Analytic Outlier Summary domain
A summary of the outliers that occurred during the last hour on a source. This topic describes the domain's entities and attributes.
Available to roles: admin
Analytic Outlier Summary Entity
Attribute | Description |
---|---|
Alert Feedback ID | ID of rule that caused this feedback alert. |
Anomaly Score | Final anomaly score for this activity. |
DB User Name | DB user that executed the activity. |
Diverse Outlier | Whether or not the outlier is of type diverse. True/False. |
Error Outlier | Whether or not the outlier is of type error. True/False. |
High Volume Outlier | Whether or not the outlier is of type high volume. True / False. |
New Messages Average | Average number of new messages by the entity that caused the outlier. |
New Messages Score | Measure of new activity abnormality. |
New Messages SD | Deprecated |
New Outlier | Whether or not the outlier is of type new outlier. True/False. |
Number of Fails | Number of failed activities. |
Number of New Messages | Number of new types of new activities. |
Number of Sensitive Objects | Number of sensitive objects touched by in this interval. |
Number of Temporary Objects | Number of temporary objects used in this interval. |
Number of Temporary Source Programs | Deprecated |
OS User | OS user that executed the activity. |
Ongoing Outlier | Whether or not the outlier is of type ongoing. True/False. |
Original Host Name | Client hostname. |
Outliers Summary ID | Unique ID. |
Period Start | Date and time of the period start. |
Privileged User | Whether or not the activity was performed by a privileged user. True/False. |
Rarity and Volume Score | Deprecated |
Server IP | IP of server on which the activity occurred. |
Server Type | DAM or FAM. |
Service Name | The service name that was used in the activity. |
Source ID | The source ID from which the activity occurred |
Temp Outlier | Whether or not the outlier is of type temp. True/False. |
Temporary Objects Average | Average of above statistic in recent hours. |
Temporary Objects Score | Measure of temporary objects usage abnormality. |
Temporary Objects SD | Standard deviation of number of temporary objects used in this interval from recent hours. |
Temporary Source Programs Score | Deprecated |
Timestamp | Timestamp of the activity. |
Type of Temporary Source Programs | Deprecated |
Type Volume Rarity | Deprecated |