Alert domain
This domain contains data on alerts generated and sent by Guardium. This topic describes the domain's entities and attributes.
Available to roles: all
Activity Types Entity
Available only from the Aggregation/Archive domain, which by default is available to users assigned the admin role only. The Activity Types entity can be accessed only from the owning Aggregation/Import/Export Log Entity. It identifies a type of action (Prepare for Aggregation, Encrypt, Send, etc.).
Attribute | Description |
---|---|
Activity Type | Description of an aggregation/import/export activity. |
Threshold Alert Details Entity
This entity is created each time that a correlation alert is triggered.
Attribute | Description |
---|---|
Alert Log ID | Uniquely identifies the alert details entity. Only available to users with the admin role. |
Query Value | Value returned by query. |
Base Value | Value assigned for the statistical alert. |
Checked From Date | The starting date and time checked for by the alert condition. |
Checked To Date | The ending date and time checked for by the alert condition. |
Alert Threshold | Alert threshold defined for the alert. |
Notification Sent | Text of notification sent. |
Timestamp | Created only once, when the statistical alert is logged. |
Alert Description | The description contained in the alert definition. |
Message Text Entity
For a threshold alert, the text of the message.
Attribute | Description |
---|---|
Message Text ID | Uniquely identifies the message text |
Message Subject | Message subject (for an email message, for example). |
Message Text | Message text. |
Original Timezone | The UTC offset. This is done in particular for aggregators that have
collectors in different time zones and so that activities that happened hours apart do not seem as
if they happened at the same time when imported to the aggregator. For instance, on an aggregator that aggregates data from different time zones, you can see session start of one record that is 21:00 with original timezone UTC-02:00 and another record where session start is 21:00 with original timezone UTC-05:00, This means that these events occurred 3 hours apart, but at the same respective local time (9 PM). |
Messages Sent Entity
For each threshold alert message sent, the message type, recipients, status, and date of that message.
Attribute | Description |
---|---|
Message ID | Uniquely identifies the message |
Message Type | Type of message. |
Sent To | One or more recipients of message. |
Message Status | Status of message: FAIL The send operation failed. WAIT The message has not yet been sent. SENT The message was sent. |
Message Date | Date message sent. |
Message Context | Message type: INFO Informational message. WARNING Possible error condition. ALERT Real time or threshold alert. ERROR Software or hardware error condition. DEBUG Debugging message. |
Message Originator | The module creating the message; for example monitor or GuardiumJetspeedUser. |
Original Timezone | The UTC offset. This is done in particular for aggregators that have
collectors in different time zones and so that activities that happened hours apart do not seem as
if they happened at the same time when imported to the aggregator. For instance, on an aggregator that aggregates data from different time zones, you can see session start of one record that is 21:00 with original timezone UTC-02:00 and another record where session start is 21:00 with original timezone UTC-05:00, This means that these events occurred 3 hours apart, but at the same respective local time (9 PM). |