Workday¶
About¶
Workday offers built-in audit and internal controls so regulatory requirements can be quickly adapted to.
Product Details¶
Vendor URL: Simplify audit and compliance. - Workday
Product Type: Audit and Compliance
Product Tier: Tier II
Integration Method: Custom
Integration URL: N/A
Log Guide: N/A
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 75%
Data Label: WORKDAY_AUDIT
UDM Fields (list of all UDM fields leveraged in the Parser):
Log File Field | UDM Field |
---|---|
jobid | additional.fields |
vendor | metadata.vendor_name |
product | metadata.product_name |
version | metadata.product_version |
product_event | metadata.product_event_type |
GENERIC_EVENT | metadata.event_type |
display_name | principal.user.user_display_name |
user_agent | network.http.user_agent |
description | metadata.description |
platform | principal.platform_version |
src | principal.hostname |
src | principal.ip |
file_name | src.file.full_path |
dst | target.hostname |
dst | target.ip |
dhost | target.hostname |
dhost | target.ip |
shost | principal.hostname |
shost | principal.ip |
summary | security_result.summary |
suser | principal.user.userid |
request | target.url |
INFORMATIONAL/LOW/MEDIUM/HIGH | security_result.severity |
observer | observer.hostname |
observer | observer.ip |
Product Event Types¶
type,subtype | UDM Event Classification |
---|---|
DEFAULT | GENERIC_EVENT |
Log Sample¶
{"msg": "\"2021-12-07T08:05:27.896-08:00\",\"redacted\",\"Search in Main Page (Web Service)\",\"READ\",\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36\",\"10.11.11.61\",\"\",\"\",\"Desktop\",\"JOHNDOE\"\n", "length": 244, "file_name": "REPORT_20211207_081523.csv.gz", "product": "Workday", "vendor": "Workday"}
Sample Parsing¶
metadata.event_timestamp = "2021-12-07T08:05:27Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Workday"
metadata.product_name = "Workday"
metadata.product_event_type = "Search in Main Page (Web Service)"
metadata.ingested_timestamp = "2021-12-07T16:26:46.268520Z"
principal.user.userid = "JOHNDOE"
principal.ip = "10.11.11.61"
principal.platform_version = "Desktop"
principal.namespace = "COMPANYNAME"
principal.asset.ip = "10.11.11.61"
src.file.full_path = "REPORT_20211207_081523.csv.gz"
src.namespace = "COMPANYNAME"
observer.namespace = "COMPANYNAME"
security_result.summary = "READ"
network.http.user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
Parser Alerting¶
This product currently does not have any Parser-based Alerting