IBM Support

How to capture Teradata failed login events in Guardium?

Question & Answer


Question

InfoSphere Guardium has a feature to defect failed login events on database servers, but it doesn't seem working with Teradata 13 or later. How to catpure Teradata failed login events in Guardium?

Cause

Teradata traffic is encrypted starting version 13 and failed login events can't be captured like other database traffic. InfoSphere Guardium provides the solution to detect Teradata failed logon events in a different way.

Answer

Please make sure that you have Advanced VA license installed in advance. Here is the CD name, which can be downloaded from Passport Advantage site.

IBM InfoSphere Guardium V9.0 Advanced Vulnerability Assessment, Product Key Multiplatform English (CIC3QEN )

This license is mandatory to use this feature. After install it, please follow the steps below.

1. Prepare a Teradata Failed Logins predefined report

- Login as admin to Guardium GUI.

- Navigate to Tools > Report Building > Custom Table Builder.

- Press Upload Data button.

2. A new screen will appear where user needs to add a data source in order to load the information for.

- Press Add Datasource... button.

3. A new window will pop-up where need to fill in all the database server information. If you have already defined a datasource for the target Teradata database, you can select the datasource and press Add button. Here is an example scenario of creating a new datasource.

- Press New button.

- In the next window, define a new datasource, then press Apply button. Here is an example.

- Press Test Connection button to check the connectivity to the database.

- Press Back button to close the window.

4. Now, datasource was defined. Add the datasource to the Custom Table Builder.

- On Datasource Finder window, select the datasource that you defined and press Add button.

- You can see the datasource is added to Customer Table Builder. Press Apply button in this window.

5. Now it's time to load the information for this DB server. You can either schedule a time or use Run Once Now that will load activity directly. This example will use Run Once Now, but you need to schedule later so that the information in this report will keep update.

- Press Run Once Now button.

6. Now let's check the report.

- Log out from Guardium GUI as admin, and login as a user to Guardium GUI. ( You can skip this step if admin has a user role. )

- Navigate to View > DB Entitlements > Teradata.

- Scroll down throughout the reports to Teradata Failed Logins report, which is at the bottom in this window.

- Make sure to adjust the report settings by pressing button and set DatasourceName, QUERY_FROM_DATE, QUERY_TO_DATE etc.

Note that you need to schedule in the step 5 to keep this report update. If you just press Run Once Now button, this report will not be updated.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.0;9.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21679200

Page Feedback