Viewing and managing a Risk Event

View the Risk Event details to start an investigation. Respond to the Risk Event by closing it or creating a ticket for further investigation.

The Risk Event page displays detailed information about a Risk Event. It displays general information about the Risk Event and the related asset. If the asset type is Database or Database user, the page features links to the classification report and the vulnerability assessment report.

You can create a ticket in an external ticketing service to further investigate a risk event. When a risk event is delegated to any external ticketing service, the Status label displays the ticket number and ticket status. The ticket status is updated each time you open or refresh the Risk Event.

Restriction:

In Guardium® Insights, databases are identified by server IP and database name or service name, depending on their type.

Vulnerability assessment and classification results are based on the respective processes in Guardium Data Protection. They can be linked to Risk Events only if the Guardium Data Protection data source was defined by server IP and database name or service name.

  • The Overview tab displays a description of the Risk Event and a list of findings.
  • The Risk Event description details the main observations that led to choosing the category, and a description of the category.
  • The list of findings is ordered by the finding date and time. The last finding appears first. Several findings can occur in the same hour.
  • Click a finding to view details in a separate window. This window displays a link to a report, a table with the features that most affected the Risk Event’s severity level, a table with other features, .
  • Click the report link to view a detailed report of the finding in a new browser tab. The data this report displays depends on the finding type. If the finding is policy violations, for example, then the detailed report displays all the policy violations that are related to the asset during the specific hour.
  • Features that affected severity level – this table lists up to four features of the asset that most affected the Risk Event’s severity level. It has three columns that display the values of each feature in the last hour, last day, and last week relative to the time of the finding. ‘Last hour’ is the hour that starts at the finding’s date and time. ‘Last day’ is the 24 hours that lead up to the finding’s date and time. ‘Last week’ is the 7 days that lead up to the finding’s date and time.
  • Other features – this table lists all other features of the asset. It too has three columns with the values for the last hour, last day, and last week .
  • Related Risk Events tab – this tab displays the history of Risk Events that are related to the current Risk Event’s asset. If the asset had Risk Events in the past, then they are listed on this tab.