Risk Spotter risk indicators
Guardium® applies the Risk Spotter algorithm to the audited data modules, to analyze multiple risk indicators and to calculate the overall risk scores of risky users.
The Risk spotter algorithm includes relevant weights of each risk indicator.
Risk indicator | Description |
---|---|
Threat Analytics | Identified high and medium potential risks from Guardium Advanced Threat Analytics. |
Violations | The number of high and medium severity violations related to the DB user. |
Vulnerability | The number of failed vulnerability assessments for a user. |
Sensitive objects | The number of queries on sensitive data related to the DB user. |
Administrative queries | The relative number of administrative queries related to the DB user, out of the total activity. |
DDL queries | The relative amount of DDL queries related to the DB user, out of the total activity. |
DML queries | The relative amount of DML queries related to the DB user, out of the total activity. |
Select queries | The relative number of select queries related to the DB user, out of the total activity. |
High volume activity | DB Users that have high volume activity as compared to the average of all entities of similar type. |
Off-work activity | Activity related to the DB user that occurred in non-work hours. |
Figure 1 shows how the various modules and Guardium data interact in the Risk Spotter process.