Troubleshooting - IBM/ServiceNow-Guardium-Vulnerability-Assessment GitHub Wiki

Table of contents

Note: How to quickly test the connection to the Guardium Central Manager:

  • Open the IBM Guardium > Central Manager record
  • Click Verify configuration link
  • Open IBM Guardium > Application Log
  • Refresh the table, look for successful synchronization

Note: How to re-import test results

  • Open IBM Guardium > Data Import > Integrations > Test Result Details
  • Scroll to the bottom to see Vulnerability Integration Runs
  • Guardium tries to limit the data imported by only getting the results since the last successful run
  • Select and delete the integration runs to cause more data to be imported
  • Click Execute Now after removing some of the runs

Common errors when connecting to the Guardium Central Manager

Bad credentials

  • Password was changed on Guardium

Error seen in IBM Guardium > Application Log:

Guardium API call FAILED
Status Code: 400
Reason: {"error":"invalid_grant","error_description":"Bad credentials"}

Procedure:

  • Open the IBM Guardium > Central Manager record
  • Modify the Credentials > Password
  • Click Update button
  • Test

Unknown host

  • ServiceNow cannot reach the Guardium Central Manager

Error seen in IBM Guardium > Application Log:

Reason: Request not sent to uri= https://ibm-cm01.example.com:8443/oauth/token :
java.net.UnknownHostException: ibm-cm01.example.com

Procedure:

  • Open the IBM Guardium > Central Manager record
  • Update and save the MID server value on the CM record
  • Test

The Guardium host is untrusted

  • ServiceNow MID server does not trust the Guardium Central Manager SSL certificate
  • The Java MID server keystore trusts many certificate authorities by default. It does not trust self-signed certificates.

Error seen in IBM Guardium > Application Log:

Reason: The request failed: Request not sent to uri= https://ibm-cm01.example.com:8443/oauth/token :
org.apache.commons.httpclient.HttpException: Session contains no certificates - Untrusted
Check MID server "ibm_guardium_mid_server" settings. The Guardium host "ibm-cm01.example.com" is untrusted.

Procedure:

Timed out waiting on response

  • ServiceNow cannot reach the Guardium Central Manager
  • (or) Guardium CM is taking too long to respond

Error seen in IBM Guardium > Application Log:

Timed out waiting on response.
Check MID Server. SSH into the virtual machine hosting "example_mid_server" MID Server. Is "ping" successful to https://ibm-cm01.example.com:8443

Procedure (MID Server issue):

  • Ping your Guardium Central Manager
  • If down, restart your Guardium Central Manager
  • If up, can your MID server reach the Guardium Central Manager? If not, perhaps you need a proxy?
  • If not validated, validate
  • If validation takes longer than 3 minutes, MID server must be restarted
  • Test

Procedure (Guardium GDP issue):

  • Verify Guardium GDP version is v11.5 (or greater) with Patch 525 (or greater).
  • Install patches if not v11.5 or greater.
  • Patch 525 contains some important performance fixes when fetching data from various reports.
  • Verify MID server health as shown above
  • Also see
  • Test

MID server SSL certificates

  • ServiceNow MID server cannot decrypt the message sent from ServiceNow application

Error seen in IBM Guardium > Application Log:

{"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"}

Procedure:

  • Open the MID Server > Servers record
  • Invalidate then Validate to reset certificates
  • If this does not work, you can disable encryption
    • Open IBM Guardium > Settings
    • Go to tab Encryption
    • Uncheck Encrypt Credentials
    • Click button Update
  • Test

Common errors when importing data

ECC queue timeout

  • ServiceNow MID server, by default, will wait a maximum of 30 seconds for a response from the Guardium Central Manager
  • This error can happen when there are many test results to import from a managed unit

Error seen in IBM Guardium > Application Log:

Error: No response for ECC message request with sysid=b24ce8ce977a65106112fac6f053aff1 after waiting for 30 seconds in ECC Queue

Procedure:

  • Try decreasing the page size retrieved from Guardium. It is possible that Test Result Details field contains an enormous amount of data
  • Also see Timed out waiting on response

  • If smaller page size does not help, try increasing the ServiceNow maximum timeout by:
    • In ServiceNow navigator, type sys_properties.list, press Enter key
    • Search for name: glide.http.outbound
    • Add or modify the following two properties
glide.http.outbound.max_timeout=60
glide.http.outbound.max_timeout.enabled=false

ECC queue maximum payload size exceeded

  • The data contained in the Guardium test results are too big for ServiceNow

Error seen in IBM Guardium > Application Log:

Check ECC Queue. Response may be too large.

Procedure:

  • Decrease the page size fetched by the ServiceNow by doing the following:
    • Open IBM Guardium > Settings
    • Go to tab Performance Tuning
    • Decrease Test Result Details page size (or Guardium REST-API page size if running v1.3.13)
    • Click button Update
  • Rerun integration Daily or Test Result Details

No vulnerable items created

  • Guardium recently ran one or more assessments, but I do not see any new Vulnerable Items

Background:

  • CVE test results go to Vulnerability Detections and failures become Vulnerable Items
  • All other test results go to Configuration Compliance > Test Results

Procedure:

  • If you do not use Configuration Compliance, you can disable it:
⚠️ **GitHub.com Fallback** ⚠️