78772 | Venafi: Guardium GUI certificate renewal error: "guardium Venafi retrieve script error 80333" trying to import Venafi certificate | DT389660 |
| GRD-78855 | Backup restore didn't restore the SAML and CyberArk configuration from 11.5 to 12 | DT276401 |
| GRD-80164 | "show remotelog test" configured with facility.priority='all.all' only tests using facility.priority='daemon.info' | DT419678 |
| GRD-80679 | Guardium audit process intermittently fails with error:1615; message:Prepared statement needs to be re-prepared | DT421926 |
| GRD-80995 | Couchbase database connection vulnerability assessment with LDAP needs GUI changes | DT379903 |
| GRD-81863 | 100% CPU usage on multiple collectors after 11.0p535 upgrade | DT394196 |
| GRD-81983 | Aggregator GUI is slow and unresponsive | DT395091 |
| GRD-82250 | Guardium cannot classify tables with function-based index on Sybase database [Error Code: 11738] | DT396797 |
| GRD-83569 | Data in RESULT_DETAIL column of table TEST_RESULT_DETAIL is truncated | DT409139 |
| GRD-83572 | Vulnerability Assessment Test ID 394 fails for MongoDB, indicating that authentication is disabled if auth type is x509 (which is a valid authentication type) | DT419687 |
| GRD-83923 | Updated permissions for the GIM service to prevent erroneous warning messages in syslog | |
| GRD-84215 | Cannot upload Guardium Installation Manager modules again | DT395912 |
| GRD-84325 | Audit process not adding partitions in finalSql | DT396467 |
| GRD-84548 | Version 12 grdapi command with --help=true hangs | DT409020 |
| GRD-85220 | logrotate configuration reverts to default after installing bundle patch 11.0p540 or 11.0p545 | DT399828 |
| GRD-85278 | Audit process builder's reordering receivers not taking effect | DT393991 |
| GRD-85772 | Enterprise Load Balancer not relocating S-TAPs when collector database is getting full | DT419735 |
| GRD-86477 | Added support for family of kernels 5.10.0-32.x86_64 | |
| GRD-86523 | Analyzer issue to handle some Teradata Database traffic | DT398866 |
| GRD-86991 | When creating tuple group, unable to add tuple parameters on a Simplified Chinese appliance | DT399735 |
| GRD-86996 | CLI: Unable to set Alerter SNMP traphost by using hostname | DT397016 |
| GRD-87129 | After configuring A-TAP on collector with Oracle Exadata databases, the collector reports a high CPU usage | DT420527 |
| GRD-87135 | Unable to send files from Guardium to COS bucket on IBM Cloud | DT431894 |
| GRD-87282 | EMEA - GUI showing SNMP version 2 but CLI and traffic in SNMP version 3 | DT400637 |
| GRD-87489 | Weak default snif ciphers (TLS_RSA) | DT396934 |
| GRD-87490 | Fixed missing traffic captured by using Ubuntu 22 | DT419779 |
| GRD-87491 | Error 'ORA-00942: table or view does not exist.' from Assessment Test ID 2374 'No Authorization To CREATE ANY LIBRARY Privilege' | DT419661 |
| GRD-87503 | Guardium unable to connect with Oracle databases, getting Java Array error - VA | DT418630 |
| GRD-87529 | Add TUPLE_PARAMETERS table to translation | |
| GRD-87718 | GUI certificate size still running in 1024 bits in central manager | DT422234 |
| GRD-87819 | Duplicated in Group Builder after importing policies with shared groups | TS017242631 |
| GRD-87862 | Add support for family of kernels 5.14.0-284.11.1.el9_2.s390x | |
| GRD-87931 | Cannot overwrite SNMP contact information | DT397398, DT397399 |
| GRD-87951 | EMEA Guardium SYSLOG issue encountered as everything in wait status | DT409085 |
| GRD-88026 | Cloning out of the box reports fails | DT420128 |
| GRD-88033 | Added separate event handles to notify S-TAP when 64-bit and 32-bit database processes start | DT416655 |
| GRD-88120 | Aggregator: Import/Export/Archive failing after bundle patch 545 with "Another aggregation process is currently running" | DT417651 |
| GRD-88200 | Fixed an instability in Microsoft SQL Server instance due to the Correlator Proxy dynamic-link library (DLL). You must reboot the database server to update the Correlator Proxy DLL. | DT398828 |
| GRD-88259 | reset-managed-cli command fails to reset the CLI password on all managed units | DT419826 |
| GRD-88351 | Added support for family of kernels 6.4.0-150600.23.17-default #1 | DT437910 |
| GRD-88364 | CyberArk CLI commands not working as expected | DT438034 |
| GRD-88775 | 'show system hostname' command fails with the "Error: Machine information not found" message | DT409174 |
| GRD-88890 | Backup configuration through SFTP protocol failed with the error message: connection corrupted | DT426747 |
| GRD-89081 | CLI command show port open scans for the open port instead of making an actual connection | |
| GRD-89105 | syslog daemon service (rsyslogd) keeps crashing and stops logging to the messages syslog file | DT409033 |
| GRD-89175 | Fixed session correlation and Kerberos delivery timeouts | DT438267 |
| GRD-89290 | support reset_managed_cli command does not set chage for CLI user | DT409177 |
| GRD-89308 | Version 12.1 managed units do not successfully register to central manager | DT426768 |
| GRD-89310 | GUI login hangs in AWS cloud environment with central manager and managed units | DT419827 |
| GRD-89389 | Removed unnecessary blank lines in guard_tap.ini during OS patching | DT437906 |
| GRD-89466 | Prevent S-TAP instability by ignoring empty traffic messages | DT417031 |
| GRD-89562 | Inconsistent hostname in syslog message header for Guardium sniffer and audit process | DT423305 |
| GRD-89659 | The issue with test report result for Guardium vulnerability assessment scan is Guardium Test ID on MS SQL Server is No Guest User Accounts is erring for all instances | DT419987 |
| GRD-89693 | Change how rsyslogd is started | |
| GRD-89704 | Aggregation/archive log warning | DT420186 |
| GRD-89890 | Adds the option PROCEDURE_OBJECT_FIELD (that can be enabled through the following grdapi command: modify_guard_param) to change sniffer parsing behavior to not explicitly associate non-literal function arguments with function or procedure objects when evaluating object+field policy rule tuple groups and logging | DT418983 |
| GRD-89910 | Guardium version 12.1 central manager still accepts TLS 1.0 and 1.1 connections | DT431893 |
| GRD-89993 | Removed a vulnerable Perl file subject to CVE-2023-7101 vulnerability | DT437925 |
| GRD-90015 | Venafi certifications failing after applying fix p550 | DT416887 |
| GRD-90211 | Unable to add new catalog archive entry on collector | DT421878 |
| GRD-90257 | Some GUI operations, such as editing a report in Query-Report Builder, take several minutes to respond | DT418120 |
| GRD-90468 | Add support for kernel 6.8.0-47-generic.x86_64 | |
| GRD-90524 | Removed repeating S-TAP log message "no free entries" in db2diag | DT438099 |
| GRD-90648 | Guardium Vulnerability Assessment test ID does not show correct value in CURRENT_SCORE_SINCE column | DT424310 |
| GRD-90821 | Unable to capture guard_diag | DT419135 |
| GRD-90866 | Collector GUI down after failed data restore from 10.6 to 11.5 | |
| GRD-90878 | Archive and system back up configuration fails using password-less SSH configuration | |
| GRD-90898 | Incorrect indentation in grdapi list_inspection_engines | DT425742 |
| GRD-90942 | Scheduled Job Exception 'IP Alias creation: An error occurred java.util.IllegalFormatConversionException: d != java.lang.String' after version 12.1 upgrade | DT419702 |
| GRD-90989 | Sending alerts through SMTP fails if the SMTP server supports only NTLM authentication | DT434614 |
| GRD-91695 | Resolved security vulnerability | |
| GRD-91760 | Fixed an issue where Application TAP (A-TAP) did not work for Sybase IQ for Red Hat Enterprise Linux (RHEL) 9 due to a change in libraries | DT437877 |
| GRD-92214 | Issue with adding and updating catalog by using GUI and GuardAPI | DT426077 |
| GRD-92308 | Primary central manager failover policy installation verification change | DT421946 |
| GRD-92349 | Fixed an issue related to possible termination of sessions when Firewall S-Gate is enabled | DT426053 |
| GRD-92530 | Deployment Health Table / Dashboard on the central manager shows unavailable status (blue) for all managed units | DT425251 |
| GRD-92550 | Version 12.1 Certificate Management report shows that patch-signing.cert.pem and patchCA.cert.pem are expiring soon, although version 12.1 installed new certificate files with updated expiration dates | DT424328 |
| GRD-92686 | GuardAPI command to upload custom table is not working when using only data source group is attached to the custom table | DT431864 |
| GRD-92701 | Logged instance points to not logged construct ID | |
| GRD-92780 | Storage of host (bind) variables in the appliance | |
| GRD-92783 | Resolved conflict between S-TAP, Application TAP (A-TAP), and Rubrik by adding preload-libs parameter for a full path to third-party, preinstalled libraries while configuring A-TAP. For more information, see Conflict between IBM Guardium S-TAP and Rubrik. | DT438018 |
| GRD-93189 | Unable to log in to the appliance after configuring multi-factor authentication for DUO on Guardium | DT422702 |
| GRD-93414 | Missing S3 me-central-1 zone during configuration of backup | DT444696 |
| GRD-93684 | For the grdapi change_cli_password, the following error appears: User has insufficient privileges for the requested API function | DT431874 |
| GRD-93729 | After the failover to the backup central manager, the managed units are unable to sync license | DT424816 |
| GRD-93898 | Some /var/IBM/Guardium/data/guard-solr/cloud/ filenames on Guardium collectors showing virtual machine template hostname | |
| GRD-94015 | Managed unit registration to the central manager does not succeed due to mismatch in the strength of the system shared secret | DT424713 |
| GRD-94048 | Fixed an issue where Sybase IQ remote traffic was not captured | DT437930 |
GRD-94202 | Universal connector Neo4j plug-in does not start correctly and reports java.lang.NullPointerException: null | DT443019 |
| GRD-94293 | EMEA - Syslog sending junk messages | DT434622 |
| GRD-94620 | After Enforce allowlist for GUI logins is enabled, Chinese characters for user's First Name and Last Name are displayed as garbage characters in the GUI | DT435753 |
| GRD-94697 | Vulnerability Assessment incorrect reporting on Oracle SYSRAC user after installing DPS 2024 Q4 | |
| GRD-95231 | Web application penetration test findings | |
| GRD-95280 | Custom upload to a custom table with a data source of database type Text:FTP fails | DT433584 |
| GRD-95306 | Solr certificate for version 11.5 expired on 12 January 2025 | DT436468 |
| GRD-96966 | Support for multiple proxies under one federated environment | |
| GRD-97203 | High severity CVEs resolved by removing %GIM%\sppNew\c\bin\openssl.exe | DT435454 |
| GRD-97285 | Valid Teradata SQL with "NOT=" operator caused parser error | DT435869 |
GRD-97313 | Incorrect Couchbase object name (Create/Delete bucket) using universal connector for Couchbase to monitor traffic | DT443092 |
| GRD-97325 | Fixed Teradata parser errors | DT435870 |
| GRD-97815 | Issue with proxy functionality support | |
| GRD-97837 | Windows S-TAP now uses OpenSSL 3.5 | |
| GRD-98757 | Risk Spotter stopped working | DT446409 |
| GRD-99835 | After exporting the role to a target central manager, permissions for the role is different between the source central manager and target central manager | DT439490 |
| GRD-99852 | Fixed an issue of IBM Db2 exit Inspection Engine, updated Discovery to report only one EXIT IE instance per Db2 instance even if there are multiple db2sysc processes. | DT438527 |
| GRD-99996 | Support use of "Alert Only" policy action in the session-level policy to alert either on the request (SQL) or the exception of that request. | |
| GRD-100408 | Unable to access Guardium through GUI | DT448944 |
| GRD-101829 | Error when running multiple grdapi commands at once in batch mode | DT442976 |
| GRD-102117 | Error when trying to generate automatic report from audit process builder to search for information related to a privacy set | DT446590 |
| GRD-102722 | When using the command grdapi list_expiration_dates_for_restored_days to list restored data info, it fails with Returned ERR=3000 | DT444670 |
| GRD-103584 | PostgreSQL universal connector plug-in on GCP configuration failure | |
| GRD-103728 | Change tracker alive task might fail in LD due to lack of alive check concurrency with timeout limit | |
| GRD-103838 | If there are multiple Active Threat Analytics cases in the central manager, collectors now use EI_CASE_ID and sourceUnit (collector hostname) to fetch the record for update | DT446510 |
| GRD-105371 | Bell notification on GUI banner shows "Updates are available" and lists 2 old DPS updates | |
| GRD-105884 | K-TAP Request for 5.14.0-570.25.1.el9_6.s390x Red Hat Enterprise Linux 9.6 (Plow) version 12.1 | DT448777 |
| GRD-108309 | Newly added managed units did not have distributed reports scheduled on them |
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 April 2026
UID
ibm17242908