Teradata¶
About¶
Teradata Corporation is a provider of database and analytics-related software, products, and services. The company was formed in 1979 in Brentwood, California, as a collaboration between researchers at Caltech and Citibank's advanced technology group.
Product Details¶
Vendor URL: Teradata
Product Type: DB Logging
Product Tier: Tier III
Integration Method: Unknown
Integration URL: n/a
Log Guide: Teradata Documentation
Parser Details¶
Log Format: Raw Log + JSON
Expected Normalization Rate: 75%
Data Label: WMT_TERADATA
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field | UDM Event Type |
|---|---|---|
| app_id | principal.application | If Available |
| proc_id | principal.process.pid | If Available |
| user | principal.user.userid | If Available |
| src | principal.hostname | If Available |
| src_ip | principal.ip | If Available |
| dst | target.hostname | If Available |
| dst | target.ip | If Available |
| description1, description2 | metadata.description | If Available |
| src_host | principal.hostname | If Available |
| query | metadata.description | If Available |
| query_id | additional.fields | If Available |
| src_port | principal.port | If Available |
| vendor | metadata.vendor_name | All |
| product | metadata.product_name | All |
| log_type | metadata.product_event_type | All |
| Defined | metadata.event_type | All |
| Defined | extensions.auth.type | USER_LOGIN |
| event_type | metadata.description | If Available |
| Defined | security_result.action | USER_LOGIN |
| host_name | observer.hostname | If Available |
| host_name | observer.ip | If Available |
Product Event Types¶
| Description | metadata.event_type |
|---|---|
| Default | GENERIC_EVENT |
| login_events | USER_LOGIN |
| elevated_user_accounts | USER_UNCATEGORIZED |
Log Sample¶
{"msg": "['2021-08-17 13:52:54', 'johndoe', '10.10.10.10', 'computername', 'host', '30521', '305830758', 1, 'Search Query", "length": 11, "host_name": "hostname", "log_type": "us_rx", "product": "teradata", "vendor": "teradata"}
Sample Parsing¶
metadata.event_timestamp = "2021-09-08T12:44:43Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "teradata"
metadata.product_name = "teradata"
metadata.product_event_type = "us_rx"
metadata.description = "Search Query"
metadata.ingested_timestamp = "2021-09-09T18:38:31.263171Z"
additional.QueryID = "30671075"
principal.hostname = "hostname01"
principal.user.userid = "JOHNDOE"
principal.process.pid = "30671"
principal.application = "Unavailable"
principal.namespace = "companyname"
target.hostname = "NULL"
target.namespace = "companyname"
observer.hostname = "hostname"
observer.namespace = "companyname"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming soon