Eagle Eye domain

Data on the Threat Detection Analytics. This topic describes the domain's entities and attributes.

Available to roles: admin.

Case entity

Attribute Description
Seen From First recorded symptom for this suspected attack.
Case End Last recorded symptom for this suspected attack.
Case ID Unique identified for the suspected attack.
Case Type Id Attack type, for example: SP (malicious STP), SQLI (SQL injection).
Confidence(%) Certainty that this is an attack and not legitimate activity
Creation Time Time of the first recorded symptom for this suspected attack.
DB Type Type of DB that is the target of the suspected attack.
DB User Name DB Name that was used to perform the suspicious activity.
Risk Risk that the suspected attack can compromise sensitive data: 1 (low), 2 (medium), 3 (high).
STP Id In case of malicious SP, the unique identifier of the stored procedure.
Server IP IP address that is the target of the suspected attack.
Service Name Service Name that is the target of the suspected attack.
Source Program Source program that is the target of the suspected attack.
TimeStamp Creation time of this record.
Additional Info Additional details about the suspected attack.

Case Type entity

Metadata table of threat detection cases.

Attribute Description
Case Type Id Attack ID.
Case Type Name Attack name.
Description General information about the case type.
Timestamp Timestamp of this record.

Case Symptom Link entity

Link table.

Attribute Description
Case Id Case ID.
Symptom Id Symptom ID.

Case Symptom entity

Attribute Description
Construct Id The related SQL construct ID.
Count Number of occurrences of this symptom.
Description Symptom description.
Details Additional details.
Error The suspected SQL error that generated the symptom.
Original SQL The suspected SQL statement that generated the symptom.
STP Id In case of malicious SP, the unique identifier of the stored procedure.
Seen From Time this symptom was first recorded.
Severity Assigned score, used when calculating the risk.
Symptom End Time this symptom was last recorded.
Symptom Id Unique identifier for this symptom.
Symptom Type Id Unique identifier for this symptom type.
TimeStamp Timestamp of this record.
Additional Info  

Symptom Type entity

Metadata table, except for "Is Active"

Attribute Description
Description Text description.
Is Active Whether or not Guardium scans for this symptom.
Symptom Description Prefix Symptom Description Prefix.
Symptom Group Symptom Group
Symptom Name Text name of symptom.
Symptom type Id Unique identifier for symptom type.
TimeStamp Timestamp of this record.