create_computed_attribute

This API creates a custom attribute that is calculated based on a specified expression. The computed attribute is then available for reporting.

To help prevent an SQL injection attack, the following words and characters are not allowed in computed attributes:

ALTER, CREATE, DELETE, DROP, INSERT, TRUNCATE, UPDATE, semicolon (;), double-dash (--), or slash-asterisk (/*)

To replace the disallowed characters, you can use the MySQL char function. For example, say that you want to create a computed attribute that includes a semicolon. The API call that includes a semicolon:

grdapi create_computed_attribute 
attributeLabel="app_user" entityLabel="Access Period" 
expression="SUBSTRING_INDEX(APP_USER_NAME,';',1)"

Returns the following error:

create_computed_attribute:
ERR=2410
Error Creating New Computed Attribute - Invalid Expression Or
expression includes not allowed characters

To correct the example, use the MySQL char function (where 59 is the code for a semicolon):

grdapi create_computed_attribute 
attributeLabel="app_user" entityLabel="Access Period" 
expression="SUBSTRING_INDEX(APP_USER_NAME,char(59),1)"

Which returns the following information:

ID=20000
Attribute for Expression SUBSTRING_INDEX(APP_USER_NAME,char(59),1) Created

The char() equivalents are shown in Table 1.

Table 1. MySQL character equivalents
Character	MySQL char()
`;` (semicolon)	`char(59)`
`--` (double dash)	`char(45,45)`
`/*` (slash asterisk)	`char(47,42)`

This API is available in Guardium V9.5 and later.

The REST API is available in Guardium V11.0 and later.

REST API syntax

This API is available as a REST service with the POST method. Call this API as follows:

POST https://[Guardium hostname or IP address]:8443/restAPI/computed_attribute

GuardAPI syntax

create_computed_attribute parameter=value

Parameters

Parameter	Value type	Description
attributeLabel	String	Required. The name of the computed attribute, which appears in reports.
entityLabel	String	Required. The name of the main entity with which the attribute is associated, for example Session, Object, or FULL_SQL.
expression	String	Required. An SQL expression to generate the computed value for the new attribute.
api_target_host	String	Specifies the target hosts where the API executes. Valid values: `all_managed`: execute on all managed units but not the central manager `all`: execute on all managed units and the central manager `group:<group name>`: execute on all managed units identified by `<group name>` host name or IP address of a managed unit: specified from the central manager to execute on a managed unit. For example, `api_target_host=10.0.1.123`. host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, `api_target_host=10.0.1.123`. IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

To create a computed attribute called app_user associated with the Access Period entity:

grdapi create_computed_attribute 
attributeLabel="app_user" entityLabel="Access Period" 
expression="SUBSTRING_INDEX(APP_USER_NAME,char(59),1)"

To create an Oracle_OS_user attribute associated with the Session entity:

grdapi create_computed_attribute 
attributeLabel="Oracle_OS_User" entityLabel="Session" 
expression="SUBSTRING_INDEX(  SUBSTRING(REPLACE(UID_CHAIN,' ',''),1,LENGTH(REPLACE(UID_CHAIN,' ','')) 
-  LOCATE('lqsi,',REVERSE(REPLACE(UID_CHAIN,' ','')))-4),',',-1)"