Analytic Threat Analytics domain
This domain has detailed descriptions of active threat analytics. This topic describes the domain's entities and attributes.
Available to roles: admin
Analytic Source Entity
This entity describes the source on which the case occurred.
|DB User||DB user whose actions were observed in creating this case.|
|Database||Database whose actions were observed in creating this case.|
|OS User||OS User whose actions were observed in creating this case.|
|Privileged||Whether user is privileged or not|
|Server IP||Server IP on which the actions were observed.|
|Source Type||Source Type on which the actions were observed.|
Analytic Case entity
This entity describes the case details.
|Case Number||Case number assigned by Guardium®|
|Date||Date case was opened|
|Closed by||User name that closed the case|
|Create Date||Date on which Guardium created the case.|
|Originating Unit||The unit on which the observation occurred.|
|Period Start||The first observation occurred during the time period that started as indicated.|
|Severity||Case severity assigned by Guardium: low medium, high.|
|Threat Category||Type of threat, for example: anomaly, account takeover, denial of service, data tampering, schema tampering, data leak. malicious stored procedure, SQL injection|
|Timestamp||Timestamp when Analytic Case info was last modified|
Analytic Case Observation entity
This entity describes the observations that spawned the case.
|Case Number||Case number assigned by Guardium|
|Observation||Potential attack symptoms, identified by Guardium|