Predefined reports, tags, and data points

Guardium® Insights SaaS offers several predefined reports that help you quickly and easily identify security risks, such as inappropriately exposed objects, users with excessive rights, and unauthorized administrative actions. These predefined reports can be copied and customized. They cannot be deleted or modified in any way. Examples of the many predefined reports include: Client IP activity summary, Full SQL, Exception details, and Sensitive object usage.

Predefined reports

Table 1. Predefined reports, tags, and data points
Name Report ID Description Tag Data points
Activity log 000000000000000000002001 A log of all activities within Guardium Insights SaaS Guardium-activity, Internal Performed by, Context, Action taken, Context description, Activity, Audit trail ID, Date created (local time)
Standard Premium Administrative command usage 000000000000000000000702 This report lists all instances of SQL verbs included in the Administrative Commands group. Insider, Privileged-activity Server IP, Server hostname, Client IP, Service name, Database name, DB user, Source application, Verb, Object name, Total count
Standard Premium Administrative object usage 000000000000000000000703 This report lists all instances of object names included in the Administrative Objects group. Insider, Privileged-activity Server IP, Server hostname, Server database type, Database type, Client IP, OS user, Service name, Database name, DB user, Source application, Object name
Standard Premium Administrative user login 000000000000000000000701 This report details login activity for those with administrator privileges. Insider, Privileged-activity Server IP, Server hostname, Server database type, Database type, Client IP, OS user, Service name, Database name, DB user, Source application, Session ID
Audit results log 000000000000000000001301 A log of all audit activity and results within Guardium Insights SaaS Audit-activity, Internal User ID, Report name, Entry type, Date updated (local time), Field updated, Comment, Schedule ID, Entry ID
Assets 000000000000000000002101 The Assets report shows the results of data ingestion processes. Each row details the context information of an asset object that was ingested. For example, vulnerabilities, sensitive data elements, risk level, health information, asset tags, and other related attributes. Assets Asset ID, Asset name, Database type, Database name, Service name, IP Address, Hostname, Port, Asset origin, Data source name, Monitoring, Created time, Updated time, Risk level, Vulnerabilities, Asset tag category, Asset tag value, Sensitive data elements, User accounts
CCPA - account creation SQL statement 64653ad6a0471b6362d2e664 Commands and stored procedures involved in user creation processes. CCPA Server IP, Server hostname, Client IP, Service name, Database name, DB user, Source application, Verb, Object name, Total count
CCPA - database permission changes (GRANT and REVOKE) 64653ad6a0471b6362d2e665 GRANT and REVOKE commands can be used to hide unauthorized activity. Monitor this report to ensure all commands affecting CCPA-related objects are expected and authorized. CCPA Period start, DB user, OS user, Client IP, Mask SQL query, Source application, Server IP, Service name, Database name, Total count
CCPA - privileged command execution on privacy data 64653ad5a0471b6362d2e663 Logged administrative (high-powered) commands executed against CCPA-related objects. Monitor this report to ensure all commands affecting CCPA-related objects are expected and authorized. CCPA Period start, DB user, OS user, Client IP, Source application, Server IP, Service name, Database name, Verb, Mask SQL query, Total count
CCPA - queries on privacy data (SELECT on sensitive data objects) 64653ad7a0471b6362d2e666 Execution of SELECT against CCPA-related objects should be monitored and reviewed regularly to ensure no one is accessing personally identifiable information outside the bounds of what is permitted. CCPA Period start, Client IP, OS user, DB user, Source application, Server IP, Service name, Mask SQL query, Total count
CCPA - suspicious database errors 64653adaa0471b6362d2e669 A report showing the failed execution of SQL where the error code is considered high risk. CCPA Exception timestamp, Client IP, DB user, OS user, Server IP, Service name, Exception additional info, Error cause, SQL that caused exception
CCPA - unauthorized access (database user) 64653ad9a0471b6362d2e668 Access to databases containing CCPA-related data should be tightly controlled. Review this report to see all access by database users that are not classified as "admin" or "authorized". CCPA Period start, DB user, Client IP, OS user, Source application, Server IP, Service name, Mask SQL query, Total count
CCPA - unauthorized access (source IP) 64653ad8a0471b6362d2e667 Access to databases containing CCPA-related data should be tightly controlled. Review this report to see all access from unknown or unauthorized IP addresses. CCPA Period start, Client IP, OS user, DB user, Source application, Server IP, Service name, Mask SQL query, Total count
Premium Classification 000000000000000000001101 This report details incoming classification data. Premium Classification Classification start, Data source IP, Data source name, Data source type, Port, Service name, Schema, Catalog, Table, Column, Description, Classification name, Classification rule, Category, Comprehensive
Standard Premium Client IP activity summary 000000000000000000000901 This report displays activity for each client IP address. Activity Server IP, Server hostname, Server database type, Database type, Client IP, OS user, Service name, Database name, DB user, Source application, Objects and verbs, Total count
Standard Premium Command execution 000000000000000000000704 This report provides details about the usage of SQL verbs in the DROP, GRANT, ALTER, REVOKE Commands group. Insider, Privileged-activity Server IP, Server hostname, Server database type, Database type, Client IP, OS user, Service name, Database name, DB user, Source application, Verb
Connection events 000000000000000000001501 Guardium Insights SaaS internal report for tracking all connection events. Connection-events, Internal Hostname, Event type, Message, Event source, Event timestamp (local time), Connection ID, Connection name, Database name
Standard Premium Connection profiling list 000000000000000000000301 This report details incoming database connections. Connections Server IP, Server hostname, Server database type, Database type, Client IP, OS user, Service name, Database name, DB user, Source application, Session ID
Standard Premium DML execution on administrative objects 000000000000000000000705 This report details the instances in which SQL verbs from the DML Commands group were used to reference object names in the Administration Objects group. Insider, Privileged-activity Server IP, Server hostname, Client IP, Service name, DB user, Source application, Verb, Object name
Standard Premium DML execution on sensitive objects 000000000000000000000903 This report details each SQL verb from the DML Commands group that references an object name in the Sensitive Objects group. Activity Server IP, Server hostname, Client IP, Service name, DB user, Source application, Verb, Object name
Premium Data mart ingestion status 000000000000000000001800 The status of data mart files being ingested by Guardium Insights SaaS.
Note: This report includes data from both collectors and aggregators, whereas the Data mart ingestion page only includes data from collectors.
Data mart, Internal Status entry creation time, Period start, Period end, Ingestion ID, Guardium appliance hostname, Data type, Export record count, Export status, Ingestion status, Total file count, Successful file count, Failure file count, Error
Database permission changes (GRANT and REVOKE) 64653adea0471b6362d2e66e GRANT and REVOKE commands can be used to hide unauthorized activity. Monitor this report to ensure all grant and revoke activity is expected and authorized. Security best practices Period start, DB user, OS user, Client IP, Mask SQL query, Source application, Server IP, Service name, Database name, Total count
Standard Premium Exception details 000000000000000000000904 This report details exceptions logged. Activity Exception timestamp (local time), Server IP, Server hostname, Client IP, Service name, DB user, Source application, SQL that caused exception, Error cause, Exception additional info
Standard Premium Failed login attempts 000000000000000000000707 This report lists all failed login attempts. Insider, Privileged-activity DB user, Source address, Database protocol, Destination address, Exception ID
Standard Premium Full SQL 000000000000000000000905 This report shows the details for the full SQL statements that are run by DB users for a selected period of time. Activity DB user, Full SQL timestamp (local time), Server IP, Server hostname, Server database type, Database type, Client IP, OS user, Service name, Database name, Source application, SQL query
Premium Guardium task errors 000000000000000000001901 Error messages returned by Guardium Guardium task errors Guardium system hostname, Task ID, Task type, Task parameters, Error code, Error message, Timestamp
Standard Premium Number of connections per server 000000000000000000000401 This report shows the number of connections associated with each server. Denial-of-Service Server IP, Server hostname, Session ID
Outbound notification log 000000000000000000001401 Guardium Insights SaaS internal report for tracking all outbound notifications. Notification, Internal Status, , Integration, Origin, Destination, Title, Contents, Retry count, Date created (local time), Date delivered (local time)
Premium Outlier details Details of outliers per source   Outliers Detailed outlier score, Detailed high volume outlier, Detailed vulnerable object outlier, Detailed new activity outlier, Detailed exception outlier, Total activity count, Server IP, Database type, Client hostname, Operating system user, Database user, Database, Object, Verb, Period start (local time), Timeframe
Premium Outlier summary An hourly summary of outliers per source   Outliers Anomaly score, High volume outlier, Vulnerable object outlier, New activity outlier, Diverse activity outlier, Exception outlier, Ongoing outlier, Server IP, Database, Database user, Privileged user, Period start (local time), Timeframe
Standard Premium Policy violation 000000000000000000000906 This report shows every policy rule violation that is logged. Activity Policy violation timestamp (local time), DB user, Rule name, Server hostname, Server IP, Full SQL, Severity, Source application, Client IP, OS user
Standard Premium Policy violation - GBDI 000000000000000000000910 This report displays every policy rule violation imported from GBDI and received from data marts. It does not show data from direct audit streams received by GBDI. Activity Policy violation timestamp (local time), DB user, Rule name, Server IP, Full SQL, Severity, Source application, Client IP, OS user
Privileged command execution 64653adda0471b6362d2e66c Logged administrative (high-powered) commands that can affect the operation of the database. Monitor this reports to ensure all changes were expected and authorized Security best practices Period start, DB user, OS user, Client IP, Source application, Server IP, Service name, Database name, Verb, Mask SQL query, Total count
Standard Premium SQL errors 000000000000000000000203 This report lists SQL errors that were discovered. Brute-force Server IP, Server hostname, Server database type, Database type, Client IP, OS user, Service name, Database name, DB user, Source application, Exception additional info, Error cause, Exception ID
Standard Premium Scheduled jobs exceptions 0000000000000000000001001 This report displays exceptions for scheduled jobs. Activity Exception additional info, Exception ID
Standard Premium Sensitive object usage 000000000000000000000907 This report details all objects from the Sensitive Objects group that were referenced. Activity Object name, Server IP, Server hostname, Client IP, Service name, DB user, Source application
Standard Premium Sessions by client IP 000000000000000000000908 This report provides details about session data that is collected for each database user. Activity Client IP, Session ID
Suspicious database errors 64653ae1a0471b6362d2e672 A report showing the failed execution of SQL where the error code is considered high risk. Security best practices Exception timestamp, Client IP, DB user, OS user, Server IP, Service name, Exception additional info, Error cause, SQL that caused exception
Unauthorized access (database user) 64653ae1a0471b6362d2e671 Direct access to databases should be tightly controlled. Review this report to see all access by database users that are not classified as "admin" or "authorized". Security best practices Period start, DB user, Client IP, OS user, Source application, Server IP, Service name, Mask SQL query, Total count
Unauthorized access (source IP) 64653adfa0471b6362d2e66f Direct access to databases should be tightly controlled. Review this report to see all access from unknown or unauthorized IP addresses Security best practices Period start, Client IP, OS user, DB user, Source application, Server IP, Service name, Mask SQL query, Total count
Premium Vulnerability assessment 0000000000000000000001201 This report details incoming vulnerability assessment data. Vulnerability Data source name, Database type, DB name, DB version, DB patch, Full version info,Description, Host, Test, , Result description, Result text, Recommendation, Severity, Category, Execution date (local time), Assessment description, Service name, Port, Data source ID, Result details, Test ID, External reference, External group description

To work with an individual predefined report, click it in the Reports page.

Default report tags

Guardium Insights SaaS provides these predefined report tags:

  • Activity
  • Assets
  • Audit-activity
  • Brute-force
  • Classification
  • Connections
  • Connection-events
  • Data mart
  • Denial-of-Service
  • Guardium-monitoring
  • Guardium-activity
  • Insider
  • Insider-and-privileged-activity
  • Internal
  • Notification
  • Outliers
  • Privileged-activity
  • Vulnerability

You can also create your own report tags when creating or working with a custom report.

Report data points and columns

Default Guardium Insights SaaS report data types include:

Table 2. Event data points
Name Description
ID Event ID
Hostname Database server hostname
Event type Type for the connection event
Message Message in the connection event
Event source Source for the connection event
Connection ID The ID of the connection associated with the event
Connection name The name of the connection
Event timestamp (local time) Date and time of last update (local time)
Table 3. Exception data points
Name Description
Exception type ID Exception type code
Exception ID Uniquely identifies the exception
User Database user
Source address Source address
Destination address Server IP address.
Application user Name of the user creating the policy rule violation
Exception additional info Description of the database or S-TAP exception. S-TAP exceptions contain the IP address or DNS name of the database server. Database exceptions contain an error code from the database management system.
SQL that caused exception SQL that caused exception
Error cause Short text description of the error
Error code Database error code
Exception timestamp Date and time of the last update
Exception timestamp (local time) Date and time of last update (local time)
Session ID Uniquely identifies the session
Information link Link to more information about the exception
Original time zone The UTC offset provides a means of comparing the relative times of activities of collectors in different time zones
Exception count Count
Source ID Source ID
Collector ID Uniquely identifies the session access
Table 4. Full SQL data points
Name Description
Full SQL ID Unique identifier for the full SQL statement
Message type Message type
Session ID Uniquely identifies the session
Full SQL timestamp Date and time of the last update
Full SQL timestamp (local time) Date and time of the last update (local time)
Original time zone The UTC offset provides a means of comparing the relative times of activities of collectors in different time zones
Instance ID Unique identifier for the construct instance
Rule name The description of the rule from its definition
SQL query SQL string
Full SQL: Total records affected Total number of records affected
Result of SQL query Result of the SQL query
Status SQL statement status
SQL query response time The response time for the request in milliseconds
Acknowledge response time Acknowledged response time in milliseconds
Collector ID Uniquely identifies the session access
Table 5. Instance data points
Name Description
Message type Message type
Instance ID Unique identifier for the construct instance
Session ID Uniquely identifies the session
Original time zone Date and time of the last update (local time)
Period start Access period start date and time
Period end Access period end date and time
Application event ID Unique identifier for the application event entity
Application user Name of the user creating the policy rule violation
Application event type Application event type
Application event value (string) Application event value (string)
Application event value (number) Application event value (number)
Application event date Date and time when the event occurred
Construct ID Uniquely identifies the SQL statement
Mask SQL query Original SQL statement before any query rewrites are applied
Objects and verbs Verbs are SQL actions such as SELECT, INSERT, UPDATE, and DELETE. Objects are database objects such as tables, views, and schemas.
Number of successful SQL queries Number of successful SQL queries
Number of failed SQL queries Number of failed SQL queries
DB user Database user is the user that connected to the database, either locally or remotely
OS user OS user
Source application The application that originated the activity
Server IP Server IP address
Client IP Client IP address
Service name Service name or alias used until the service is connected
Client hostname Client hostname
Database type Type of database, for example Db2, Oracle, or Sybase
Database name Name of database for the session. Oracle databases may contain additional application-specific information.
Application event user User name set by GuardAppEvent:Start, part of the Guardium Application Events API
Server port Server port number
Network protocol Network protocol, for example TCP or UDP. For K-TAP on Oracle, this displays as either IPC or BEQ.
Instance: Total records affected Total number of records affected
Server hostname Server hostname
Access timestamp Date and time of the last update
Average time to execute SQL queries Average time to execute SQL queries
Collector ID Uniquely identifies the session access
Total count The total number of SQL queries, both successful and failed
Table 6. Object data points
Name Description
Object ID Uniquely identifies the object
Object name Name of the object
Message type Message type
Sentence ID The key of sentence entity
Construct ID Uniquely identifies the SQL statement
Object timestamp Date and time of the last update
Ingest timestamp Date and time of the last update
Table 7. Policy violation data points
Name Description
Message type Message type
Violation ID Uniquely identifies the violation
Session ID Uniquely identifies the session
Original time zone The UTC offset provides a means of comparing the relative times of activities of collectors in different time zones
OS user OS user
DB user Database user is the user that connected to the database, either locally or remotely
Client IP Client IP address
Client hostname Client hostname
Source application The application that originated the activity
Server IP Server IP address
Database type Type of database, for example Db2, Oracle, or Sybase
Service name Service name or alias used until the service is connected
Construct ID Uniquely identifies the SQL statement
Objects and verbs Verbs are SQL actions such as SELECT, INSERT, UPDATE, and DELETE. Objects are database objects such as tables, views, and schemas.
Application user Name of the user creating the policy rule violation
Access rule ID Uniquely identifies the access policy rule
Rule name The description of the rule from its definition
Full SQL SQL string causing the policy rule violation
Occurrences The total number of times a unique violation was observed
Category name Policy rule category
Classification name Classification of the policy rule as defined by the user
Severity Policy rule severity
Policy description Description of the policy
Policy violation timestamp Date and time of the last update
Server hostname Server hostname
Collector ID Uniquely identifies the session access
Policy violation timestamp (local time) Date and time of the last update (local time)
Table 8. Sentence data points
Name Description
Message type Message type
Sentence ID The key of sentence entity
Construct ID Uniquely identifies the SQL statement
Verb SQL command
Depth Depth of the command in the SQL parse tree
Parent sentence ID The key of the parent sentence for a subquery
Sentence timestamp Date and time of the last update
Ingest timestamp Date and time of the last update
Table 9. Session data points
Name Description
Message type Message type
Session ID Uniquely identifies the session
Database type Type of database, for example Db2, Oracle, or Sybase
Server OS Server operating system
Client OS Client operating system
Server ID Server ID
Client IP Client IP address
Network protocol Network protocol, for example TCP or UDP. For K-TAP on Oracle, this displays as either IPC or BEQ.
Database protocol Protocol specific to the database server
Database protocol version Protocol version for the database protocol
DB user Database user is the user that connected to the database, either locally or remotely
OS user OS user
Source application The application that originated the activity
Client hostname Client hostname
Server hostname Server hostname
Service name Service name or alias used until the service is connected
Database name Name of database for the session. Oracle databases may contain additional application-specific information.
Client port Client port number
Server port Server port number
Source ID Source ID
Original time zone The UTC offset provides a means of comparing the relative times of activities of collectors in different time zones
Connection start Date and time the session started
Connection end Date and time the session ended
TTL Time to live. The amount of time that data is allowed to live in the database
Inactive flag -1: Closed by database session timeout, 0: Open (SQL package), 1: Closed by logout or disconnect, 2: Closed due to timeout on Guardium system (session reopens if traffic is regenerated in the same session), 3: Non-SQL packets
Session ignored Indicates if any part of the session was ignored, starting at a specific time.
Ignore since Timestamp when the session was first ignored
UID chain For a session reported by UNIX S-TAP in K-TAP mode, this shows the chain of operating system users when users 'su' with a different username.
Compressed UID chain The chain of operating system users, starting from when a user switches to a different username. The values that appear here vary by operating system and platform. User IDs may be reported instead of usernames in the UID Chain.
Failover flag Indicates if a session failover occurred
Failover timestamp Date and time of session failover
Login succeeded Indicates if session login was successful
Sender IP Sender's IP address
Inspection engine identifier Inspection engine identifier
Access ID A unique identifier for this client/server connection
Server IP Server IP address
Server database type Type of database, for example Db2, Oracle, or Sybase
Server IP/Server hostname Server IP/Server hostname
Server/Database type Server/Database type
Table 10. Vulnerability assessment data points
Name Description
Message type Message type
Data source name Full name of the data source
Database type Type of database, for example Db2, Oracle, or Sybase
DB name Database name
DB version Database version level
DB patch Database patch level
Full version info Database version and patch
Description Data source description
Host Database host
Test Test description
Result code Code for the result description that can be used if the report data is exported
Result description Either Pass or the reason for the test failure
Result text Details of the test results
Recommendation Actions to take to eliminate the vulnerability
Severity Policy rule severity
Category Policy rule category
Execution date Date and time the vulnerability process started running
Execution date (local time) Date and time the vulnerability process started running (local time)
Assessment description Name of the assessment process
Service name Service name or alias used until the service is connected
Port Data source port
Data source ID ID of the data source
Result details Additional test result details
Test ID Test case ID
External reference Description of the external reference
External group description Description of the external group
Server IP Server IP address
Table 11. Classification data points
Name Description
Message type Message type
Start date (local time) Date and time the classification process started running (local time).
Data source IP The data source server IP
Data source name Full name of the data source
Data source type Database type
Port Data source port
Service name Service name or alias used until the service is connected
Schema Displays if the data source includes schema details.
Catalog Displays if the data source includes catalog details.
Table Table name in the data source
Column Column name in the data source
Description Data source description
Classification name Classification of the policy rule as defined by the user
Classification rule Classification rules use regular expressions, Luhn algorithms, and other criteria to define rules for matching content when applying a classification policy.
Comments Comments are added by users to provide additional details.
Category Categories are used to group policy violations for both reporting and incident management.
Comprehensive Classification based on random sampling of data
Global ID Uniquely identifies the session access
Classification start Date and time the classification process started running
Classification start (local time) Date and time the classification process started running (local time)
Table 12. Audit data points
Name Description
User ID ID of the user that took an action on the audit
Report name Report name for the audit
Data source IP The data source server IP
Entry type Audit or task type
Entry title Audit or task entry
Date updated (local time) Date and time of the last update
Field updated Field updated while auditing
Comment User comment
Schedule ID ID for the scheduled job that includes scheduled tasks
Entry ID ID for the audit or task associated with this audit event
Table 13. User notification data points
Name Description
Title Notification title
Contents Detailed contents for the notification
Retry count Number of times the notification was resent
Date created (local time) Date and time the notification was created
Date delivered (local time) Date and time the notification was delivered
Status Status for the notification
Integration Integration service used by the notification
Origin Incoming source for the notification
Destination Where the notification will be sent
Table 14. Data mart data points
Name Description
Ingestion ID Unique ID generated per data mart per Guardium system
Guardium appliance hostname Full hostname of the Guardium system sending the data mart
Data type The type of data mart
Period start The period start of the data belonging to that particular data mart bundle
Period end The period end of the data belonging to that particular data mart bundle
Export record count The total count of records exported from a Guardium system for a data mart
Export status Status of the export process of data mart from a Guardium system
Ingestion status Status of the ingestion of data inside Guardium Insights SaaS
Total file count Total number of files inside a data mart
Successful file count Total number of files successfully ingested for a data mart
Failure file count Total number of files failed on ingestion for a data mart
Error Error information for a data mart, if error information is available
Status entry creation time The timestamp in UTC for when the entry gets created
Table 15. Outlier data points
Name Description
Server IP Server IP address
Database user Database user is the user that connected to the database, either locally or remotely
Database Name of database for the session. Oracle databases may contain additional application-specific information.
Anomaly score Outlier anomaly score
Period start Outliers identified based on activities for the hour starting at this time
Period start (local time) Outliers identified based on activities for the hour starting at this time (local time)
New activity outlier Unusual volume of new activities
Privileged user Privileged user
High volume outlier Exceptionally high volume of activities
Diverse activity outlier Exceptionally high volume of different types of activities. For example, a larger range of activities than usual or activities performed at an unusual time.
Exception outlier Unusually high volume of exceptions
Ongoing outlier Anomaly continued for an ongoing period of time. These anomalies may have had a low score and did not result in an outlier on their own.
Database type Type of database, for example Db2, Oracle, or Sybase
Timeframe Outlier activity occurred during this timeframe. Timeframe can be workday, weekend, or off-hours
Vulnerable object outlier Exceptionally high volume of activities on vulnerable objects
Application The application that originated the activity
Total activity count The total number of SQL commands that result in this outlier
Detailed outlier score The outlier anomaly score applies only to high volume and vulnerable object outliers
Object Name of the object
Verb SQL command
Detailed exception outlier These are the details of an outlier with a high volume of exceptions
Detailed new activity outlier These are the details of an outlier with an unusual volume of new activities
Detailed high volume outlier These are the details of an outlier with an exceptionally high volume of activities
Records affected The number of records affected by the SQL commands that results in this outlier
Client IP Client IP address
Client hostname Client hostname
Operating system user OS user
Detailed vulnerable object outlier These are the details of an outlier with an exceptionally high volume of activities on vulnerable objects
Table 16. Activity log data points
Name Description
Performed by The user who performs the activity
Context The service context of the activity
Action taken The action taken by the activity
Context description The detailed context description of the activity
Activity The detailed context of the activity
Audit trail ID The audited trail id of the activity
Date created (local time) Date and time the activity was created
Table 17. Assets data points
Name Description
Asset ID A unique identifier for the asset
Asset name Name of the asset
Database type Database type that is associated with the asset
Database name Database name that is associated with the asset
Service name Identifier for the asset database service
IP Address IP address of the database server
Hostname Hostname for database server
Port Port number of the database server
Asset origin Source name from where the asset was ingested into asset inventory
Data source name Name of the data source where the vulnerability scan or classification scan is run
Monitoring Health status of the monitoring control enforced on the asset. For example, S-TAP.
Created time The time when the asset was created
Updated time The time when the asset was updated
Risk level Severity level of the open risk events detected in the asset
Vulnerabilities Vulnerabilities detected in the asset when the vulnerability scan is run
Asset tag category Business context category assigned to the asset
Asset tag value Business context value assigned to the asset
Sensitive data elements Sensitive data elements discovered in the asset when the classification scan is run
User accounts User account names who accessed the asset database

New report data points

Table 18. New report data points
Category Category ID Available data points
Assets 000000000000000000002101
Classification 000000000000000000000006
DB activity 000000000000000000000001
DB exception 000000000000000000000003
Data mart ingestion status 000000000000000000000018 Table 14
Full SQL 000000000000000000000004
Outliers 000000000000000000000010 Table 15
Policy violation 000000000000000000000002
Vulnerability assessment 000000000000000000000005