CAS Changes domain

Tracks changes to monitored items (files, registry variables, etc.). This topic describes the domain's entities and attributes.

Available to roles: all

Monitored Changes Entity

This entity is created each time a monitored item changes. It identifies the monitored item within the CAS instance, and points to the saved data for the change.

Attribute Description
Change Identifier Unique identifier for the change.
Sample Time Timestamp (date and time on host) that sample was taken.
Audit Config Id Identifies the host configuration.
Saved Data Id Identifies the Saved Data entity for this change.
Audit State Label Id Identifies the Host Configuration entity for this change.
Timestamp Date and time this change record was created on the server (Guardium appliance server clock).
MD5 Indicates whether or not the comparison is done by calculating a checksum using the MD5 algorithm and comparing that value with the value calculated the last time the item was checked. The default is to not use MD5. If MD5 is used but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison will be skipped. Regardless of whether or not MD5 is used, both the current value of the last modified timestamp for the item and the size of the item are compared with the values saved the last time the item was checked.
Owner Unix only. If the item type is a file, the file owner.
Permissions Unix only. If the item type is a file, the file permissions.
Size File size, but there are special values as follows:

-1 = File exists, but has a zero bytes

0 (zero) = File does not exist, but this file name is being monitored (it never existed or may have been deleted)

Last Modified Timestamp for the last modification, taken from the file system at the sample time..
Last Modified Date Date for the last modification.
Last Modified Time Time for the last modification.
Last Modified Weekday Day of week for the last modification.
Last Modified Year Year for the last modification.
Group Unix only. If the item type is a file, the group owner.

Host Configuration Entity

A Host Configuration entity is created for each item in a CAS instance.

Attribute Description
Audit State Label Id Unique numeric identifier for the configuration item
Timestamp Timestamp for creation of the entity
Host Name Database server host name or IP address
OS Type Operating system: Unix or Windows
DB Type Database type: Oracle, MS-SQL, DB2®, Sybase, Informix®, or N/A if the change is to an operating system instance
Instance Name Name of the template set instance
Type

Type of monitored item that changed.

OS Script or SQL Script: A change triggered by the OS script contained in the monitored item template definition.

Environment Variable: An environment variable (Unix only)

Registry Variable: A registry variable (Windows only)

File: A specific file. There is no host configuration entity for a file pattern defined in the template set used by the instance. Instead, there is a separate host configuration entity for each file that matches the pattern.

Monitored Item The name of the changed item, from the Description (if entered), otherwise a default name depending on the Type (a file name, for example).

Saved Data Entity

A Saved Data entity is created each time a change is detected for an item being monitored, if the Keep data box is marked for that item in the item template definition.

Attribute Description
Saved Data ID Unique numeric identifier for the saved data item.
Saved Data The actual data saved.
Timestamp Timestamp for when the saved data entity was recorded in the server database.
Change Identifier Identifies the monitored changes entity for this saved data entity.

Saved Data ID is only available to users with the admin role.