Analytic Outlier Summary domain
A summary of the outliers that occurred during the last hour on a source. This topic describes the domain's entities and attributes.
Available to roles: admin
Analytic Outlier Summary Entity
| Attribute | Description |
|---|---|
| Alert Feedback ID | ID of rule that caused this feedback alert. |
| Anomaly Score | Final anomaly score for this activity. |
| DB User Name | DB user that executed the activity. |
| Diverse Outlier | Whether or not the outlier is of type diverse. True/False. |
| Error Outlier | Whether or not the outlier is of type error. True/False. |
| High Volume Outlier | Whether or not the outlier is of type high volume. True / False. |
| New Messages Average | Average number of new messages by the entity that caused the outlier. |
| New Messages Score | Measure of new activity abnormality. |
| New Messages SD | Deprecated |
| New Outlier | Whether or not the outlier is of type new outlier. True/False. |
| Number of Fails | Number of failed activities. |
| Number of New Messages | Number of new types of new activities. |
| Number of Sensitive Objects | Number of sensitive objects touched by in this interval. |
| Number of Temporary Objects | Number of temporary objects used in this interval. |
| Number of Temporary Source Programs | Deprecated |
| OS User | OS user that executed the activity. |
| Ongoing Outlier | Whether or not the outlier is of type ongoing. True/False. |
| Original Host Name | Client hostname. |
| Outliers Summary ID | Unique ID. |
| Period Start | Date and time of the period start. |
| Privileged User | Whether or not the activity was performed by a privileged user. True/False. |
| Rarity and Volume Score | Deprecated |
| Server IP | IP of server on which the activity occurred. |
| Server Type | DAM or FAM. |
| Service Name | The service name that was used in the activity. |
| Source ID | The source ID from which the activity occurred |
| Temp Outlier | Whether or not the outlier is of type temp. True/False. |
| Temporary Objects Average | Average of above statistic in recent hours. |
| Temporary Objects Score | Measure of temporary objects usage abnormality. |
| Temporary Objects SD | Standard deviation of number of temporary objects used in this interval from recent hours. |
| Temporary Source Programs Score | Deprecated |
| Timestamp | Timestamp of the activity. |
| Type of Temporary Source Programs | Deprecated |
| Type Volume Rarity | Deprecated |