Analytic Threat Analytics domain

This domain has detailed descriptions of active threat analytics. This topic describes the domain's entities and attributes.

Available to roles: admin

Analytic Source Entity

This entity describes the source on which the case occurred.

Attribute Description
DB User DB user whose actions were observed in creating this case.
Database Database whose actions were observed in creating this case.
OS User OS User whose actions were observed in creating this case.
Privileged Whether user is privileged or not
Server IP Server IP on which the actions were observed.
Source Type Source Type on which the actions were observed.

Analytic Case entity

This entity describes the case details.

Attribute Description
Actual severity The actual severity level defined by the user. This allows the user to give feedback to the system.
Actual threat category The actual threat category defined by the user. This allows the user to give feedback to the system.
Case Number Case number assigned by Guardium®
Date Date case was opened
Closed by User name that closed the case
Create Date Date on which Guardium created the case.
Originating Unit The unit on which the observation occurred.
Period Start The first observation occurred during the time period that started as indicated.
Severity Case severity assigned by Guardium: low medium, high.
Threat Category Type of threat, for example: anomaly, account takeover, denial of service, data tampering, schema tampering, data leak. malicious stored procedure, SQL injection
Timestamp Timestamp when Analytic Case info was last modified

Analytic Case Observation entity

This entity describes the observations that spawned the case.

Attribute Description
Case Number Case number assigned by Guardium
Observation Potential attack symptoms, identified by Guardium
Priority Symptom Priority