Eagle Eye domain
Data on the Threat Detection Analytics. This topic describes the domain's entities and attributes.
Available to roles: admin.
Case entity
| Attribute | Description |
|---|---|
| Seen From | First recorded symptom for this suspected attack. |
| Case End | Last recorded symptom for this suspected attack. |
| Case ID | Unique identified for the suspected attack. |
| Case Type Id | Attack type, for example: SP (malicious STP), SQLI (SQL injection). |
| Confidence(%) | Certainty that this is an attack and not legitimate activity |
| Creation Time | Time of the first recorded symptom for this suspected attack. |
| DB Type | Type of DB that is the target of the suspected attack. |
| DB User Name | DB Name that was used to perform the suspicious activity. |
| Risk | Risk that the suspected attack can compromise sensitive data: 1 (low), 2 (medium), 3 (high). |
| STP Id | In case of malicious SP, the unique identifier of the stored procedure. |
| Server IP | IP address that is the target of the suspected attack. |
| Service Name | Service Name that is the target of the suspected attack. |
| Source Program | Source program that is the target of the suspected attack. |
| TimeStamp | Creation time of this record. |
| Additional Info | Additional details about the suspected attack. |
Case Type entity
Metadata table of threat detection cases.
| Attribute | Description |
|---|---|
| Case Type Id | Attack ID. |
| Case Type Name | Attack name. |
| Description | General information about the case type. |
| Timestamp | Timestamp of this record. |
Case Symptom Link entity
Link table.
| Attribute | Description |
|---|---|
| Case Id | Case ID. |
| Symptom Id | Symptom ID. |
Case Symptom entity
| Attribute | Description |
|---|---|
| Construct Id | The related SQL construct ID. |
| Count | Number of occurrences of this symptom. |
| Description | Symptom description. |
| Details | Additional details. |
| Error | The suspected SQL error that generated the symptom. |
| Original SQL | The suspected SQL statement that generated the symptom. |
| STP Id | In case of malicious SP, the unique identifier of the stored procedure. |
| Seen From | Time this symptom was first recorded. |
| Severity | Assigned score, used when calculating the risk. |
| Symptom End | Time this symptom was last recorded. |
| Symptom Id | Unique identifier for this symptom. |
| Symptom Type Id | Unique identifier for this symptom type. |
| TimeStamp | Timestamp of this record. |
| Additional Info |
Symptom Type entity
Metadata table, except for "Is Active"
| Attribute | Description |
|---|---|
| Description | Text description. |
| Is Active | Whether or not Guardium scans for this symptom. |
| Symptom Description Prefix | Symptom Description Prefix. |
| Symptom Group | Symptom Group |
| Symptom Name | Text name of symptom. |
| Symptom type Id | Unique identifier for symptom type. |
| TimeStamp | Timestamp of this record. |