Analytic Threat Analytics domain
This domain has detailed descriptions of active threat analytics. This topic describes the domain's entities and attributes.
Available to roles: admin
Analytic Source Entity
This entity describes the source on which the case occurred.
Attribute | Description |
---|---|
DB User | DB user whose actions were observed in creating this case. |
Database | Database whose actions were observed in creating this case. |
OS User | OS User whose actions were observed in creating this case. |
Privileged | Whether user is privileged or not |
Server IP | Server IP on which the actions were observed. |
Source Type | Source Type on which the actions were observed. |
Analytic Case entity
This entity describes the case details.
Attribute | Description |
---|---|
Actual severity | The actual severity level defined by the user. This allows the user to give feedback to the system. |
Actual threat category | The actual threat category defined by the user. This allows the user to give feedback to the system. |
Case Number | Case number assigned by Guardium® |
Date | Date case was opened |
Closed by | User name that closed the case |
Create Date | Date on which Guardium created the case. |
Originating Unit | The unit on which the observation occurred. |
Period Start | The first observation occurred during the time period that started as indicated. |
Severity | Case severity assigned by Guardium: low medium, high. |
Threat Category | Type of threat, for example: anomaly, account takeover, denial of service, data tampering, schema tampering, data leak. malicious stored procedure, SQL injection |
Timestamp | Timestamp when Analytic Case info was last modified |
Analytic Case Observation entity
This entity describes the observations that spawned the case.
Attribute | Description |
---|---|
Case Number | Case number assigned by Guardium |
Observation | Potential attack symptoms, identified by Guardium |
Priority | Symptom Priority |