IBM Support

Release of Guardium Data Protection 12.2

Release Notes


Abstract

This technical note provides guidance for installing IBM Guardium Data Protection 12.2, including any new features or enhancements, resolved or known issues, or associated notices.

Content

Download Guardium 12.2
IBM Passport Advantage
On Passport Advantage, you can find the Guardium Product Image - ISO file, licenses, product keys, and manuals. You can download only the products that your site is entitled. If you need assistance to find or download a product from the Passport Advantage site, contact the Passport Advantage team at 800-978-2246 (8:00 AM - 8:00 PM ET) or by email at paonline@us.ibm.com.
IBM Support Fix Central
On Fix Central, you can find upgrades, Guardium Patch Update (GPU) files, individual patches, and the current versions of database agents, such as Software TAP (S-TAP) and Guardium Installation Manager (GIM). If you need assistance to find a product on Fix Central, contact IBM Support.
Install Guardium 12.2 
Guardium 12.2 is available as an ISO product image on Passport Advantage. If the downloaded package is in .zip format, extract it outside of the Guardium appliance before you upload or install it. Review the latest version of these release notes just before you install. Install Guardium across all of the appliances, such as the central manager, aggregators, and collectors. For detailed steps, see Installing your Guardium Data Protection system.
Note: Clients who use the 12.2 ISO product image to build a G-machine also need to load the special Guardium Database Protection Service (DPS) 12.2 file.
Upgrade to Guardium 12.2
Before you upgrade, confirm that your appliance meets the minimum requirements. Upgrade your firmware to the latest versions provided by your vendor. If you use a Guardium appliance, check Fix Central for the latest firmware.
You can upgrade to Guardium 12.2 from Guardium systems that are running on version 12.0 and later.  The best approach for upgrading Guardium depends on the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. See Identifying the correct upgrade path to review upgrade scenarios and identify the correct upgrade path for your Guardium systems. Review the latest version of theses release notes just before you install.
Note: Clients who upgrade also need to load the special Guardium Database Protection Service (DPS) 12.2 file.
Attention
Special Guardium Database Protection Service file (for Vulnerability Assessment only)
The Guardium Database Protection Service (DPS) file named Guardium_V12_Quarterly_DPS_2025_Q3_20250815.enc (MD5SUM 5f0ff5cba4ef2bef0380f408c6d7bc54) must be applied after you upgrade to Guardium 12.2 from versions 11.x, 12.0, or 12.1. Be sure to also check Fix Central and apply the latest Rapid Response DPS release after uploading Guardium_V12_Quarterly_DPS_2025_Q3_20250815.enc.
Guardium Installation Manager 
If your Guardium Installation Manger (GIM) agent is not connected after you upgrade your Guardium appliance to 12.2 (and assuming GIM service port 8446 is open), restart tomcat manually from the command-line interface with the restart gui command.
Port requirements
Guardium administrators should close port TCP 8586 if they are not using Guardium Data Security Center.
Transport Layer Security (TLS)
While Guardium supports TLS 1.3, not all add-ons and features currently provide TLS 1.3 support. Until you know that every part of your Guardium system supports TLS 1.3, do not disable TLS 1.2.
New features and enhancements
Active Threat Analytics
  • Centralized case investigation and management with ability to add threat categories based on policy rules or threshold alerts directly from the Active Threat Analytics dashboard.
  • Detailed view of the observations related to Outlier detections in a case.
  • Enhanced monitoring and investigation capabilities with two additional predefined admin reports to identify admin users who access a production database for the first time and those who log in to the database by using multiple client internet protocols.
  • Improved case management for high volumes of cases by closing multiple active threat analytics cases simultaneously and automatically closing matching cases from an exclusion list.
  • Integration of Risk Spotter to identify and assess risky users from the Active Threat Analytics dashboard.
  • Retrieval of detailed Active Threat Analytics cases information with API command get_ata_case_info.
Audit Process Builder
  • Option to make comments mandatory before signing off on audit process results.
  • User activity audit trial improvements to track updates if for Policy installation, edit and add policies and rules, Upload Modules, Set up by client and GIM Global Parameters.
Baseline configuration
The new baseline configuration feature helps you to establish a standardized set of parameters that serves as a reference point for monitoring your Guardium units. Automate baseline comparisons by scheduling regular evaluations against selected Guardium units, allowing for timely identification and resolution of any deviations.
Certificate management
  • Automatic identification of managed units based on common name (CN), subject alternative names (SAN), and wildcards certificates.
  • Bulk retrieval of certificate signing requests (CSR) for all managed units from the central manager to manage expiring certificates.
  • Certificate distribution status reports.
Compliance monitoring
  • Smart assistant for compliance monitoring provides the ability to set up data source vulnerability assessments and alerts for generated regulation policies.
  • Compliance regulation templates for National Institute of Standards and Technology (NIST), North American Electric Reliability Corporation (NERC), New York Department of Financial Services (NYDFS), and The Digital Operational Resilience Act (DORA).
Data compliance
  • Ability to set up a custom data compliance program with controls to measure your compliance with relevant regulations, standards, and policies, and thresholds to measure the performance of your compliance controls.
  • Data compliance hub provides a central view of your compliance posture.
Enterprise hub
  • The cross-CM health view feature is renamed to enterprise hub. In Guardium 12.0 and 12.1, the original name remains visible; Guardium versions 12.2 and later display the new name.
  • Distribution of configuration profiles can be done from enterprise hub to central managers and managed units.
Executive dashboard
The executive dashboard consolidates critical security metrics into an accessible format, enabling decision-makers to make informed decisions that safeguard the organization's data assets. Use the dashboard for answers to questions about compliance, asset protection, potential data loss, and the strategic value of IBM Guardium.
The Guardium team is planning to implement exciting improvements to the dashboard in subsequent releases. This plan encompasses a suite of engaging enhancements including, but not limited to, customizable features and a variety of cutting-edge charts, ensuring a more dynamic and tailored user experience.
Unified Discovery and Classification
Modern, unified discovery and classification capabilities that allow you to find and protect your cloud environment data, SaaS application data, and on-premises application data. Unified Discovery and Classification is an independent component of Guardium Data Protection that is included with your Guardium Data Protection license.
Internal load balancer
Improved mechanism for preventing data loss on both the S-TAP and managed unit sides by distributing sessions intelligently and ensuring efficient use of managed units. It predicts managed unit load in real time, simplifies configuration, and enhances responsiveness under high load.
Mail encryption
Ability to send encrypted mail messages from Guardium appliance using Secure/Multipurpose Internet Mail Extensions. The messages contain digital signatures to verify origin and integrity, and are encrypted by using Federal Information Processing Standards (FIPS) 140-3 compliant algorithms.
Patch management
The patch management feature is now available on both the central manager and enterprise hub (previously known as cross-CM health view). New in Guardium 12.2 is patch distribution through the patch management page on the central manager (Manage > System View > Patch Management).
Policies
  • Ability to uninstall and reinstall security policies on managed units, and a policy from a central manager.
  • Ability to update group members without policy changes.
  • Additional security incidents detection with session-level policy templates for blind SQL injection detection, encrypted session detection, quantum safety detection (insecure TLS connections), and suspicious administrative activity (start time range) rules.
  • New query rewrite (QRW) action with session-level policies.
  • Query rewrite verdicts not applied to fully encrypted database instances.
  • Session-level policy additions and new criteria, actions support, rule definitions, and tokens.
Proactive Kernel TAP (K-TAP) generation
The Guardium team developed an automated workflow that proactively monitors major Linux kernel vendors, including Red Hat, SUSE, Oracle, and others, and initiates the generation and testing of K-TAP modules for newly released kernels. This automation significantly accelerates K-TAP release cycles, reducing delivery timeframes from approximately two weeks to just a few days in most cases.
Linux-UNIX Software TAP (S-TAP) 
  • Automatic discovery of MongoDB instances.
  • Backup load balancer assignment.
  • Custom S-TAP bundles in GIM setup.
  • Internal load balancer enhancement.
  • Enterprise load balancer support for Oracle Advance Security Option (ASO) traffic.
  • Modification of inspection engines with guard-config-update script.
  • Option to perform Kerberos session correlation locally.
  • Seamless S-TAP upgrade with A-TAP continuity.
For more information about new features and enhancements to the Linux and UNIX S-TAP, GIM, and CAS agents, see their corresponding release notes:
Windows Software TAP (S-TAP) 
  • Internal load balancer enhancement.
  • Firewall parameter for database sessions to make progress when all collectors are down: VERDICT_RESUME_DELAY.
  • Parameter for Windows PCRE regular expressions: PCRE_REGEX_ENABLED.
For more information about new features and enhancements to Windows agents, see their corresponding release notes: 
For more information about new External S-TAP features and enhancements, see the Guardium Data Protection External S-TAP 12.2.1 release notes. 
System enhancements
  • Support for Apache Solr 9.8.1
  • Support for Microsoft Azure as a remote storage option for backup, restore, and data archiving.
  • Support for Nutanix Acropolis Hypervisor (AHV) 10.3
  • Support for Nutanix Acropolis Operating System (AOS) 7.1
  • Support for Red Hat OpenShift Virtualization
  • Utilization of Java 17 and support for FIPS 140-3.
Universal connector
  • Bulk data source profile configuration templates to create, test, and install multiple data source profiles at once. 
  • Java Database Connectivity (JDBC) credentials over TLS for Oracle Unified Audit (OUA).
  • Enterprise load balancing for universal connectors. Set up group associations for universal connector profiles by using the enterprise load balancer configuration for OUA-based Oracle universal connector.
  • Manage Apache Kafka clusters by using cruise control 
  • New preinstalled universal connector plug-ins:
    • OpenSearch over CloudWatch
    • Azure Databricks over Event Hub
    • Capella over Capella Input
    • Trino for Apache Hive
  • Additional universal connector plug-ins available for configuration through the central manager workflow:
    • Apache Solr over Pub/Sub
    • DocumentDB over CloudWatch Logs
    • FireStore over Pub/Sub
    • GCP Big Query over Pub/Sub
    • MongoDB over Mongo Atlas
    • MySQL over Pub/Sub
    • Neptune over Cloudwatch Logs
    • PostgreSQL over Pub/Sub
    • Redshift over Cloudwatch Logs
    • Redshift over S3
    • S3 over SQS
    • Spanner over Pub/Sub
  • Universal connector fixes are now delivered in cumulative patches separate from Guardium Data Protection appliance bundle patches. When you install Guardium 12.2 (GPU 12.0p200), your universal connector will upgrade to what is included in the GPU only if the universal connector on the system where you are installing GPU 12.0p200 is older than the universal connector that is included in GPU 12.0p200.
User interface modernization
  • Modern, refreshed look that enhances usability, such as:
    • Tabbed pages that logically organize content, making navigation more intuitive.
    • Expandable rows and side panels that reveal details contextually, reducing on-screen clutter.
    • Stepped flows and wizard-based forms that break down complex tasks into manageable steps, improving usability.
  • Struts-to-modern user interface conversion of the Welcome, Central Management, Global Profile, Anomaly Detection, System, Distribute Report Builder, and Definitions Import/Export pages. 
Vulnerability Assessment
  • Containerized Vulnerability Assessment Scanner improves the scalability and performance of data source scanning. 
  • View all Common Vulnerabilities and Exposures (CVEs) fixed in Guardium release 12.0 and later directly on the Guardium CVE Information page. 
  • Filter CVEs relevant to your patch version by importing CSV files from Nessus or Qualys vulnerability scanner agents to your Guardium system. View the filtered CVE list on the Filtered CVE Information page.
For a complete list of tests and groups added or updated in version 12.2, see Vulnerability Assessment tests and groups in Guardium 12.x. Tests and groups that are added after the release of Guardium version 12.2 will be available in upcoming Quarterly DPS files.
Sniffer updates
The following sniffer patches are included in Guardium 12.2. The latest sniffer patch that is included in Guardium 12.2 is version 12.0p4013. Sniffer patches are cumulative, they contain all previous sniffer patches for that major version.
Sniffer patch number Issue key Summary APAR
12.0p4006
See release notes for sniffer patch 12.0p4006
12.0p4007
See release notes for sniffer patch 12.0p4007
12.0p4008
See release notes for sniffer patch 12.0p4008
12.0p4009
See release notes for sniffer patch 12.0p4009
12.0p4011
See release notes for sniffer patch 12.0p4011
12.0p4012
See release notes for sniffer patch 12.0p4012
12.0p4013
GRD-108510
Add alert template variable to include RTTE reasoning for real-time alerts: %%RTTEData
New supported platforms and databases
Data Activity Monitoring (DAM)
  • Milvus
  • Oceanbase
  • TigerGraph
Linux-UNIX S-TAP
  • Amazon Linux 2 and Amazon Linux 2023 (Limited to ARM64 and x86 architectures and has support for Apache Cassandra, MongoDB, MySQL, Oracle (x86 only), and PostgreSQL)
  • Apache Cassandra 5.0.2
  • DataStax Cassandra DSE 6.9.9
  • CockroachDB 25.1.2
  • Couchbase 7.6.4
  • CounchDB 3.4.2
  • EDB Postgres 17.4
  • Elasticsearch 8.15.3
  • IBM Db2 12.1
  • Informix 15.0
  • MariaDB 11.5.2
  • MongoDB 8.0.8
  • MySQL 8.4.2
  • Neo4j 2025.08
  • PostgreSQL 17.5
  • Redis 7.8.2
  • SingleStore 8.7.18
  • Sybase ASE 16.1
  • Teradata 20.0
  • Vertica 25.2
  • Ubuntu 24 on x86 and s390x
Windows S-TAP
  • Couchbase 7.6.3
  • CouchDB 3.4.2
  • EDB Postgres 17.4
  • Elasticsearch 8.15.3
  • IBM Db2 12.1
  • Informix 15.0
  • MaridDB 11.5.2
  • MongoDB 8.0.5
  • MySQL 8.4.2
  • Neo4j 2025.04
  • Oracle 23ai Free
  • PostgreSQL 17.2
  • Sybase ASE 16.1
Vulnerability Assessment
  • Amazon DocumentDB 5.x versions Amazon Web Services
  • Amazon ElastiCache all versions Amazon Web Services
  • Aerospike Graph
  • Amazon Neptune Database all versions Amazon Web Services
  • Couchbase Capella all versions Couchbase Services
  • IBM Db2 13 for z/OS
  • Microsoft Azure Cosmos all versions Azure Services
  • Microsoft Azure PostgreSQL Flexible Service
  • MongoDB 7.0
  • Neo4j 5.x, 5.1x, and 5.2x (up to 5.24)
  • YugabyteDB all versions Amazon EC2
Most supported platforms information is available in the Guardium Supported Datasources matrix. For all other supported platforms and system requirements information, including Vulnerability Assessment, platforms that are supported by External S-TAP, information about IBM i, and hardware or virtual machine requirements, see System Requirements for Guardium 12.2.
Deprecated commands, platforms, and functionality
Deprecated CLI commands
Old command New command
store unit type cmhealthview
store unit type enterprisehub
Known limitations and workarounds
Component Issue key Summary
Apache Solr GRD-109074
With the Apache Solr upgrade in Guardium Data Protection 12.2, the old Solr data (from before the upgrade) on central manager and managed units will not be returned on the Quick Search page. This includes units upgraded to 12.2 and units that are at a lower version than the central manager. No workaround is available.
Apache Solr GRD-110065
Guardium 12.2 does not automatically invoke Apache Solr repair to detect issues in the environment.
Workaround: You must manually invoke solr_repair through the command-line interface.
Apache Solr GRD-110083
If after running grdapi enable_quick_search in some edge cases, the nodes appear down on the quick search UI.
Workaround: Run the CLI command store solr rebuild_shards on the central manager.
Apache Solr GRD-110107
If you register a lower version managed unit after the central manager is upgraded to Guardium 12.2, the Apache Solr certificate is not distributed on the managed unit.
Workaround: Manually push patch 1138 to the managed unit to install the Solr certificate.
Apache Solr GRD-110246
On Guardium 12.2, if you enable or disable FIPS mode on the environment, then Apache Solr may go down on managed units.
Workaround: Execute the GuardAPI command restart_solr on impacted managed units.
Apache Solr GRD-110559
If Apache Solr does not work on managed units after upgrading to Guardium 12.2, run the CLI command store solr rebuild_shards
Central manager GRD-102666 Due to changes in behavior to TLS enablement in 12.2, if you run the get_secured_protocols_info from a central manager to a managed unit that is still in version 11.x, it may inaccurately show the TLS version if deprecated protocols are enabled. The returned information may not be correct.
Central manager GRD-108384
During the backup central manager process, when the primary central manager switched back from the secondary central manager, you may receive an “API Connection Failed: Guardium is unable to connect to the server” error on the Data compliance page.
Workaround: Restart the feature with the GuardAPI command grdapi restart_data_compliance.
Central manager GRD-108467 When you run the CLI command grdapi get_secured_protocols_info fullscan=1 in a 12.2 central manager, any 11.5 managed unit will incorrectly report that TLS is configured for versions 1.2 and 1.3 when TLS on the managed unit is actually set for version 1.2 only.
Central manager GRD-108655 After switch from central manager to backup central manager, the cruise control functionality present in Kafka Cluster Management will not work on the new central manager.
Central manager GRD-110531 While using the CLI to register an aggregator and collector to the central manager, you might see the message “Fail: Successfully registered unit, logging out of cli session” even when registration is successful.
Certificate GRD-108347 The CLI command store certificate smime sender only supports SCP or SFTP to import your pfx file into the Guardium appliance. Do not use other options in the list.
Compliance monitoring GRD-106731 If your data source is configured for the universal connector, only the following data sources are supported in the Compliance Monitoring page: DB2, ORACLE, INFORMIX, MYSQL, MS SQL SERVER, SYBASE, TERADATA, POSTGRESQL, NETEZZA, SAP HANA, and MONGODB. This will be fixed in a future release.
CyberArk GRD-110672
Before re-installing the CyberArk patch, the corresponding entry for that Guardium system should be removed from the CyberArk vault server and CyberArk needs to be uninstalled.
Data compliance GRD-105573
If a user imports the data compliance control charts after the threshold is run manually, the system does not display any data in the charts.
Workaround: Manually refresh the page. The system will then display data in the charts.
Data compliance GRD-105644
If you have data compliance enabled and you restart your Guardium system, you may receive an “API Connection Failed: Guardium is unable to connect to the server” error.
Workaround: Restart the feature with the command grdapi restart_data_compliance.
Data compliance GRD-105756 Data compliance is not supported on IPv6-only environments. No workaround is currently available.
Data compliance GRD-108010 Delayed or rerun Thresholds show today’s age instead of the TO_DATE for the report run. No workaround is currently available. This will be fixed in a future release.
Data compliance GRD-110249
In rare instances, compliance templates may deploy a threshold without a selected metric or measure column. If this occurs you will see that the threshold and control remains unmeasured for a long period of time after deployment. You can confirm the issue exists by reviewing the threshold settings and observing that there is no selected column for either the measure or the metric.
Workaround: To resolve the error, delete the reports the threshold uses, the threshold and the control. Then redeploy the template.
Data compliance
GRD-110323
In large environments with busy central managers, it was observed that threshold values may unexpectedly report zero in situations where many other processes ran at the same time as the threshold calculations.
Workaround: Until this issue is resolved, users are encouraged to schedule threshold calculation at a time when audit processes and other scheduled jobs are not running. This can be done in Setup > Tools and Views > Threshold Update Job Configuration.
Enterprise load balancer GRD-106684
Invalid error message displays on the Enterprise Load Balancer Properties page when an out-of-range value is entered for the following properties:
  • TIME_TO_IGNORE_CONNECTION_RELATED_LOAD
  • DEFAULT_MAX_QUEUE_USAGE
  • DEFAULT_MAX_CONTRIBUTION_TO_MAX_QUEUE_USAGE
  • MAX_SNIFFER_THREADS, ENABLE_MSG_STATS
Workaround: Enter valid values.
Executive Dashboard GRD-106494 IBM DB2 for z/OS and IMS DB do not consistently appear in the Asset Inventory page cards. They will appear if there are active S-TAP for z/OS agents.
Executive Dashboard GRD-109156 For some times after midnight (00:00) in the date time picker, the calendar refers to the previous day with a period (.) underneath the day’s number instead of the current date.
External S-TAP GRD-110116 Enterprise load balancer is not supported by External S-TAP. Ensure that enterprise load balancing is not configured on the collector.
GIM
GRD-74281
GIM transitional bundles (SHA1) cannot be uploaded to Guardium 12.2 when FIPS mode is on.
Workaround: Turn off FIPS mode to upload SHA 1 GIM bundles.
GIM GRD-103379
When upgrading a GIM client from a major version that supports GIM bundle changes to a major version that does not support GIM bundle changes (versions earlier than 12.2), the GIM Client Status report may display outdated values in the Active Certificate-related columns.
Workaround: To avoid seeing outdated certificate values in the report, you can perform a GIM connection reset. This action clears the stale data and refreshes the client status.
GIM GRD-109036 If your GIM agent is not connected after you upgrade your Guardium appliance to 12.2 (and assuming GIM service port 8446 is open), restart tomcat manually from the command-line interface with the restart gui command.
GuardAPI GRD-104958 Running GuardAPI commands is not currently supported on Kafka nodes.
Guardium Data Security Center and Guardium Insights INS-59195
Before upgrading any Guardium Data Protection appliances to 12.x, you should perform the workaround of disabling all the collectors from Guardium Data Security Center and Guardium Insights. Clients will encounter problems if the collectors are still enabled during the upgrade.

Workaround:
  1. Within Guardium Data Security Center and Guardium Insights, disable the collectors that will be upgraded under their logical central manager within the integration page.
  2. Perform the Guardium Data Protection upgrade for the collectors.
  3. After you complete all collector upgrades to 12.x, enable the collectors under their logical central manager.
  4. Restart the GUI on each collector.
  5. Within the Red Hat OpenShift console that manages your Guardium Data Security Center and Guardium Insights deployment, scale down and up the datamart-processoring deployment.
  6. Verify that the datamart-processing pods are now processing the data marts that are sent from Guardium Data Protection 12.x collectors.
Install
GRD-103896
During the patch installation process for Guardium 12.2, the following warning message might appear and be added to the patch log: “Warning: The system is configured to read the RTC time in the local time zone.” This is only a warning and the message will disappear after the patch installation is complete.
Workaround: Use the CLI command 'timedatectl set-local-rtc 0' to set the real-clock time (RTC) to Coordinated Universal Time (UTC).
Linux-UNIX S-TAP GRD-99873 S-TAP traffic capture for IBM Db2 on Solaris 5.10 might occasionally be incomplete. As a result, some queries might not be logged and are missing from reports. No workaround is currently available.
Linux-UNIX S-TAP
GRD-104759
 DataStax Cassandra remote traffic queries are not logged in the Full SQL report when configured with DataStax auditing for a non-existing database. The query is logged in the SQL ERROR report instead. No workaround is currently available.
Linux-UNIX S-TAP GRD-105535 Oceanbase Oracle mode redaction is not currently supported in Guardium 12.2.
Linux-UNIX S-TAP GRD-106202
Some login errors may be missed as application-level response errors in HTTP/1 traffic aren't analyzed due to their non-standard nature. Only responses with HTTP/1 500 error codes are recognized as login failures.
Linux-UNIX S-TAP GRD-108710
Since the following platforms do not support updated SSL ciphers that are required to negotiate a secure connection in FIPS 140-3 mode with a Guardium 12.2 managed unit, aggregator, or stand-alone collector, they must fall back to using an unencrypted connection:
  • All Linux ppc/64
  • All Linux ppcle/64
  • All AIX powerpc/64
Linux-UNIX S-TAP
GRD-109484
While attempting to create an OceanBase datasource in Oracle mode for S-TAP verification, the connection fails, preventing the datasource from being created successfully.
Mail encryption GRD-106564
The "Active":true JSON field for ALERTER_SMIME_CONFIG is ignored in favor of the GuardAPI parameter ALERTER_SMIME_ACTIVE to determine whether or not S/MIME is activated.
Workaround: Users can control whether S/MIME is on or off by changing ALERTER_SMIME_ACTIVE by calling grdapi from the CLI with the following command: grdapi modify_guard_param paramName=ALERTER_SMIME_ACTIVE paramValue=true.
Risk Spotter GRD-110440
After applying patch 12.0p125, the dynamic auditing policy setup on Risk Spotter is removed from the UI.
Workaround: Go to Active Risk Spotter > Policy and related modules > Dynamic Auditing and select the policy that is installed on the collector from the list.
TLS GRD-108626
Unable to connect using JDBC credentials over TLS when TLS version 1.3 is enabled, as Oracle 19c Enterprise Edition does not support this TLS version.
Workaround: You can use Oracle 23ai database which supports TLS version 1.3.
TLS GRD-110500
Important: While Guardium supports TLS 1.3, not all add-ons and features currently provide TLS 1.3 support. Until you know that every part of your Guardium system supports TLS 1.3, do not disable TLS 1.2.
Universal connector GRD-103771
In a Guardium on Oracle Cloud Infrastructure environment, when creating an Apache Kafka cluster through Kafka Cluster Management, the node initialization fails.
Workaround: For proper Kafka cluster setup in an Oracle Cloud Infrastructure environment, the correct hostname and domain name are required and should not exceed 64 characters. To find this information, open the Kafka Cluster Management interface, select your virtual machine name, click Networking, and look for the Hostname and Internal FQDN fields. The domain is the string after the hostname. 
The hostname and domain that are visible on the Networking page are the values you can use when running the CLI commands store system hostname <value> and store system domain <value>.
Universal connector GRD-103946 After you modify a cluster on the Kafka Cluster Management page, the Kafka Metrics dashboards might initially display 0 for all values. After a delay, the graph values reappear.
Universal connector GRD-105697
To ensure optimal performance of your enterprise load balancer, it’s important to avoid having unassigned profiles on Guardium. If you currently have any unassigned profiles, follow these steps:
  1. Make sure your system is running Guardium version 12.2 or later.
  2. Create or update your universal connector profiles to utilize enterprise load balancer.
  3. Define your profile groups either manually (one by one) or by using the import option. Then, associate these groups with the appropriate collector groups.
  4. Install or reinstall the Oracle Unified Audit (OUA) profiles.
By completing these steps, your profiles are automatically managed within the groups you defined. This eliminates the need for default profiles and ensures there is no additional overhead from managing unassigned profiles.
Universal connector GRD-106690
When collectors in the Primary group go down, the enterprise load balancer does not assign all available managed units from the Failover group at once. Instead, it allocates them one by one, with some delay between each allocation. This sequential allocation leads to a noticeable delay in recovery when multiple collectors fail at the same time, since the Failover managed units are not brought online simultaneously.
Universal connector GRD-108368
The deployed status of the installed universal connector profile is seen as "Installing the Profile" on the restored environment for the central management flow.
Workaround: Reinstall the problematic universal connector profiles from the Central Manager as follows:
1. Go to Manage > Universal Connector > Datasource Profile Management.
2. Select the problematic universal connector profiles.
3. Click Install > Reinstall. The deployed status is properly visible after reinstallation is complete.
Universal connector GRD-109491 When creating a universal connector data source profile for Apache Kafka, the profile name must consist of only letters, numbers, underscores (_), or hyphens (-) since it’s also used as the topic name in Kafka. Avoid using any other characters.
Universal connector GRD-110250
While rebooting a Kafka node machine or its UI, if the central manager is not up and reachable, the Kafka node machine tries to remove itself from an established Kafka cluster. This leads to the instability of the Kafka cluster and potential traffic monitoring loss if universal connectors are active.
Workaround: First, start or restart the central manager. After the central manager comes up, verify that the UI is up and running fine. Then boot up the Kafka node machines.
Universal connector
 GRD-110311
In a large deployment (>50 MUs), correlation alerts defined on the Kafka Cluster might not fire as expected.
Universal connector GRD-86940
Universal Connector Kafka cluster nodes are not part of backup. This will be fixed in a future patch.
Unified Discovery and Classification
Custom sensitivities are scanned for on-premises databases only and not for cloud and SaaS instances. Enhancements to expand custom sensitivities to cloud and SaaS will be coming soon.
Unified Discovery and Classification
Encrypted connections (SSL) to on-premises databases are not supported in version 1.0.
Vulnerability Assessment Scanner
GRD-110361
Vulnerability Assessment Scanner does not work on Guardium aggregators.  The following error message appears if you try to run it on an aggregator: "ERROR DatasourceConnections". This will be fixed in a future release.
Workaround: Run the Vulnerability Assessment Scanner only on managed units.
Resolved issues
Issue key Summary APAR
GRD-63344 Oracle Unified Audit (OUA) DB instance information lost after operating system reboot with GIM  GA18052
GRD-71179
Restart supervisor service INIT start on Solaris 11 servers to avoid S-TAP failing to start after reboot.
 DT389799
GRD-74027
Added DB_NAME for CouchDB to avoid mistaking for Couchbase traffic
 DT433671
GRD-78772
Venafi: Guardium GUI certificate renewal error: "guardium Venafi retrieve script error 80333" trying to import Venafi certificate
 DT389660
GRD-78855
Backup restore didn't restore the SAML and CyberArk configuration from 11.5 to 12
 DT276401
GRD-80164 "show remotelog test" configured with facility.priority='all.all' only tests using facility.priority='daemon.info' DT419678
GRD-80679 Guardium audit process intermittently fails with error:1615; message:Prepared statement needs to be re-prepared DT421926
GRD-80995
Couchbase database connection vulnerability assessment with LDAP needs GUI changes
 DT379903
GRD-81863
100% CPU usage on multiple collectors after 11.0p535 upgrade
 DT394196
GRD-81983
Aggregator GUI is slow and unresponsive 
 DT395091
GRD-82250
Guardium cannot classify tables with function-based index on Sybase database [Error Code: 11738]
 DT396797
GRD-83569
Data in RESULT_DETAIL column of table TEST_RESULT_DETAIL is truncated
 DT409139
GRD-83572
Vulnerability Assessment Test ID 394 fails for MongoDB, indicating that authentication is disabled if auth type is x509 (which is a valid authentication type)
 DT419687
GRD-83923
Updated permissions for the GIM service to prevent erroneous warning messages in syslog
GRD-84215
Cannot upload Guardium Installation Manager modules again
 DT395912
GRD-84325
Audit process not adding partitions in finalSql
 DT396467
GRD-84548
Version 12 grdapi command with --help=true hangs
 DT409020
GRD-85220
logrotate configuration reverts to default after installing bundle patch 11.0p540 or 11.0p545
 DT399828
GRD-85278
Audit process builder's reordering receivers not taking effect
 DT393991
GRD-85772
Enterprise Load Balancer not relocating S-TAPs when collector database is getting full
 DT419735
GRD-86477
Added support for family of kernels 5.10.0-32.x86_64
GRD-86523
Analyzer issue to handle some Teradata Database traffic
 DT398866
GRD-86991
When creating tuple group, unable to add tuple parameters on a Simplified Chinese appliance
 DT399735
GRD-86996
CLI: Unable to set Alerter SNMP traphost by using hostname
 DT397016
GRD-87129
After configuring A-TAP on collector with Oracle Exadata databases, the collector reports a high CPU usage
 DT420527
GRD-87135
Unable to send files from Guardium to COS bucket on IBM Cloud
 DT431894
GRD-87282
EMEA - GUI showing SNMP version 2 but CLI and traffic in SNMP version 3
 DT400637
GRD-87489
Weak default snif ciphers (TLS_RSA)
 DT396934
GRD-87490
Fixed missing traffic captured by using Ubuntu 22
 DT419779
GRD-87491
Error 'ORA-00942: table or view does not exist.' from Assessment Test ID 2374 'No Authorization To CREATE ANY LIBRARY Privilege'
 DT419661
GRD-87503
Guardium unable to connect with Oracle databases, getting Java Array error - VA
 DT418630
GRD-87529
Add TUPLE_PARAMETERS table to translation
GRD-87718
GUI certificate size still running in 1024 bits in central manager
 DT422234
GRD-87819
Duplicated in Group Builder after importing policies with shared groups
TS017242631
GRD-87862
Add support for family of kernels 5.14.0-284.11.1.el9_2.s390x
GRD-87931
Cannot overwrite SNMP contact information
 DT397398, DT397399
GRD-87951
EMEA Guardium SYSLOG issue encountered as everything in wait status
 DT409085
GRD-88026
Cloning out of the box reports fails
 DT420128
GRD-88033
Added separate event handles to notify S-TAP when 64-bit and 32-bit database processes start
 DT416655
GRD-88120
Aggregator: Import/Export/Archive failing after bundle patch 545 with "Another aggregation process is currently running"
 DT417651
GRD-88200
Fixed an instability in Microsoft SQL Server instance due to the Correlator Proxy dynamic-link library (DLL). You must reboot the database server to update the Correlator Proxy DLL.
 DT398828
GRD-88259
reset-managed-cli command fails to reset the CLI password on all managed units
 DT419826
GRD-88351
Added support for family of kernels 6.4.0-150600.23.17-default #1
 DT437910
GRD-88364 CyberArk CLI commands not working as expected DT438034
GRD-88775
'show system hostname' command fails with the "Error: Machine information not found" message
 DT409174
GRD-88890
Backup configuration through SFTP protocol failed with the error message: connection corrupted
 DT426747
GRD-89081
CLI command show port open scans for the open port instead of making an actual connection
GRD-89105
syslog daemon service (rsyslogd) keeps crashing and stops logging to the messages syslog file
 DT409033
GRD-89175
Fixed session correlation and Kerberos delivery timeouts
 DT438267
GRD-89290
support reset_managed_cli command does not set chage for CLI user
 DT409177
GRD-89308
Version 12.1 managed units do not successfully register to central manager
 DT426768
GRD-89310
GUI login hangs in AWS cloud environment with central manager and managed units
 DT419827
GRD-89389
Removed unnecessary blank lines in guard_tap.ini during OS patching
 DT437906
GRD-89466
Prevent S-TAP instability by ignoring empty traffic messages
 DT417031
GRD-89562
Inconsistent hostname in syslog message header for Guardium sniffer and audit process
 DT423305
GRD-89659
The issue with test report result for Guardium vulnerability assessment scan is Guardium Test ID on MS SQL Server is No Guest User Accounts is erring for all instances
 DT419987
GRD-89693
Change how rsyslogd is started
GRD-89704 Aggregation/archive log warning DT420186
GRD-89890
Adds the option PROCEDURE_OBJECT_FIELD (that can be enabled through the following grdapi command: modify_guard_param) to change sniffer parsing behavior to not explicitly associate non-literal function arguments with function or procedure objects when evaluating object+field policy rule tuple groups and logging
 DT418983
GRD-89910
Guardium version 12.1 central manager still accepts TLS 1.0 and 1.1 connections
 DT431893
GRD-89993
Removed a vulnerable Perl file subject to CVE-2023-7101 vulnerability
 DT437925
GRD-90015
Venafi certifications failing after applying fix p550
 DT416887
GRD-90211
Unable to add new catalog archive entry on collector
 DT421878
GRD-90257
Some GUI operations, such as editing a report in Query-Report Builder, take several minutes to respond
 DT418120
GRD-90468 Add support for kernel 6.8.0-47-generic.x86_64 
GRD-90524
Removed repeating S-TAP log message "no free entries" in db2diag
 DT438099
GRD-90648
Guardium Vulnerability Assessment test ID does not show correct value in CURRENT_SCORE_SINCE column
 DT424310
GRD-90821 Unable to capture guard_diag DT419135
GRD-90866 Collector GUI down after failed data restore from 10.6 to 11.5
GRD-90878 Archive and system back up configuration fails using password-less SSH configuration
GRD-90898
Incorrect indentation in grdapi list_inspection_engines
 DT425742
GRD-90942
Scheduled Job Exception 'IP Alias creation: An error occurred java.util.IllegalFormatConversionException: d != java.lang.String' after version 12.1 upgrade
 DT419702
GRD-90989 Sending alerts through SMTP fails if the SMTP server supports only NTLM authentication DT434614
GRD-91695
Resolved security vulnerability
GRD-91760
Fixed an issue where Application TAP (A-TAP) did not work for Sybase IQ for Red Hat Enterprise Linux (RHEL) 9 due to a change in libraries
 DT437877
GRD-92214
Issue with adding and updating catalog by using GUI and GuardAPI
 DT426077
GRD-92308
Primary central manager failover policy installation verification change
 DT421946
GRD-92349
Fixed an issue related to possible termination of sessions when Firewall S-Gate is enabled
 DT426053
GRD-92530
Deployment Health Table / Dashboard on the central manager shows unavailable status (blue) for all managed units
 DT425251
GRD-92550
Version 12.1 Certificate Management report shows that patch-signing.cert.pem and patchCA.cert.pem are expiring soon, although version 12.1 installed new certificate files with updated expiration dates
 DT424328
GRD-92686
GuardAPI command to upload custom table is not working when using only data source group is attached to the custom table
 DT431864
GRD-92701
Logged instance points to not logged construct ID
GRD-92780 Storage of host (bind) variables in the appliance
GRD-92783
Resolved conflict between S-TAP, Application TAP (A-TAP), and Rubrik by adding preload-libs parameter for a full path to third-party, preinstalled libraries while configuring A-TAP. For more information, see Conflict between IBM Guardium S-TAP and Rubrik.
 DT438018
GRD-93189
Unable to log in to the appliance after configuring multi-factor authentication for DUO on Guardium
 DT422702
GRD-93414
Missing S3 me-central-1 zone during configuration of backup
 DT444696
GRD-93684
For the grdapi change_cli_password, the following error appears: User has insufficient privileges for the requested API function
 DT431874
GRD-93729 After the failover to the backup central manager, the managed units are unable to sync license DT424816
GRD-93898
Some /var/IBM/Guardium/data/guard-solr/cloud/ filenames on Guardium collectors showing virtual machine template hostname
GRD-94015 Managed unit registration to the central manager does not succeed due to mismatch in the strength of the system shared secret DT424713
GRD-94048
Fixed an issue where Sybase IQ remote traffic was not captured
 DT437930
GRD-94202
Universal connector Neo4j plug-in does not start correctly and reports  java.lang.NullPointerException: null 
DT443019
GRD-94293 EMEA - Syslog sending junk messages DT434622
GRD-94620
After Enforce allowlist for GUI logins is enabled, Chinese characters for user's First Name and Last Name are displayed as garbage characters in the GUI
 DT435753
GRD-94697 Vulnerability Assessment incorrect reporting on Oracle SYSRAC user after installing DPS 2024 Q4
GRD-95231 Web application penetration test findings
GRD-95280 Custom upload to a custom table with a data source of database type Text:FTP fails DT433584
GRD-95306 Solr certificate for version 11.5 expired on 12 January 2025 DT436468
GRD-96966 Support for multiple proxies under one federated environment
GRD-97203 High severity CVEs resolved by removing %GIM%\sppNew\c\bin\openssl.exe DT435454
GRD-97285
Valid Teradata SQL with "NOT=" operator caused parser error
 DT435869
GRD-97313
Incorrect Couchbase object name (Create/Delete bucket) using universal connector for Couchbase to monitor traffic
DT443092
GRD-97325
Fixed Teradata parser errors
 DT435870
GRD-97815 Issue with proxy functionality support
GRD-97837
Windows S-TAP now uses OpenSSL 3.5
GRD-98757 Risk Spotter stopped working DT446409
GRD-99835
After exporting the role to a target central manager, permissions for the role is different between the source central manager and target central manager
 DT439490
GRD-99852
Fixed an issue of IBM Db2 exit Inspection Engine, updated Discovery to report only one EXIT IE instance per Db2 instance even if there are multiple db2sysc processes.
 DT438527
GRD-99996
Support use of "Alert Only" policy action in the session-level policy to alert either on the request (SQL) or the exception of that request.
GRD-100408 Unable to access Guardium through GUI DT448944
GRD-101829 Error when running multiple grdapi commands at once in batch mode DT442976
GRD-102117
Error when trying to generate automatic report from audit process builder to search for information related to a privacy set
 DT446590
GRD-102722
When using the command grdapi list_expiration_dates_for_restored_days to list restored data info, it fails with Returned ERR=3000
 DT444670
GRD-103584 PostgreSQL universal connector plug-in on GCP configuration failure
GRD-103728 Change tracker alive task might fail in LD due to lack of alive check concurrency with timeout limit
GRD-103838

If there are multiple Active Threat Analytics cases in the central manager, collectors now use EI_CASE_ID and sourceUnit (collector hostname) to fetch the record for update

 DT446510
GRD-105371 Bell notification on GUI banner shows "Updates are available" and lists 2 old DPS updates
GRD-105884 K-TAP Request for 5.14.0-570.25.1.el9_6.s390x Red Hat Enterprise Linux 9.6 (Plow) version 12.1 DT448777
GRD-108309 Newly added managed units did not have distributed reports scheduled on them 

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
06 October 2025

UID

ibm17242908

Page Feedback