IBM · hadarkorny · Jan 16, 2025 · Jan 16, 2025
@@ -6,6 +6,7 @@
 * Supported inputs: CloudWatch (pull)
 * Supported Guardium versions:
   * Guardium Data Protection: 11.4 and above
+  * Guardium Insights : 3.3 
   * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the aurora-mysql audit log into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query "construct". The construct details the main action (verb) and collections (objects) involved.
@@ -109,7 +110,7 @@ The Guardium universal connector is the Guardium entry point for native audit lo
 8. The "type" fields should match in the input and the filter configuration sections. This field should be unique for every individual connector added.
 9. Click **Save**. Guardium validates the new connector, and displays it in the Configure Universal Connector page.
 
-## Configuring the Aurora-MySQL Guardium Logstash filters in Guardium Insights
+## Configuring the Aurora-MySQL Guardium Logstash filters in Guardium Data Security Center.
 
 To configure this plug-in for Guardium Insights, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
 

@@ -6,6 +6,7 @@
 * Supported inputs: Filebeat (push)
 * Supported Guardium versions:
   * Guardium Data Protection: 11.4 and above
+  * Guardium Insights: 3.3
   * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the Apache Solr logs into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query "construct". The construct details the main action (verb) and collections (objects) involved.The Apache Solr Azure plugin only supports Guardium Data Protection as of now.
@@ -134,6 +135,6 @@ The Guardium universal connector is the Guardium entry point for native audit lo
 
 - While launching Solr in SolrCloud mode, multiple logs will be generated for single query execution as a call to shard(In SolrCloud, a logical partition of a single Collection) and replica(A core that acts as a physical copy of a shard in a SolrCloud Collection). 
 
-## 5. Configuring the Apache Solr filters in Guardium Insights
+## 5. Configuring the Apache Solr filters in Guardium Data Security Center
 To configure this plug-in for Guardium Insights, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
 For the input configuration step, refer to the [Filebeat section](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md#Filebeat-input-plug-in-configuration).
@@ -5,6 +5,7 @@
 * Supported inputs: Azure Event Hub (pull)
 * Supported Guardium versions:
    * Guardium Data Protection: 11.4 and above
+   * Guardium Insights: 3.3
    * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the azure postgreSQL audit log into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query "construct". The construct details the main action (verb) and collections (objects) involved.
@@ -176,3 +177,7 @@ The Guardium universal connector is the Guardium entry point for native audit lo
 7. The "type" fields should match in the input and the filter configuration sections. This field should be unique for every individual connector added. This is no longer required starting v12p20 and v12.1.
 8. Update the filter section to add the details from [azurepostgresql.conf](./azurepostgresql.conf) file's filter part, omitting the keyword "filter{" at the beginning and its corresponding "}" at the end.
 9. Click **Save**. Guardium validates the new connector, and enables the universal connector if it was disabled. After it is validated, the connector appears in the Configure Universal Connector page.
+
+
+## 6. Configuring the Azure Postgres filters in Guardium Data Security Center
+To configure this plug-in for Guardium Data Security Center, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
@@ -6,6 +6,7 @@
 * Supported inputs: JDBC (pull)
 * Supported Guardium versions:
 	* Guardium Data Protection: 11.4 and above
+    * Guardium Insights: 3.3
     * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the azureSQL audit log into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query "construct". The construct details the main action (verb) and collections (objects) involved.
@@ -149,5 +150,7 @@ Note :
 	On Second G machine ,in input section for JDBC Plugin update "statement" field like below:
 
 	SELECT event_time,succeeded,session_id,database_name,client_ip,server_principal_name,application_name,statement,server_instance_name,host_name,DATEDIFF_BIG(ns, '1970-01-01 00:00:00.00000', event_time) AS updatedeventtime,additional_information  FROM sys.fn_get_audit_file('https://<storage-account-name>.blob.core.windows.net/sqldbauditlogs/<server_instance_name>/<DB-NAME>', DEFAULT, DEFAULT) where action_id='BCM' and statement not like '%xproc%' and statement not like '%SPID%' and statement not like '%DEADLOCK_PRIORITY%' and application_name not like '%Microsoft SQL Server Management Studio - Transact-SQL IntelliSense%' and session_id%2 = 1 and DATEDIFF_BIG(ns, '1970-01-01 00:00:00.00000', event_time) > :sql_last_value order by event_time;
-
+
+## 9. Configuring the Azure SQL filters in Guardium Data Security Center
+To configure this plug-in for Guardium Data Security Center, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)	
 
@@ -4,7 +4,8 @@
 * Environment: On-premise
 * Supported inputs: Filebeat (push)
 * Supported Guardium versions:
-	* Guardium Data Protection: 11.4 and above
+	* Guardium Data Protection: 11.4 and above 
+    * Guardium Insights: 3.3
     * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the Cassandra audit log into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query "construct". The construct details the main action (verb) and collections (objects) involved. 
@@ -143,6 +144,6 @@ The Guardium universal connector is the Guardium entry point for native audit lo
 8. The "type" fields should match in the input and the filter configuration sections. This field should be unique for  every individual connector added.
 9. Click Save. Guardium validates the new connector and displays it in the Configure Universal Connector page.
 
-## 5. Configuring the Cassandra filters in Guardium Insights
-To configure this plug-in for Guardium Insights, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
+## 5. Configuring the Cassandra filters in Guardium Data Security Center
+To configure this plug-in for Guardium Data Security Center, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
 For the input configuration step, refer to the [Filebeat section](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md#Filebeat-input-plug-in-configuration).
@@ -5,7 +5,7 @@
 * Supported inputs: Filebeat (push)
 * Supported Guardium versions:
 	* Guardium Data Protection: 11.4 and above
-	* Guardium Insights: 3.2
+	* Guardium Insights: 3.3
     * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the Couchbase audit log into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query "construct". The construct details the main action (verb) and collections (objects) involved. 
@@ -137,9 +137,9 @@ The Guardium universal connector is the Guardium entry point for native audit lo
 8. The "type" fields should match in the input and the filter configuration sections. This field should be unique for every individual connector added.
 9. Click Save. Guardium validates the new connector, and enables the universal connector if it was disabled. After it is validated, the connector appears in the Configure Universal Connector page.
 
-## 5. Configuring the Couchbase filter in Guardium Insights
+## 5. Configuring the Couchbase filter in Guardium Data Security Center
 
-To configure this plug-in for Guardium Insights, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
+To configure this plug-in for Guardium Data Security Center, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
 
 In the input configuration section, refer to the Filebeat section.
 

@@ -5,7 +5,7 @@
 * Supported inputs: Filebeat (push)
 * Supported Guardium versions:
     * Guardium Data Protection: 11.4 and above
-    * Guardium Insights: 3.2
+    * Guardium Insights: 3.3
     * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the CouchDB log into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query and Guardium sniffer parse the CouchDB queries.This plug-in prepares the Guardium Record object and relies on Guardium internal CouchDB parser to parse the database command. The CouchDB plugin supports only Guardium Data Protection as of now.
@@ -130,6 +130,6 @@ disabled. After it is validated, it appears in the Configure Universal Connector
     - Client port : Not available with logs
     - Client HostName : Not available with logs  
 
-## 6. Configuring the Couchdb filters in Guardium Insights
-To configure this plug-in for Guardium Insights, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
+## 6. Configuring the Couchdb filters in Guardium Data Security Center
+To configure this plug-in for Guardium Data Security Center, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
 For the input configuration step, refer to the [Filebeat section](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md#Filebeat-input-plug-in-configuration).
@@ -5,6 +5,7 @@
 * Supported inputs: CloudWatch (pull)
 * Supported Guardium versions:
     * Guardium Data Protection: 11.4 and above
+    * Guardium Insights: 3.3
     * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the DocumentDB audit and profiler logs into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query "construct". The construct details the main action (verb) and collections (objects) involved. 
@@ -108,8 +109,8 @@ The Guardium universal connector is the Guardium entry point for native audit/pr
 - Server IPs are also not reported because they are not part of the audit stream. That said, the "add_field" clause in the configuration adds a user defined Server Host Name that can be used in reports and policies if desired.
 - Because Sniffer saves the DB name once when a new session is created, and not with every event, DB name will be updated and populated correctly in Guardium only when everytime a new database connection is established with database name. If Database connection is established without database name, then the database on which the first query for that session runs, will be retained in Guardium. Even if user switches between the databases for the same session.     
 
-## Configuring the DocumentDB Guardium Logstash filters in Guardium Insights
+## Configuring the DocumentDB Guardium Logstash filters in Guardium Data Security Center
 
-To configure this plug-in for Guardium Insights, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
+To configure this plug-in for Guardium Data Security Center, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
 
 For the input configuration step, refer to the [CloudWatch_logs section](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md#configuring-a-CloudWatch-input-plug-in).
@@ -8,7 +8,7 @@
             * S3 (pull)
             * CloudWatch (pull)
             * SQS (Pull)
-    * Guardium Insights: 3.2
+    * Guardium Insights: 3.3
         * Supported inputs:
             * CloudWatch (pull)
     * Guardium Insights SaaS: 1.0
@@ -69,11 +69,11 @@ There are different methods for auditing and logging. We will use CloudTrail for
 
 ## Follow the below link if DynamoDB is to be monitored using Cloudwatch
 
-[DynamoDB Over Cloudwatch](DynamodbOverCloudwatch/README.md)
+[DynamoDB Over Cloudwatch](https://github.com/IBM/universal-connectors/blob/main/filter-plugin/logstash-filter-dynamodb-guardium/DynamodbOverCloudwatch/README.md)
 
 ## Follow the below link if DynamoDB is to be monitored using Cloudtrail
 
-[DynamoDB Over Cloudtrail](DynamodbOverCloudtrail/README.md)
+[DynamoDB Over Cloudtrail](https://github.com/IBM/universal-connectors/blob/main/filter-plugin/logstash-filter-dynamodb-guardium/DynamodbOverCloudtrail/README.md)
 
 ### Limitations
 

@@ -5,7 +5,7 @@
 * Supported inputs: CloudWatch (pull)
 * Supported Guardium versions:
    * Guardium Data Protection: 11.4 and above
-   * Guardium Insights: 3.2
+   * Guardium Insights: 3.3
    * Guardium Insights SaaS: 1.0
 
 This is a [Logstash](https://github.com/elastic/logstash) filter plug-in for the universal connector that is featured in IBM Security Guardium. It parses events and messages from the MariaDB audit log into a [Guardium record](https://github.com/IBM/universal-connectors/blob/main/common/src/main/java/com/ibm/guardium/universalconnector/commons/structures/Record.java) instance (which is a standard structure made out of several parts). The information is then sent over to Guardium. Guardium records include the accessor (the person who tried to access the data), the session, data, and exceptions. If there are no errors, the data contains details about the query and Guardium sniffer parses the MariaDB queries. The MariaDB on Amazon RDS plugin only supports Guardium Data Protection as of now.
@@ -147,9 +147,9 @@ The Guardium universal connector is the Guardium entry point for native audit lo
      - clientPort and serverPort : Not available with audit logs
  - For system generated LOGIN_FAILED logs, the Dbuser value not available,so we set it as "NA".
 
-## 7. Configuring the AWS MariaDB Guardium Logstash filters in Guardium Insights
+## 7. Configuring the AWS MariaDB Guardium Logstash filters in Guardium Data Security Center
 
-To configure this plug-in for Guardium Insights, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
+To configure this plug-in for Guardium Data Security Center, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
 
 For the input configuration step, refer to the [CloudWatch_logs section](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md#configuring-a-CloudWatch-input-plug-in).
 
@@ -181,6 +181,6 @@ The Guardium universal connector is the Guardium entry point for native audit lo
     - ClientIP - Not avaiable in Audit Logs
     - Source Program - Not available in Audit Logs
 
-## 7. Configuring the Mariadb filters in Guardium Insights
-To configure this plug-in for Guardium Insights, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
+## 7. Configuring the Mariadb filters in Guardium Data Security Center
+To configure this plug-in for Guardium Data Security Center, follow [this guide.](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md)
 For the input configuration step, refer to the [Filebeat section](/docs/Guardium%20Insights/3.2.x/UC_Configuration_GI.md#Filebeat-input-plug-in-configuration).
@@ -1,7 +1,7 @@
 # MongoDB-Guardium Logstash filter plug-in
 ### Meet MongoDB
 * Tested versions: 4.2, 4.4
-* Environment: On-premise, Iaas, IBM Cloud
+* Environment: On-premise(Only Enterprise version is suuported), Iaas, IBM Cloud
 * Supported Guardium versions:
     * Guardium Data Protection: 11.3 and above
       * Supported inputs: