This page contains a description of the attributes contained in each entity. For an overview of domains, entities, and attributes, see Domains, Entities, and Attributes. For a description of all domains, see Domains. Click one of the links below to see a description of that entity.
Access Periods are related to Sessions. By default, an access period is one hour long, but this can be changed by the Guardium administrator in the Inspection Engine Configuration (it corresponds to the Logging Granularity).
|
Attribute |
Description |
|
Session Id1 |
Uniquely identifies a session. |
|
Instance Id1 |
Uniquely identifies an instance of a construct see below. |
|
Construct Id1 |
Uniquely identifies a command construct (for example, "select a from b"). |
|
Total Access1 |
Total count of above construct instances for this access period. |
|
Period Start Date |
Date only from the period start attribute. |
|
Period Start Weekday |
Weekday only from the period start attribute. |
|
Period Start Time |
Time only from the period start attribute. |
|
Timestamp |
Initially, the Timestamp value is set the first time that a request is observed on a client-server connection during an access period. By default, an access period is one hour long, but this can be changed by the Guardium administrator in the Inspection Engine Configuration – see the Guardium Administrator Guide. Thereafter, for each subsequent request, it is updated when the system updates the average execution time and the command count for this period. |
|
Period End |
Date and time for the end of the access period. |
|
Period End Date |
Date only from the period end attribute. |
|
Period End Weekday |
Weekday only from the period end attribute. |
|
Period End Time |
Time only from the period end attribute. |
|
Application User |
Application user name. |
|
Average Execution Time |
The average command execution time during the period. This is for SQL statements only. It does not apply to FTP or Windows file share traffic. |
|
Failed Sqls2 |
The number of failed SQL requests. See note below. |
|
Successful Sqls2 |
The number of successful SQL requests. See note below. |
|
Application Event ID |
The application event ID if set from the API. |
|
Total Records Affected2 |
The total number of records affected. See note below. |
|
Avg Records Affected2 |
The average number of records affected. See note below. |
|
Total Records Affected (Desc)2 |
If the Total Records Affected attribute (above) is a character string instead of a number, that value appears here (for example, Large Results Set, or N/A. |
|
Show Seconds |
If a the number of accesses per second is being tracked, this contains counts for each second in the access period (usually one hour). |
1 Available to users with the admin role only.
2 These attributes appear only when the main entity for the query permits this level of detail. These are not available if either Client/Server or Session is the main entity.
The name assigned to an access rule when it was defined. This is available for reporting only from the owning Policy Rule Violation entity (described later), when an access rule violation is logged.
|
Attribute |
Description |
|
Access Rule Description |
Description from the access policy rule definition. |
Available only from the Aggregation/Archive domain, which by default is available to users assigned the admin role only. The Activity Types entity can be accessed only from the owning Aggregation/Import/Export Log Entity, which is described below. It identifies a type of action (Prepare for Aggregation, Encrypt, Send, etc.).
|
Attribute |
Description |
|
Activity Type |
Description of an aggregation/import/export activity. |
Available only from the Aggregation/Archive domain, which by default is available to users assigned the admin role only. One or more Aggregation/Import/Export Log entities are created for each activity. For example, when an aggregator system imports data, you will typically see at least four activities:
Prepare for Aggregation
Check Duplicate Import (one per file exported to this aggregator)
Extract (one per file to be merged)
Merge (one per file merged)
|
Attribute |
Description |
|
Timestamp |
Updated at the start and end of the activity being logged (prepare for archiving, encrypt, send, etc.). |
|
Status |
Status of the aggregation/import/export log activity. |
|
User Name |
User name under which activity initiated. |
|
Start Time |
Starting time of activity. |
|
End Time |
Ending time of activity. |
|
Period Start |
Starting time for the data being acted upon. Each archiving or aggregation activity operates on one full day of activity. |
|
Period End |
Ending time for the activity being acted upon. |
|
File Name |
Name of file used for the activity. Files created by the archive and export operations are named as follows: |
|
<daysequence>-<scp_host>-w<run_datestamp>-d<data_date>.dbdump.enc For example: 732423-g1.guardium.com-w20050425.040042-d2005-04-22.dbdump.enc The date of the data contained on the file, in yyyy-mm-dd format is data_date, near the end of the file name (just before .dbdump.enc). Take care that you do not confuse this date with the run date, which appears earlier in the file name, and is the date that the data was archived or exported. |
|
|
Comment |
Additional comment for the activity. |
|
Guardium Host Name |
The name of the Guardium host. |
|
Records Purged |
If the activity type is Purge, the number of records purged. Otherwise, N/A. |
Describes a policy alert notification.
|
Attribute |
Description |
|
ALERT_NOTIFICATION_ID1 |
Identifies the alert notification. |
|
ALERT_ID1 |
Identifies the alert definition. |
|
Alert Notification Type |
Type of alert from the policy rule definition. |
|
Alert User |
Receiver of the alert. |
|
Alert Destination |
Type of alert (EMAIL, SNMP, SYSLOG, CUSTM). |
|
Timestamp |
Timestamp alert record created. |
1 Available to users with the admin role only.
Used for the SAP and Siebel reports.
|
Attribute |
Description |
|
Application Data ID |
Unique identifier for this data. |
|
Application Code |
The application type code. |
|
Full SQL ID |
Identifies the full SQL data. |
|
Application Type |
Application type. |
|
User |
Application user name. |
|
Operation Type |
The type of operation. |
|
Change Date |
Date of the change. |
|
Time Stamp |
Time stamp for this record. |
|
Item Name |
Name of the item affected. |
|
Transaction Code |
Transaction code. |
|
System ID |
Unique identifier for the system. |
|
Record Detail 1 |
Varies by item type. |
|
Record Detail 2 |
Varies by item type. |
|
Record Detail 3 |
Varies by item type. |
|
Record Detail 4 |
Varies by item type. |
|
VBKey |
The VBKey value. |
This entity is created each time that the system observes an Application Events API call (which sets these attribute values) or a stored procedure call that has been identified as a Custom Identification Procedure (which maps stored procedure parameters to these attributes).
|
Attribute |
Description |
|
Application Event ID1 |
Unique identifier for this application events entity. |
|
Event User Name |
User name, set by GuardAppEvent:Start. |
|
Event Type |
Type of event, set by GuardAppEvent:Start. |
|
Event Value Str |
String value, set by GuardAppEvent:Start. |
|
Event Value Num |
Numeric value, set by GuardAppEvent:Start. |
|
Event Date |
Datetime value, set by GuardAppEvent:Start. It displays in the format yyyy-mm-dd hh:mm:ss.
|
|
Timestamp |
Created only once, when the event is logged. Do not confuse this attribute with the Event Date attribute, which can be set using an API call or from a stored procedure parameter. (See the Guardium Administrator Guide for a description of the Application Events API and Custom Identification Procedures.) |
|
Event Release Type |
Type of event, set by GuardAppEvent: Released. |
|
Event Release User Name |
User name, set by GuardAppEvent: Released. |
|
Event Release Value Str |
String value, set by GuardAppEvent: Released. |
|
Event Release Value Num |
Numeric value, set by GuardAppEvent: Released. |
|
Event Release Date |
Datetime value, set by GuardAppEvent:Released. It displays in the format yyyy-mm-dd hh:mm:ss. |
1 Available to users with the admin role only.
This entity is created each time that an assessment is run.
|
Attribute |
Description |
|
Assessment Log Id1 |
Uniquely identifies the assessment. |
|
Timestamp |
Timestamp for the assessment. |
|
Timestamp Date |
Date portion of above. |
|
Timestamp Time |
Time portion of the above. |
|
Assessment Log Type |
Predefined, query or custom test. |
|
Assessment Log Severity |
The assessment text severity: Critical, Major, Minor, Cautionary, Informational. |
|
Assessment Result Id1 |
Identifies the assessment results set. |
|
Message |
Message returned by the assessment. |
|
Details |
Details for this assessment. |
1 Available to users with the admin role only.
This entity is identifies a datasource accessed by the assessment test.
|
Attribute |
Description |
|
Assessment Result data source Id1 |
Identifies a results set for a datasource. |
|
Assessment Result Id1 |
Identifies the result. |
|
DB Type |
Database type: Oracle, MS-SQL, DB2, Sybase, Informix, etc. |
|
DB Name |
Database name. |
|
Version Level |
Version level of the database. |
|
Patch Level |
Patch level of the database. |
|
Full Version Info |
Full version information for the datasource |
|
Datasource name |
Name of the datasource. |
|
Description |
Datasource description. |
|
Host |
Host name for the datasource. |
|
Port |
Port number on the host. |
|
Service Name |
Service name for the datasource. |
|
User Name |
User name used for datasource access. |
1 Available to users with the admin role only.
This entity is created for each task in the assessment results set.
|
Attribute |
Description |
|
Assessment Result Id1 |
Identifies the assessment results set. |
|
Assessment Id1 |
Identifies the assessment. |
|
Task Id1 |
Identifies the task within the assessment. |
|
Parameter Modified Flag |
Indicates if parameters modified since last run. |
|
Execution Date |
Date that the assessment was run. |
|
Received By All |
Indicates whether or not these results have been received by all receivers on the distribution list. |
|
Overall Score |
Overall score for the assessment. |
|
From Date |
From date for the assessment. |
|
To Date |
To date for the assessment. |
|
Assessment Description |
Assessment name from the definition. |
|
Filter Client Ip |
Clients selected: exact IP address, address with wildcards (*), or empty to select all. |
|
Filter Server Ip |
Servers selected: exact IP address, address with wildcards (*), or empty to select all. |
|
Recommendation |
Recommendation returned for the task. |
1 Available to users with the admin role only.
This entity contains basic definition parameters for an audit process.
|
Attribute |
Description |
|
Process Description |
Description from audit process definition. |
|
Active |
Indicates if the process is active (able to be scheduled). |
|
Keep Result Days |
The number of days the results will be kept by the system. |
|
Keep Results Quantity |
The number of results sets that will be kept by the system. |
This entity has comments attached to an audit process definition. Comments attached to audit process results are contained the Audit Process Results Comments entity (below).
|
Attribute |
Description |
|
Audit Process Comment |
The text of the comment. |
|
Audit Process Comment Creator |
The creator of the comment. |
|
Audit Process Comment Timestamp |
Timestamp for the comment. |
This entity describes a single audit task (within an audit process).
|
Attribute |
Description |
|
Task Type |
A numeric value indicates whether the task is a report (1), security assessment (2), entity audit trail (3), privacy set (4) or classification process (5). Aliases are defined for these types, so reports with Aliases on will simplify reading of the report output. |
|
Task Description |
Name of the task from the task definition. |
This entity contains the execution date for a set of audit process results.
|
Attribute |
Description |
|
Execution Date |
The date the audit process was executed. |
This entity has comments attached to an audit process results. Comments attached to an audit process definition are contained the Audit Process Comments entity (above).
|
Attribute |
Description |
|
Audit Process Comment |
The text of the comment. |
|
Audit Process Comment Creator |
The creator of the comment. |
|
Audit Process Comment Timestamp |
Timestamp for the comment |
This entity identifies when a scan executed.
|
Attribute |
Description |
|
Scan Timestamp |
The time the scan executed. |
This entity describes a changed column.
|
Attribute |
Description |
|
Changed Column Name |
Name of the changed column on the database. |
|
Old Value |
Value before the change. |
|
New Value |
Value after the change. |
This entity is created for each classification process rule that is fired.
|
Attribute |
Description |
|
Catalog |
Catalog location for results set. |
|
Schema |
Schema name if applicable. |
|
Table Name |
Table name from the rule definition. |
|
Column Name |
Column name from the rule definition. |
|
Rule Description |
The classifier policy rule description. |
|
Comments |
Any comments added to this rule definition. |
|
Classification Name |
Classification for the rule. |
|
Category |
Category for the rule. |
|
Data Source Description |
Data source for the rule. |
This entity describes a classification process job execution.
|
Attribute |
Description |
|
Process Description |
From the process definition. |
|
Status |
Job status. |
|
Queue DateTime |
Timestamp when the job was submitted to the classifier/assessment queue. |
|
Start DateTime |
Timestamp at start of job. |
|
End DateTime |
Timestamp at end of job. |
|
Data Sources |
Identifies the datasource list for the job. |
This entity describes a specific client-server connection. An instance is created each time a unique set of attributes (excluding the Timestamp) is detected.
|
Attribute |
Description |
|
Access Id1 |
A unique identifier for this client/server connection. |
|
Timestamp |
Since all attributes in this entity contain static information, this timestamp is created only once, when Guardium observes a request on the defined client-server connection for the first time. |
|
Timestamp Date |
Date only from the timestamp. |
|
Timestamp Time |
Time only from the timestamp. |
|
Timestamp Weekday |
Weekday only from the timestamp. |
|
Timestamp Year |
Year only from the timestamp. |
|
Server Type |
DB2, Oracle, Sybase, etc. |
|
Client IP |
Client IP address. |
|
Server IP |
Server IP address. |
|
Network Protocol |
Network protocol used (e.g., TCP, UDP, etc. Note that for K-TAP on Oracle, this may display as either IPC or BEQ) |
|
DB Protocol |
Protocol specific to the database server. |
|
DB Protocol Version |
Protocol version for the above. |
|
DB User Name |
Database user name. |
|
Source Program |
Source program for the interaction. |
|
Client MAC |
Client hardware address. |
|
Client Host Name |
Client host name. |
|
Service Name |
Service name for the interaction. In some cases (AIX shared memory connections, for example), the service name is an alias that is used until the actual service is connected. In those cases, once the actual service is connected, a new session is started - so what the user experiences as a single session will be logged as two sessions. |
|
Server OS |
Server operating system. For Informix, the OS may appear as follows: IEEEM indicating Unix or JDBC |
|
Client OS |
Client operating system. |
|
OS User |
OS user account for the interaction. |
|
Server Host Name |
Server host name. |
|
Server Description |
Server description (if any). |
|
ClientIP-DBUser |
Paired attribute value consisting of the client IP address and database user name. |
|
Analyzed Client IP |
Applies only to encrypted traffic; when set, client IP is set to zeroes. |
1 Available to users with the admin role only.
For each command, an entity is created for each parent node and position in which the command appears in a command construct.
|
Attribute |
Description |
|
Command Id1 |
Uniquely identifies the command. |
|
Construct Id1 |
Uniquely identifies the construct (e.g., select a from b). |
|
SQL Verb |
Main verb in SQL command (e.g., select, insert, delete, etc.). |
|
Depth |
Depth of the command in the SQL parse tree. |
|
Parent |
Identifier of parent node in the parse tree. |
1 Available to users with the admin role only.
This entity describes a user comment. It is available in the Comments domain only, which is restricted to admin users. This domain includes only sharable comments, which are all comments except for those that run locally (see the Local Comments entity).
|
Attribute |
Description |
|
Comment Creator |
The Guardium user who created the comment. |
|
Comment Reference |
Indicates the element to which the comment is attached – a query, audit process result, or another comment, for example. |
|
Content of Comment |
The complete comment text. |
|
Timestamp |
Date and time the comment was created. |
|
Timestamp Year |
Year only from the timestamp. |
|
Timestamp WeekDay |
Weekday only from the timestamp. |
|
Timestamp Time |
Time only from the timestamp. |
|
Timestamp Date |
Date only from the timestamp. |
|
Object Description |
The name of the object from which the comment was defined. For example, a comment defined on a policy has an object description of ACCESS_RULE_SET. |
The text of each common database error message is stored in a table in the Guardium internal database. It is available for reporting only from the owning Exception Entity (see below), for each exception that is a database error. Some types of exceptions – S-TAP disconnects or reconnects, for example – will have no database error text.
|
Attribute |
Description |
|
Database Error Text |
A database error code followed by a short text description of the error. The error code is taken from the Exception Description attribute of the Exception entity. Using the error code as a key, the error text is obtained from an internal table on the Guardium appliance, which contains the most common error messages (about 54,000 of them). For example: ORA-00942: table or view does not exist |
This entity identifies a discovered host.
|
Attribute |
Description |
|
Server IP |
IP address of the discovered host. |
|
Server Host Name |
Host name of the discovered host. |
This entity identifies a discovered port.
|
Attribute |
Description |
|
Port |
Discovered port number. |
|
Probe Attempted |
Indicates if a probe for a supported database service has been attempted on this port. T=yes, F=no. |
|
Port Type |
Indicates the port type (usually TCP). |
|
DB Type |
If a probe of the port has found a supported database type, indicates the type (DB2, Informix, MS SQL Server etc.) |
|
Probe Timestamp |
The date and time that this specific port was probed. |
This entity is created for each exception encountered.
|
Attribute |
Description |
|
Exception ID1 |
Uniquely identifies the exception. |
|
Exception Type ID1 |
Uniquely identifies the exception type. |
|
Exception Timestamp |
Date and time created when this Exception entity was logged. |
|
Exception Date |
Date only from the timestamp. |
|
Exception Time |
Time only from the timestamp. |
|
Exception Weekday |
Weekday only from the timestamp. |
|
Exception Year |
Year only from the timestamp. |
|
Source Address |
Source IP address of the exception. |
|
Source Port |
Source port number. |
|
Destination Address |
Destination IP address. |
|
Destination Port |
Destination port number. |
|
Database Protocol |
Database protocol for the exception. |
|
New TTL value |
Reserved for admin role use only. |
|
Exception Description |
Description of the exception. For an S-TAP reconnect or timeout exception, this will contain the IP address or DNS name of the database server. For a database exception, this is an error code from the database management system. For most common messages (about 54,000 of them), a longer text description is available in the Database Error Text attribute. That text comes from the internal Guardium database table of error messages, not from the exception itself. |
|
SQL string that caused the exception |
The SQL string that caused the exception. |
|
User Name |
Database user name. On encrypted traffic, where correlation is required, this value may not be available, but it is always available from the DB User Name attribute in the Client/Server entity. |
|
App User Name |
Application user name. |
|
Link to more information about the exception1 |
Optional link that is sometimes available, depending on the exception source. |
|
Global ID1 |
Global identifier for the exception. |
1 Available to users with the admin role only.
There is a fixed set of exception types (see below), one of which will be associated with each exception logged. These are available for reporting only from the owning Exception Entity.
|
Attribute |
Description |
|
Exception Description |
A text description of the exception type, from the list below. Most of these should never be seen. See the notes in italic below the most common exceptions. A new construct was used Alert Process threw an exception Custom Alerting Processing Exception Database Server returned an error For this message, a database error code will be stored in the Exception Description attribute of the Exception entity, and a text version of the database error message will be available in the Database Error Text attribute of the Database Error Text entity. DB Protocol Exception Debug prints through the EXCEPTIONs mechanism Dropped database requests Session information was dropped due to excess traffic. Error During Change Audit System Process Error During Classification Process Invalid Query Invocation Login Failed Low-level DB protocol Exception Scheduled job threw an exception Security Assessment Exception Session closed prematurely SQL Parser Exception STAP Connectivity reconnect For this message, the IP address or DNS name of the database server will be available in the Exception Description attribute of the Exception entity STAP Connectivity timeout For this message, the IP address or DNS name of the database server will be available in the Exception Description attribute of the Exception entity TCP ERROR For this message, additional information about the error will be included in the Exception Description attribute of the Exception entity Turbine class threw an exception Unable to purge report |
Each time Guardium encounters a new field, it creates a field entity.
|
Attribute |
Description |
|
Field Id1 |
Uniquely identifies the field. |
|
Construct Id1 |
Uniquely identifies the construct in which it was referenced. |
|
Command Id1 |
Uniquely identifies the main command from the construct in which it was referenced. |
|
Object Id1 |
Uniquely identifies the object from the construct in which it was referenced. |
|
Field Name |
Name of the field. |
1 Available to users with the admin role only.
These entities are created only by policy rule actions that log with values; for example: Log Full Details With Values, and Log Full Details Per Session With Values. The field value logged may or may not be associated with a field name. For example, field names will be available (in the Field entity) if the following statement is logged:
insert into t1 (foo, bar) (10, 20)
But not available when the following statement is logged:
insert into t2 (10, 20)
|
Attribute |
Description |
|
Value |
A field value from the logged construct. |
This entity describes flat log processing activity.
|
Attribute |
Description |
|
Full SQL |
The full SQL logged. |
|
Timestamp |
Date and time stamp when logged. |
|
Timestamp Date |
Date portion of above. |
|
Timestamp Time |
Time portion of above. |
|
Response Time |
Response time for the request. |
|
Records Affected |
The number of records affected by the request. |
|
Succeeded |
Indicates if request was successful (True/False). |
|
Statement Type |
The type of SQL statement |
|
Returned Data |
Data returned (if any) |
|
Bind Info |
Bind information for the request |
Full SQL entities are created only by the following policy rule actions:
Log Full Details,
Log Full Details With Values, Log Full Details Per Session, or Log Full
Details Per Session With Values.
|
Attribute |
Description |
|
Full Sql |
Full SQL statement including values. |
|
Timestamp |
A timestamp value created when Guardium records this instance of the entity (every instance has a unique timestamp). |
|
Response Time |
The response time for the request. When requests are monitored in network traffic, the response times are an accurate reflection of the time taken to respond to the request (Guardium timestamps both the client request and the server response). But for traffic that is monitored by an S-TAP, the response time attribute will be meaningless – it will usually be zero, because S-TAP forwards requests and responses to the Guardium appliance in batches, such that the request/response pair will often have the same timestamp. |
|
Records Affected |
The number of records affected for each SQL full recorded. On reports using this attribute, we suggest that you turn on aliases to properly display special cases such as Large Result Set or N/A. |
|
Returned Data |
Data returned for this request (if any, and if available). |
|
Full SQL ID1 |
Unique identifier for the Full SQL. |
|
Instance ID1 |
Unique identifier for the Full SQL instance. |
|
Succeeded |
Indicates if the call succeeded. |
|
Records Affected (Desc) |
When the Records Affected (above) is a string value instead of a number, that string is stored here. For example: Large Result Set or N/A. |
1 Available to users with the admin role only.
These entities are created only by the following policy rule actions: Log Full Details With Values, and Log Full Details Per Session With Values.
|
Attribute |
Description |
|
Values |
One or more values from the logged construct. |
This entity describes a group that has been defined to Guardium.
|
Attribute |
Description |
|
Group Description |
The name of the group. |
|
Group Subtype |
Subtype, if any, defined for the group. |
|
Timestamp |
Date and time the group entity was created. |
This entity describes a member of a group that has been defined to Guardium.
|
Attribute |
Description |
|
Group Member |
The name of the group member. |
|
Timestamp |
Date and time the group member was created or updated. |
|
Timestamp Date |
Date only from the timestamp. |
|
Timestamp Time |
Time only from the timestamp. |
|
Timestamp Year |
Year only from the timestamp. |
|
Timestamp Weekday |
Weekday only from the timestamp. |
This entity describes a type of Guardium group (user, client IP address, command, etc.).
|
Attribute |
Description |
|
Group Type |
Identifies the group type. |
|
Timestamp |
Date and time the group type was created. |
A CAS Host entity is created the first time that CAS is seen on a database server host. It is updated each time that the online/offline status changes. The Host entity is also available in the CAS Host History domain.
|
Attribute |
Description |
|
Host Name |
Database server host name (may display as IP address) |
|
OS Type |
Operating system: UNIX or WIN |
|
Is Online |
Online status (Yes/No) when record was written |
|
Host Id |
Identifies the host record |
A Host Configuration entity is created for each item in a CAS instance.
|
Attribute |
Description |
|
Audit State Label Id |
Unique numeric identifier for the configuration item |
|
Timestamp |
Timestamp for creation of the entity |
|
Host Name |
Database server host name or IP address |
|
OS Type |
Operating sytsem: Unix or Windows. |
|
DB Type |
Database type: Oracle, MS-SQL, DB2, Sybase, Informix, or N/A if the change is to an operating system instance |
|
Instance Name |
Name of the template set instance |
|
Type |
Type of monitored item that changed. OS Script or SQL Script: A change triggered by the OS script contained in the monitored item template definition. Environment Variable: An environment variable (Unix only) Registry Variable: A registry variable (Windows only) File: A specific file. There is no host configuration entity for a file pattern defined in the template set used by the instance. Instead, there is a separate host configuration entity for each file that matches the pattern. |
|
Monitored Item |
The name of the changed item, from the Description (if entered), otherwise a default name depending on the Type (a file anme, for example). |
A host event entity is created each time an event is detected or signaled (see the event types, below) by CAS.
|
Attribute |
Description | ||||||||||||
|
Audit Host Event Id |
Identifies the host event entity | ||||||||||||
|
Event Time |
Date and time that the event was recorded | ||||||||||||
|
Event Type |
Identifies the event being recorded:
| ||||||||||||
|
Timestamp |
Timestamp for creation of the entity | ||||||||||||
|
Audit Host Id |
Identifies the host |
Incident entities are created by incident generation processes, or manually by assigning a policy violation to an incident.
|
Attribute |
Description |
|
Timestamp |
Time the incident was created. |
|
Category Name |
Category assigned to the incident. |
|
Incident Number |
Incident number (assigned sequentially). |
The incident severity description for an incident.
|
Attribute |
Description |
|
Incident Severity Description |
The severity code will be one of the following: INFO, LOW, MED, HIGH |
Describes the status of an Incident entity.
|
Attribute |
Description |
|
Status Description |
Will be one of the following values: OPEN - The incident has not yet been assigned to a user. ASSIGNED - The incident has been assigned. CLOSED - The incident is closed. |
Describes the installed policy.
|
Attribute |
Description |
|
ID |
Identifies the policy installation record. |
|
Rule Set Id |
Identifies the set of rules. |
|
Policy Description |
Description from the policy definition. |
|
Selective Audit Trail |
Indicates if this is a selective audit trail policy (T/F). |
|
Audit Pattern |
Test pattern used for a selective audit trail policy. |
|
Timestamp |
Timestamp for the creation of the record. |
An Instance Config entity is created each time that an instance configuration is defined. This entity defines how the CAS instance connects to the database (if necessary), and identifies the template set used by the instance. It provides current status of the instance (in use, enabled, or disabled) and the date of the last revision.
Instance Config Entity Attributes
|
Attribute |
Description |
|
Config Id |
Identifies this configuration record. |
|
Timestamp |
Timestamp record created. |
|
Audit Host Id |
Identifies Host entity. |
|
DB Type |
Database type: Oracle, MS-SQL, DB2, Sybase, Informix; or N/A for an operating system instance |
|
Instance |
The name of the instance |
|
User |
The user name that CAS uses to log onto the database; or N/A for an operating system instance. |
|
Port |
The port number CAS uses to connect to the database; or empty for an operating system instance |
|
DB Home Dir |
The home directory for the database; or empty for an operating system instance |
|
Template Set Id |
Identifies the template set used by this instance |
|
Monitored Set Id |
Identifies the monitored template set |
|
Status |
In Use, Enabled, or Disabled |
|
Last Status Change |
Timestamp for the last status change |
|
Last Status Change Date |
Date for the last status change |
|
Last Status Change Time |
Time for the last status change |
|
Last Status Change Weekday |
Weekday for the last status change |
This entity describes a local comment. It is available in the Comments domain only, which is restricted to admin users. This entity includes only local comments, for processes and results sets that run locally. Comments that are sharable are defined in the Comments entity (see above).
|
Attribute |
Description |
|
Comment Creator |
The Guardium user who created the comment. |
|
Comment Reference |
Indicates the element to which the comment is attached – a query, audit process result, or another comment, for example. |
|
Content of Comment |
The complete comment text. |
|
Timestamp |
Date and time the comment was created. |
|
Timestamp Year |
Year only from the timestamp. |
|
Timestamp WeekDay |
Weekday only from the timestamp. |
|
Timestamp Time |
Time only from the timestamp. |
|
Timestamp Date |
Date only from the timestamp. |
|
Object Description |
The name of the object from which the comment was defined. For example, a comment defined on an incident has an object description of INCIDENT. |
Obsolete beginning with version 4.0 of Guardium. This was the only entity of the Access Trace Tracking domain, which was obsolete beginning with version 4.0 of S-TAP. If you have old queries or reports using that domain, they will not work in this release, and any database login information recorded in that domain would pre-date the installation of version 4.0 of S-TAP.
For a threshold alert, the text of the message.
|
Attribute |
Description |
|
Message Subject |
Message subject (for an email message, for example). |
|
Message Text |
Message text. |
For each threshold alert message sent, the message type, recipients, status, and date of that message.
|
Attribute |
Description |
|
Message Type |
Type of message. |
|
Sent To |
One or more recipients of message. |
|
Message Status |
Status of message: FAIL The send operation failed. WAIT The message has not yet been sent. SENT The message was sent. |
|
Message Date |
Date message sent. |
|
Message Context |
Message type: INFO Informational message. WARNING Possible error condition. ALERT Real time or threshold alert. ERROR Software or hardware error condition. DEBUG Debugging message. |
|
Message Originator |
The module creating the message; for example monitor or GuardiumJetspeedUser. |
A monitor values entity is created for each insert, update or delete recorded, contains the details of the change (table name, action, SQL text, etc.).
|
Attribute |
Description |
|
Timestamp |
Date and time the change was recorded on the Guardium appliance. This timestamp is created during the data upload operation. It is not the time that the change was recorded on the audit database. To obtain that time, use the Audit Timestamp entity (described below). |
|
Timestamp Date |
Date only from the timestamp. |
|
Timestamp Time |
Time only from the timestamp. |
|
Timestamp Year |
Year only from the timestamp. |
|
Timestamp Weekday |
Weekday only from the timestamp. |
|
Server IP |
IP address of the database server. |
|
DB Type |
Database type. |
|
Service Name |
Oracle only. Database service name. |
|
Database Name |
DB2, Informix, Sybase, MS SQL Server only. Database name. |
|
Audit PK |
For Sybase and MS SQL Server only. A primary key used to relate old and new values (which must be logged separately for these database types). |
|
Audit Login Name |
Database user name defined in the datasource. |
|
Audit Table Name |
Name of the table that changed. |
|
Audit Owner |
Owner of the changed table. |
|
Audit Action |
Insert, Update or Delete. |
|
Audit Old Value |
A comma-separated list of old values, in the format: |
|
Audit New Value |
A comma-separated list of new values, in the format: |
|
SQL Text |
Available only with Oracle 9. The complete SQL statement causing the value change. |
|
Triggered ID |
Unique ID (on this audit database) generated for the change. |
|
Audit Timestamp |
Date and time that the trigger was executed. |
|
Audit Timestamp Date |
Date portion of above. |
|
Audit Timestamp Time |
Time portion of above. |
|
Audit Timestamp WeekDay |
Day of week of the above. |
|
Audit Timestamp Year |
Year of the above. |
This entity is created each time a monitored item changes. It identifies the monitored item within the CAS instance, and points to the saved data for the change.
|
Attribute |
Description |
|
Change Identifier |
Unique identifier for the change |
|
Sample Time |
Timestamp (date and time on host) that sample was taken |
|
Audit Config Id |
Identifies the host configuration |
|
Saved Data Id |
Identifies the Saved Data entity for this change |
|
Audit State Label Id |
Identifies the Host Configuration entity for this change |
|
Timestamp |
Date and time this change record was created on the server (Guardium appliance server clock) |
|
Owner |
Unix only. If the item type is a file, the file owner |
|
Permissions |
Unix only. If the item type is a file, the file permissions |
|
Size |
File size, but there are special values as follows: -1 = File exists, but has a zero bytes 0 (zero) = File does not exist, but this file name is being monitored (it never existed or may have been deleted) |
|
Last Modified |
Timestamp for the last modification, taken from the file system at the sample time |
|
Last Modified Date |
Date for the last modification |
|
Last Modified Time |
Time for the last modification |
|
Last Modified Weekday |
Day of week for the last modification |
|
Last Modified Year |
Year for the last modification |
|
Group |
Unix only. If the item type is a file, the group owner |
A Monitored Item Details entity is created for each monitored item in a CAS instance.
|
Attribute |
Description |
|
Audit Config Id |
Identifies the host configuration |
|
Timestamp |
Timestamp for creation of the entity |
|
Template ID |
Identifies the item template for this monitored item |
|
Monitored Item |
Depending on the Audit Type, this is the OS or SQL script, environment, or registry variable, or file name. Regarding a file pattern defined in an item template, there will be a separate monitored item detail entity for each file that matches the pattern, but there is no monitored item details entity for the file pattern itself. If a file pattern is used, it is always available in the Template Content attribute. |
|
Audit Config Set Id |
Identifies the template set in the host configuration |
|
Audit Type |
Type of monitored item: OS Script or SQL Script: The actual text or the path to an operating system or SQL script, whose output will be compared with the output produced the next time it runs Environment Variable or Registry Variable: An environment variable or a (Windows) registry variable File: A specific file or a pattern to identify a set of files |
|
Enabled |
Indicates whether or not the template is enabled |
|
In Synch |
Indicates whether or not the template item definition on the server matches the template item definition on the CAS host |
|
Audit Frequency |
The maximum interval at which the item is to be tested |
|
Use MD5 |
Indicates whether or not the comparison is done by calculating a checksum using the MD5 algorithm and comparing that value with the value calculated the last time the item was checked. The default is to not use MD5. If MD5 is used but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison will be skipped. Regardless of whether or not MD5 is used, both the current value of the last modified timestamp for the item and the size of the item are compared with the values saved the last time the item was checked. |
|
Save Data |
When marked, previous version of the item can be compared with the current version |
|
Description |
Optional description of the instance |
|
Template Content |
The template entry that is the basis for this monitored item, set from the Template entity Access Name attribute when the instance was created. Typically this will be the same as the monitored item, but in the case where a file pattern was used in the template, this will be the file pattern |
An instance of this entity is created for each object in a unique schema.
|
Attribute |
Description |
|
Object Id1 |
Uniquely identifies the object. |
|
Construct Id1 |
Uniquely identifies the construct in which the object is referenced. |
|
Schema |
Database schema for the object. |
|
Object Name |
Name of the object. |
|
App Object Module1 |
Uniquely identifies the application object module. |
1 Available to users with the admin role only.
Describes an object-command entity.
|
Attribute |
Description |
|
Object-Command |
An object value combined with a command value. |
Describes an object-field entity.
|
Attribute |
Description |
|
Object-Field |
An object value combined with a field value. |
This entity is created each time that a policy rule violation is logged. Not all policy rule violations are logged – see the description of the rule actions in Chapter 11: Building Policies. The access rule causing the violation will be available in the dependent Access Rule Entity (described earlier).
|
Attribute |
Description |
|
Violation Log Id1 |
Uniquely identifies the violation entity. |
|
Application User Name |
Name of the user creating the policy rule violation. |
|
Full SQL String |
SQL string causing the policy rule violation. |
|
Timestamp |
Created when the policy rule violation is logged. Not all policy rule violations are logged – see the description of the rule actions in Chapter 11: Building Policies. |
|
Timestamp Date |
Date only from the timestamp. |
|
Timestamp Time |
Time only from the timestamp. |
|
Timestamp Weekday |
Weekday only from the timestamp. |
|
Timestamp Year |
Year only from the timestamp. |
|
Message Sent |
The text of the policy rule violation message that was sent. |
|
Total Occurrences |
Occurrence count that triggered the violation. |
|
Application Event Id |
Application event ID (if any – these are set using the application events API) |
|
Access Rule Description |
The description of the rule from its definition. |
|
Category Name |
Category defined for the rule. |
|
Severity |
Severity defined for the rule (the severity of an incident to which this is assigned may be different). |
|
Incident Number |
If assigned to an incident, this is the incident number. |
1 Available to users with the admin role only.
An instance is created for each database connection seen by the S-TAP Hunter process, but not by S-TAP itself, indicating that the connection has bypassed the access paths monitored by S-TAP.
|
Attribute |
Description |
|
Timestamp |
A timestamp value created when the Guardium appliance records the rogue connection reported by the Hunter. |
|
Server Host Name |
Database server host name. |
|
Source Program |
Source program name for the connection. |
|
Source Port |
Source port for the connection. |
|
Source PID |
Source process ID. |
|
Target Program |
Target program name for the connection. |
|
Target Port |
Target port for the connection. |
|
Target PID |
Target process ID. |
|
OS User |
Operating system user account name. |
|
IPC Type |
Type of inter-process communications used for the connection, which may be from the following list: SHM Shared memory |
|
DB Server Type |
Database server type: Oracle, DB2, Informix, or Sybase. |
Installed policy rule entity. There is one for each rule of the installed policy. Apart from the ID fields (which uniquely identify components on the internal database), all of these fields are described in the Policies help topic.
|
Attribute |
Description |
|
GDM_INSTALLED_POLICY_ |
Identifies an installed policy rule. |
|
ACCESS_RULE_ID1 |
Identifies an access rule. |
|
Rule Description |
From the policy definition. |
|
Rule Position |
Position with in the policy. |
|
Rule Type |
Access, Exception, or Extrusion |
|
LAST_ACCESSED |
Last |
|
Client IP |
These attributes are all from the rule definition. |
|
Client Net Mask |
|
|
Server IP |
|
|
Server IP Mask |
|
|
Server IP Group |
|
|
Client MAC |
|
|
Net Protocol |
|
|
Net Protocol Group |
|
|
Field |
|
|
Field Group |
|
|
Object |
|
|
Object Group |
|
|
Command |
|
|
Command Group |
|
|
Object-Command Group |
|
|
Object-Field Group |
|
|
DB Type |
|
|
Service Name |
|
|
Service Name Group |
|
|
DB Name |
|
|
DB Name Group |
|
|
DB User |
|
|
DB User Group |
|
|
App. User |
|
|
App User Group |
|
|
OS User |
|
|
OS User Group |
|
|
Src App. |
|
|
Source Program Group |
|
|
Pattern / XML Pattern |
|
|
Period |
|
|
Min. Ct. |
|
|
Reset Interval |
|
|
Continue to next Rule / Revoke |
|
|
Rec. Vals. |
|
|
Action |
|
|
App Event Exists |
|
|
Event Type |
|
|
App Event Text Value |
|
|
Ap p Event Numeric Value |
|
|
App Event Date Value |
|
|
Event User Name |
|
|
Error Code |
|
|
Exception Type |
|
|
Category Name |
|
|
Classification Name |
|
|
Severity |
|
|
Data Pattern |
|
|
SQL Pattern |
|
|
Masking Pattern |
|
|
Client IP / Group |
These attributes provide the ability to display a single attribute and its related (if any) in a single column of the report. |
|
Server IP / Group |
|
|
Net Protocol / Group |
|
|
Field Name / Group |
|
|
Object Name / Group |
|
|
Command / Group |
|
|
Service Name / Group |
|
|
DB Name / Group |
|
|
App. User / Group |
|
|
OS User / Group |
|
|
Source Program / Group |
|
|
Error Code / Group
|
|
|
App Event Text / Numeric / Date |
The application events text, numeric, and date attributes. |
|
Category / Classification |
The combined category and classification for the rule. |
1 Available to users with the admin role only.
A Saved Data entity is created each time a change is detected for an item being monitored, if the Keep data box is marked for that item in the item template definition.
|
Attribute |
Description |
|
Saved Data Id1 |
Uniquely identifies the saved data item |
|
Saved Data |
The actual data saved |
|
Timestamp |
Timestamp for when the saved data entity was recorded in the server database |
|
Change Identifier |
Identifies the monitored changes entity for this saved data entity |
1 Available to users with the admin role only.
This entity is created for each Client/Server database session.
|
Attribute |
Description |
|
Global Id1 |
Uniquely identifies the session - access. |
|
Session Id1 |
Uniquely identifies the session. |
|
Access Id1 |
Uniquely identifies the access period. |
|
Timestamp |
Initially, a timestamp created for the first request on a client-server connection where there is not an active session in progress. Later, it is updated when the session is closed, or when it is marked inactive following an extended period of time with no observed activity. When tracking Session information, you will probably be more interested in the Session Start and Session End attributes than the Timestamp attribute. |
|
Timestamp Date |
Date only from the timestamp. |
|
Timestamp Time |
Time only from the timestamp. |
|
Timestamp Weekday |
Weekday only from the timestamp. |
|
Timestamp Year |
Year only from the timestamp. |
|
Session Start |
Date and time session started. |
|
Session Start Date |
Date only from the Session Start. |
|
Session Start Time |
Time only from the Session Start. |
|
Session Start Weekday |
Weekday only from the Session Start. |
|
Session Start Year |
Year only from the Session Start. |
|
Client Port |
Client port number. |
|
Server Port |
Server port number. |
|
Inactive Flag |
Default 0 – Open for sessions generated by SQL package. 1 – Closed (disconnect/ logout received). 2 – Probably closed; unclosed with no packets for a long time. 3 – For sessions generated from non-SQL packets. |
|
TTL |
Reserved for admin role use only. |
|
Session End |
Date and time the session ended. |
|
Session End Date |
Date only from the Session End. |
|
Session End Time |
Time only from the Session End. |
|
Session End Weekday |
Weekday only from the Session End. |
|
Session End Year |
Year only from the Session End. |
|
Database Name |
Name of database for the session (MSSQL or Sybase only). |
|
Session Ignored |
Indicates whether or not some part of the session was ignored (beginning at some point in time, see below). |
|
Ignored Since |
Timestamp created when starting to ignore this session. |
|
Uid Chain |
For a session reported by Unix S-TAP (K-Tap mode only), this shows the chain of OS users, when users su with a different user name. The values that appear here vary by OS platform - for example, under AIX the string IBM IBM IBM may appear as a prefix. |
|
Old Session ID |
Points to the session from which this session was created. Zero if this is the first session of the connection. |
|
Terminal Id |
Terminal ID of the connection, used internally to resolve session information. |
|
Process ID |
The process ID of the client that initiated the connection (not always available). |
1 Available to users with the admin role only.
The incident severity for an incident or policy violation
|
Attribute |
Description |
|
Severity Description |
The severity code will be one of the following: INFO, LOW, MED, HIGH |
The system creates this entity at the interval set by the store system buffer interval CLI command (every 60 seconds by default).
|
Attribute |
Description |
|
Timestamp |
Time the record was created. |
|
% CPU Sniffer |
Percentage of CPU used by sniffer. |
|
% Mem Sniffer |
Percentage of memory used by sniffer. |
|
% CPU Mysql |
Percentage of CPU used by MySQL. |
|
% Mem Mysql |
Percentage of memory used by MySQL. |
|
Sniffer Process ID |
Sniffer process identifier. |
|
Mem Sniffer |
Amount of memory used by sniffer. |
|
Time Sniffer |
Elapsed time used by sniffer. |
|
Free Buffer Space |
Amount of free buffer space. |
|
Analyzer Rate |
Rate at which messages being analyzed. |
|
Logger Rate |
Rate at which messages being logged. |
|
Analyzer Queue Length |
Size of the analyze queue. |
|
Analyzer Total |
Total number of messages analyzed. |
|
Logger Queue Length |
Size of logger queue. |
|
Logger Total |
Total number of message logged. |
|
Session Queue Length |
Size of session queue. |
|
Session Total |
Total number of sessions. |
|
Handler Data |
Internal sniffing engine data. |
|
Extra Info |
Internal sniffing engine data. |
|
Analyzer Lost Packets |
Packets lost by analyzer. |
|
Eth0 Received |
Messages received on ETH 0. |
|
Eth0 Sent |
Messages sent on ETH 0. |
|
Logger Dbs Monitored |
List of database types currently being monitored. |
|
Logger Packets Ignored by Rule |
Packets ignored by policy rule action. |
|
Logger Session Count |
Count of sessions logged. |
|
Mysql Disk Usage |
MySQL disk usage. |
|
Mysql Is Up |
Boolean indicator for internal database restart (1=was restarted, 0=not restarted). |
|
Promiscuous Received |
Rate of received packets through the sniffing network cards (non-interface ports). |
|
Sniffer Connections Ended |
Total number of connections that were monitored and have ended since inspection engine was restarted. |
|
Sniffer Connections Used |
Total number of connections currently being monitored since inspection engine was restarted. |
|
Sniffer Packets Dropped |
Packets dropped by sniffer. |
|
Sniffer Packets Ignored |
Packets ignored by sniffer. |
|
Sniffer Packets Throttled |
Total number of connections that have been ignored due to throttling since inspection engine was restarted. |
|
System Cpu Load |
System CPU utilization. |
|
System Memory Usage |
System memory utilization. |
|
System Root Disk Usage |
System Root disk utilization. |
|
System Uptime |
Time since last start-up. |
|
System Var Disk Usage |
System var disk utilization. |
This entity is created for each unique string of SQL. Values are replaced by question marks – only the format of the string is stored.
|
Attribute |
Description |
|
Sql |
SQL string. |
|
Construct ID |
Uniquely identifies the construct in which the SQL appeared |
|
Bind Info |
Bind information for this SQL string. |
1 Available to users with the admin role only.
An instance is defined in the internal Guardium database for each type of activity.
|
Attribute |
Description |
|
Activity Types Description |
Description of an activity. |
This entity is created for each Guardium user activity.
|
Attribute |
Description |
|
User Name |
Guardium user name for the activity. |
|
Timestamp |
Created when the activity was logged. |
|
Modified Entity |
The Guardium entity modified (a group definition, for example). |
|
Entity Key Used |
Key used to access the entity. |
|
Key Value |
New value of the entity. |
|
All Values |
All values altered. |
|
Object Description |
The name of specific object altered. |
This entity is created each time a user logs in to the Guardium appliance.
|
Attribute |
Description |
|
User Name |
Created when the Guardium user logs in or out (there will be one entity per Guardium session). |
|
Login Date And Time |
Date and time user logged in. |
|
Logout Date And Time |
Date and time user logged out. |
|
Login Succeeded |
Indicates if login was successful. |
|
Global Id |
A unique global ID for the session. |
Indicates the action required by the results receiver.
|
Attribute |
Description |
|
Action Required |
Indicates if signing action is required. |
Indicates the current status of the results.
|
Attribute |
Description |
|
Status |
Indicates the current status of the results. |
A CAS template entity is created for each item template within a template set. An item is a specific file or file pattern, an environment or registry variable, the output of an OS or SQL script, or the list of logged-in users.
|
Attribute |
Description |
|
Template Id1 |
A unique identifier for the item template within the set of all item templates |
|
Template Set Id1 |
Unique identifier for the template set |
|
Access Name |
Depending on the Audit Type, this is the OS or SQL script, environment or registry value, or a file name or a file name pattern |
|
Audit Type |
The type of monitored item |
|
Audit Frequency (Min) |
The maximum interval (in minutes) between tests |
|
Use MD5 |
Indicates whether or not the comparison is done by calculating a checksum using the MD5 algorithm and comparing that value with the value calculated the last time the item was checked. The default is to not use MD5. If MD5 is used but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison will be skipped. Regardless of whether or not MD5 is used, both the current value of the last modified timestamp for the item and the size of the item are compared with the values saved the last time the item was checked. |
|
Save Data |
Indicates if the Keep data checkbox has been marked. If so, previous versions of the item can be compared with the current version |
|
Editable |
Indicates whether or not this template can be modified. The default Guardium templates cannot be modified. In addition once a template set has been used in a CAS instance, it cannot be modified. In any case, a template set can always be cloned and the cloned set can be modified |
|
Description |
Optional description of the template |
|
Timestamp |
Date and time this template was last updated |
1 Available to users with the admin role only.
A CAS Template Set entity is created for each template set, which is a set of template items for a particular operating system or database.
|
Attribute |
Description |
|
Template Set Id1 |
A unique identifier for the template set, numbered sequentially |
|
OS Type |
Operating system: Unix or Windows |
|
DB Type |
Database Type: Oracle, MS-SQL, DB2, Sybase, Informix, or N/A for an operating system template |
|
Template Set Name |
The template name |
|
IsDefault |
Indicates whether or not this template is the default for the specified OS Type and DB Type combination |
|
Editable |
Indicates whether or not this template can be modified. The default Guardium templates cannot be modified. In addition once a template set has been used in a CAS instance, it cannot be modified. In any case, a template set can always be cloned and the cloned set can be modified |
|
Timestamp |
Date and time the template was last updated |
1 Available to users with the admin role only.
This entity is created for each set of test results.
|
Attribute |
Description |
|
Test Result Id1 |
Identifies the test result. |
|
Assessment Result Id1 |
Identifies the assessment results set. |
|
Test Id1 |
Identifies the test. |
|
Assessment Test Id1 |
Identifies the assessment test (task). |
|
Test Score |
Returned test score. |
|
Report Result Id1 |
Identifies the report result. |
|
Parameter Modified Flag |
Indicates if parameters were modified since the last test. |
|
Result Text |
Text returned by the test. |
|
Test Description |
Description from the test definition. |
|
Recommendation |
Recommendation returned by the test. |
|
Score Description |
Description of the score. |
|
Threshold String |
The threshold prompt for the test (e.g. Maximum Number of Different IP's Allowed per user) |
|
Severity |
Severity assigned for the test result. |
|
Category |
Category for the test result. |
|
Assessment Result data source Id1 |
Identifies the test result data source. |
1 Available to users with the admin role only.
This entity is created each time that a correlation alert is triggered.
|
Attribute |
Description |
|
Alert Log Id1 |
Uniquely identifies the alert details entity. |
|
Query Value |
Value returned by query. |
|
Base Value |
Value assigned for the statistical alert. |
|
Checked From Date |
The starting date and time checked for by the alert condition. |
|
Checked To Date |
The ending date and time checked for by the alert condition. |
|
Alert Threshold |
Alert threshold defined for the alert. |
|
Notification Sent |
Text of notification sent. |
|
Timestamp |
Created only once, when the statistical alert is logged. |
|
Alert Description |
The description contained in the alert definition. |
1 Available to users with the admin role only.
Identifies the Guardium user defined as an audit process results receiver.
|
Attribute |
Description |
|
Login Name |
Receiver’s Guardium user name. |
|
First Name |
First name for the above Guardium user. |
|
Last Name |
Last name for the above Guardium user. |
|
EMAIL Address |
Email address defined for the above Guardium user. |
|
Last Active |
Timestamp for last activity for this user. |