TA-guardium_api

IBM Guardium REST API Add-on for Splunk enables secure, automated ingestion of database activity and audit logs from IBM Guardium into Splunk using the Guardium online_report REST API. This add-on provides a fully checkpointed, fault-tolerant modular input that continuously pulls SQL activity data at a configurable interval and resumes seamlessly after restarts without duplicating events. It supports per-input Guardium API URLs, central token-based authentication, optional SSL verification, and scalable pagination for high-volume environments. All ingested events are structured as JSON and can be easily normalized to the Splunk Common Information Model (CIM) Database data model for use with Enterprise Security, custom dashboards, and compliance reporting. This add-on is ideal for organizations that rely on IBM Guardium for database security monitoring and want centralized analytics, detection, and long-term retention in Splunk.