BigData Intelligence Policy Violations domain

All policy violation data, for all violations of the policy detected by the Guardium inspection engines or STAPs. This topic describes the domain's entities and attributes. This topic describes the domain's entities and attributes.

This entity is created each time that a policy rule violation is logged. Not all policy rule violations are logged - see the description of the rule actions in Policy rule actions. The access rule causing the violation is available in the dependent Access Rule Entity (described earlier).

Available to roles: all.

This domain is available in Guardium systems that have a defined datasource of type GBDI.

BigData Intelligence Policy Violations Entity

Attribute Description
Access Rule Description The description of the rule from its definition.
Analyzed Client IP Applies only to encrypted traffic; when set, client IP is set to zeroes.

Analyzed Client IP has a map for CEF source. If the query used for the CEF does NOT contain the Client IP but contains the analyzed client IP, the analyzed client IP will be used for the source. If both included in the query, then Client IP takes precedence.

Client Host Name Client Host Name
DB User Name Database user name. The user that connected to the database, either local or remote.
Full SQL String SQL string that caused the policy rule violation.
Guardium Appliance Host name of collector that reported this data.
Objects and Verbs Database user name. The DB user name is the person who connected to the database, either local or remote.
OS User OS user that caused the policy rule violation.
Server Host Name Server on which the policy rule violation occurred.
Server IP Server IP on which the policy rule violation occurred.
Server Type Server type on which the policy rule violation occurred.
Service Name Service Name in which the policy rule violation occurred.
Severity Severity of the policy rule violation.
Source Program Source Program in which the policy rule violation occurred.
Timestamp Created when the policy rule violation is logged. Not all policy rule violations are logged
Timestamp Date Date in the timestamp
UTC Offset The difference in time between UTC time and time of collector that reported that data
Violation Log Id Unique identifier of the violation log