This online group is intended for new and existing IBM Security Technology Partners who would like to keep up to date with the latest advice and best practices for IBM Security integration.
The Guardium Universal Connector (UC) enables Guardium Data Protection to get data from potentially any data source's native activity logs without using software taps (S-TAPs- the software agent usually used in Guardium). The UC includes support for various plug-in packages, requiring minimal configuration. You can easily develop plug-ins for other data sources and install them in Guardium. The underlying technology is Logstash, the open-source data processing pipeline that enables the ingestion, transformation and forwarding of native audit logs into Guardium. We have created the Guardium output plugin that can send correctly formatted data to Guardium, the UC then needs to provide (or re-use an existing) input-plugin and provide the necessary mapping in the filter-plugin.
There is a large catalog of existing Universal Connectors published under an open-source license by IBM on GitHub. You can use these existing filters as inspiration or build one from the ground up. We have published guides to take you through the process of installing the necessary tools and building your first example UC to get your development started.
If you'd like to learn more about how to build your own universal connector please reach out to the IBM Security Technology Alliance Program team IBMSecurityAlliances@wwpdl.vnet.ibm.com
Useful Resources:
https://github.com/IBM/universal-connectors
https://github.com/IBM/universal-connectors/blob/main/docs/readme.md
https://www.ibm.com/products/guardium/integrations
https://github.ibm.com/Niall-Mac-Aindriu/universal-connector/blob/main/PARTNER_PLUGIN_DEVELOPMENT_GUIDE.md
Copy