Eagle Eye domain
Data on the Threat Detection Analytics. This topic describes the domain's entities and attributes.
Available to roles: admin.
Case entity
Attribute | Description |
---|---|
Seen From | First recorded symptom for this suspected attack. |
Case End | Last recorded symptom for this suspected attack. |
Case ID | Unique identified for the suspected attack. |
Case Type Id | Attack type, for example: SP (malicious STP), SQLI (SQL injection). |
Confidence(%) | Certainty that this is an attack and not legitimate activity |
Creation Time | Time of the first recorded symptom for this suspected attack. |
DB Type | Type of DB that is the target of the suspected attack. |
DB User Name | DB Name that was used to perform the suspicious activity. |
Risk | Risk that the suspected attack can compromise sensitive data: 1 (low), 2 (medium), 3 (high). |
STP Id | In case of malicious SP, the unique identifier of the stored procedure. |
Server IP | IP address that is the target of the suspected attack. |
Service Name | Service Name that is the target of the suspected attack. |
Source Program | Source program that is the target of the suspected attack. |
TimeStamp | Creation time of this record. |
Additional Info | Additional details about the suspected attack. |
Case Type entity
Metadata table of threat detection cases.
Attribute | Description |
---|---|
Case Type Id | Attack ID. |
Case Type Name | Attack name. |
Description | General information about the case type. |
Timestamp | Timestamp of this record. |
Case Symptom Link entity
Link table.
Attribute | Description |
---|---|
Case Id | Case ID. |
Symptom Id | Symptom ID. |
Case Symptom entity
Attribute | Description |
---|---|
Construct Id | The related SQL construct ID. |
Count | Number of occurrences of this symptom. |
Description | Symptom description. |
Details | Additional details. |
Error | The suspected SQL error that generated the symptom. |
Original SQL | The suspected SQL statement that generated the symptom. |
STP Id | In case of malicious SP, the unique identifier of the stored procedure. |
Seen From | Time this symptom was first recorded. |
Severity | Assigned score, used when calculating the risk. |
Symptom End | Time this symptom was last recorded. |
Symptom Id | Unique identifier for this symptom. |
Symptom Type Id | Unique identifier for this symptom type. |
TimeStamp | Timestamp of this record. |
Additional Info |
Symptom Type entity
Metadata table, except for "Is Active"
Attribute | Description |
---|---|
Description | Text description. |
Is Active | Whether or not Guardium scans for this symptom. |
Symptom Description Prefix | Symptom Description Prefix. |
Symptom Group | Symptom Group |
Symptom Name | Text name of symptom. |
Symptom type Id | Unique identifier for symptom type. |
TimeStamp | Timestamp of this record. |