help button on its toolbar.This page provides a short description of all predefined reports on the default user layout. For a description of the reports on the default administrator layout, see Predefined admin Reports.
The reports are presented in tab
> menu order. Some tabs contain
both report and application portlets. For information about an application
portlet, click the help button on its toolbar.
View > Overview Tab
View > DB Activities Tab
View > Exceptions Tab
View > DB Administration Tab
View > Schema Changes Tab
View > Detailed Activities Tab
View > Performance Tab
View > Access Map Tab
View > DB Entitlements Tab
See the Custom Domains topic for a description of the Oracle DB Entitlements reports.
Monitor/Audit > Privacy Sets Tab
Discover > Classification Tab
Discover > DB Discovery Tab
Assess/Harden > Vulnerability Assessment Tab
Assess/Harden > Change Reports Tab
Changes - see CAS Reporting in the Assess/Harden help book.
Host History - see CAS Reporting in the Assess/Harden help book.
Configuration - see CAS Reporting in the Assess/Harden help book.
Templates - see CAS Reporting in the Assess/Harden help book.
Comply Tab
Protect > Security Policies Tab
Protect > Correlation Alerts Tab
Protect > Incident Management Tab
The Currently-Installed Policy report displays information about the installed policy. Click the installed policy link to display the policy rules in a separate window.
Displays the number of servers and clients for each monitored database type (default time period is the current day).
By default, displays the request rate for the last two hours. This graphical report is intended to display recent activity only. If you alter the From and To run-time parameters to include a larger timeframe, you may receive a message indicating that there is too much data. (Use a tabular report to display a larger time period.)
See Incident Management Dashboard.
Provides a graphical display of client/server access.
For each server type (DB2, Informix, etc.), a row of this report displays the total number of sessions that were open during the reporting period (by default, the last three hours).
For each SQL Verb from the DML Commands group that references an Object Name in the Sensitive Objects group, this report displays a row for each Access Period, Client IP, and Source Program, with a total count of objects referenced in that row. Although the report title contains the word Executions, there is no guarantee that all commands reported were actually executed.
For each object in the Sensitive Objects group, displays a row for each Client IP and Source Program that referenced the object during the reporting period, and a count of object references.
The Sensitive Objects group is empty at installation time. Someone at your company must populate the group with the appropriate set of members.
For each Client IP address seen during the reporting period, a row counts the number of SQL Verbs, Object Names, and the total number of sessions.
For each Server IP address accessed during the reporting period, a row of the report displays the Server Type, Database Name, Service Name, a count of source programs accessing that server, and the total number of sessions for that row.
For every policy rule violation logged during the reporting period, this report provides the Timestamp from the Policy Rule Violation entity, Access Rule Description, Client IP, Server IP, DB User Name, Full SQL String from the Policy Rule Violation entity, Severity Description, and a count of violations for that row. You cannot access the query that this report is based upon (Policy Violations List with Severity), but you can clone the report.
Each wedge of the pie chart represents the proportion of exceptions for each Exception Description attribute value (from the Exception Type entity) that was logged during the reporting period.
As with any chart, you can drill down on the pie chart to display the tabular version of the query on which the chart is based. There are several exceptions reports that are accessible from this tabular report (or drill-downs from it) that are available here, but are not included on any menu.
A count of exceptions logged during the reporting period. One datapoint is created each time that you refresh the report on your portal.
For each failed login attempt during the reporting period, lists the User Name, Source Address, Destination Address, and Database Protocol Type for the server the user was attempting to log into.
For each SQL error during the reporting period, displays the Client IP address, Server IP address, Server Type, database user name, database error text, and error occurrence total for that record.
The total number of exceptions (Exception entities) logged during the reporting period.
Lists all logins by database users who are members of the Terminated DB User group. Each row lists a DB User Name, Client IP, Server IP, Server Type, Source Program, last login time (the maximum value of the Session Start attribute), and the count of sessions for the row.
The Terminated DB Users group is empty at installation time. It must be populated by someone at your location. The query that this report is based upon (Terminated Users Logins) cannot be accessed from any query builder.
Last login recorded during the reporting period for each member of the Active Users group. All members of the group will be listed, even if there were no logins during the reporting period. This is unlike most other reports based on members of a group. In the “normal” case, if no activity is found for a member, that member is not listed.
Each row lists a DB User Name, Client IP, Server IP, Server Type, Source Program, last login time (the maximum value of the Session Start attribute), and the count of sessions for the row.
The Active Users group is empty at installation time. It must be populated by someone at your location. The query that this report is based upon (Active Users Last Logins) cannot be accessed from any query builder.
Listing of members in the Active Users group who have had no activity during the reporting period. This report will be empty if all users have had activity during the reporting period.
The Active Users group is pre-defined, but empty at installation time. It must be populated by someone at your location. The query that this report is based upon (Active Users with no Activity) cannot be accessed from any query builder.
Lists failed login attempts by database users who are members of the Terminated DB User group. This report will be empty if there were no failed login attempts by anyone in this group during the reporting period.
The Terminated DB Users group is pre-defined, but empty at installation time. It must be populated by someone at your location. The built-in query for this report cannot be accessed. The query that this report is based upon (Terminated Users Failed Login Attempts) cannot be accessed from any query builder.
For each DB User Name included in the Admin Users group, who had one or more sessions during the reporting period, each row lists the Client IP, DB User Name, Source Program, Session Start time, and Count of Sessions for that row.
For each DB User Name included in the DB Predefined Users group, who had one or more sessions during the reporting period, each row lists the DB User Name, Client IP, Server IP, Source Program, Database Name, Service Name, and Count of Sessions for that row.
For each SQL Verb included in the Administrative Commands group that was seen during the reporting period, this report lists the SQL Verb, Depth, Object Name, and Client IP, and a count of objects referenced.
For each Object Name included in the Administration Objects group that was seen during the reporting period, each row lists the Object Name, Client IP, Server IP, Service Name, Database Name, Source Program, DB User Name, and Count of Objects for that row.
For each SQL Verb from the DML Commands group that references an Object Name in the Administration Objects group, this report displays a row for the DB User Name, Client IP, Server IP, Server Type, Service Name, Database Name, SQL Verb, Object Name, and Count of Objects referenced in the row.
For each SQL Verb from the BACKUP Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, Object Name, SQL Verb, and Count of Objects referenced in the row.
For each SQL Verb from the BACKUP Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, Object Name, SQL Verb, and Count of Objects referenced in the row.
For each SQL Verb from the REVOKE Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, Object Name, SQL Verb, and Count of Objects referenced in the row.
For each SQL Verb from the KILL Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, Object Name, SQL Verb, and Count of Objects referenced in the row.
For each SQL Verb from the DBCC Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, SQL statement, and Count of Objects referenced in the row.
For each SQL Verb from the GRANT Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, Object Name, SQL Verb, and Count of Objects referenced in the row.
For each SQL Verb from the CREATE Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, Object Name, SQL Verb, and Count of Objects referenced in the row.
All DDL commands sent to the database. The report displays the client IP from which the DDL was requested, the main SQL verb (a specific DDL command), and the total objects accessed for that record.
For each SQL Verb from the DDL Commands group seen during the reporting period, this report displays the Client IP, Server IP, Server Type, SQL Verb, and Count of Commands referenced in the row.
All ALTER commands issued. The report displays the client IP from which the DDL was requested, server IP address, service name, database user name, source program, database name, object name, and main SQL verb (a specific DDL command) for each combination of client IP/DDL command listed on that specific line.
For each SQL Verb from the ALTER Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, Object Name, SQL Verb, and Count of Objects referenced in the row.
This bar graph displays the distribution of commands seen from the DDL Commands group during the reporting period. For each command seen, a single bar (labeled below the x-axis bottom) represents the total number of objects affected.
For each SQL Verb from the DROP Commands group seen during the reporting period, this report displays the Client IP, Server IP, Service Name, DB User Name, Source Program, Database Name, Object Name, SQL Verb, and Count of Objects referenced in the row.
For each DB User Name for which session data was collected during the reporting period, each line of this report displays the count of Client IP addresses from which the user logged in, and a total number of sessions.
This report displays reporting period activity from a single Client IP address, which is specified as a run time parameter. Each row of the report displays the Client IP, Source Program, SQL Verb, Depth (of sentence within the SQL command), an Object Name, and a count of times that object was referenced for that row.
This report lists all database sessions for the reporting period. For each session, the report displays the session (entity) Timestamp, the Session Start (timestamp), Server Type, Client IP, Server IP, Client Port, Server Port, Network Protocol, DB Protocol, DB Protocol Version, DB User Name username, Source Program, and Count of Sessions for that row (which should always be 1).
As with most reports, drill-down reports are available. There are a number of session reports that are accessible from this report, but are not included on any menu. This includes the following reports, with the run time parameters for those reports set by using values from the selected row of the report:
|
Report |
Run-Time Parameters |
|
Sessions by Client IP |
Server IP, Server Type |
|
Sessions by Server IP |
Server Type |
|
Sessions by Source Program |
Server Type, Sever IP |
|
Sessions by User |
Server Type, Server IP |
|
Sessions Details by Server |
Server Type, Server IP |
This report lists all SQL Verbs seen during the reporting period. At the outermost level, commands are grouped by the Period Start time from the Access Period entity, which is usually one hour, on the hour. Your Guardium administrator can modify the access period length by changing the logging granularity, which is one hour by default. For each Access Period in the reporting period, each row lists the access Period Start time, a SQL Verb, Depth of the verb in the SQL statement, Parent (a pointer to the owning verb), and a count of occurrences for the row.
This report lists all objects seen during the reporting period. At the outermost level, objects are grouped by the Period Start time from the Access Period entity, which is usually one hour, on the hour. Your SQL Guard administrator can modify the access period length by changing the logging granularity, which is one hour by default. For each Access Period in the reporting period, each row lists the access Period Start time, an Object Name, and the count of occurrences for that row.
This report displays reporting period activity for a single Object Name, which is specified as a run time parameter. Each row of the report displays the Client IP, Source Program, SQL Verb, Depth (of sentence within the SQL command), an Object Name, and a count of times that object was referenced for that row.
This report lists objects (database tables or stored procedures, for example) that have not been accessed for an extended period of time. You cannot access the query this report is based upon.
This report lists all Windows File Share SQL activity seen during the reporting period. At the outermost level, the SQL commands are grouped by the Period Start time from the Access Period entity, which is usually one hour, on the hour. Your Guardium administrator can modify the access period length by changing the logging granularity, which is one hour by default. For each Access Period in the reporting period, each row lists the access Period Start time, the Service Name, Client IP, Server IP, Source Program, SQL (from the SQL entity), and a count of occurrences for the row. You cannot access the query this report is based upon, but you can clone the report.
This report produces a highly detailed listing for each DB User Name seen in the reporting period, which is one hour by default for this report. Each row of the report lists a DB User Name, Client IP, Server IP, Period Start, Source Program, SQL (from the SQL entity), and a count of occurrences during the access period.
This report displays reporting period Full SQL attribute values that have been logged for a single DB User Name, which is specified as a run time parameter. Each row of the report displays the Full SQL ID, Timestamp (of the Full SQL entity), Client IP, DB User Name, Session Start, Source Program, Full SQL, and a count of occurrences for the row.
This report displays reporting period Full SQL attribute values that have been logged for a single Client IP, which is specified as a run time parameter. Each row of the report displays the Full SQL ID, Timestamp (of the Full SQL entity), Client IP, DB User Name, Session Start, Source Program, Full SQL, and a count of occurrences for the row.
Lists flat log processing tasks.
Lists classification process tasks.
For the reporting period, this report lists the longest running queries, with the longest average execution time first. For each query, lists the Client IP, Server IP, SQL, Period Start (from the Access Period entity), Average Execution Time, and the count of occurrences for this row. You cannot access the query this report is based upon.
This report produces a count of all Server IPs seen, and total accesses, during the reporting period. At the outermost level, accesses are grouped by the Period Start time from the Access Period entity, which is usually one hour, on the hour. Your Guardium administrator can modify the access period length by changing the logging granularity, which is one hour by default. Each row lists the Period Start time, the count of Server IPs seen, and a total count of accesses for the row.
You can restrict the output of this report using the Server IP run time parameter, which by default is set to “%” to select all IP addresses.
This report is a Distributed Label Line chart version of the tabular Throughput report described above, plotting the total number of accesses over the reporting period, one data point per Period Start time.
You can restrict the output of this report using the Server IP run time parameter, which by default is set to “%” to select all IP addresses.
For the reporting period, this report displays a double bar for each type of database server for which traffic was seen. Each double bar is labeled with the server type. For each server type, the top bar represents the number of Client IPs, and the bottom bar represents the total number of Server IPs.
This report lists all database servers seen during the reporting period. It displays the Server Type, Server IP, Server OS, Server Host Name, Server Description, and the total count of Client/Server entities for that row (the total number of clients).
See the Custom Domains topic for a description of the Oracle DB Entitlements reports.
Number of active Guardium audit processes that contain one or more privacy set tasks. When central management is used, this report contains data on the Central Manager only, and is empty on all managed units (the standard message, No data found for requested query, displays). This report has non-standard run time parameters: there are no from and to date parameters, so all audit processes containing one or more privacy set tasks will be reported. You can clone the query that this report is based upon (Number of Active Privacy Set Processes), but you cannot clone or regenerate the default report. The cloned query will have all of the standard run-time parameters (including the from and to dates).
Displays the Classifier/Assessment Job Queue. For each job, lists the Process Run ID, Process Type, Status, Cls/Asmt Process Id, Report Result Id, Cls/Asmt Description, Audit Task Description, Queue Time, Start Time, End Time, and Data Sources.
See CAS Reporting in the Assess/Harden help book.
For each Guardium user Login Name, this report lists the number and type of outstanding Guardium audit processes. An outstanding audit process has a Status attribute value (in the Task Results To-Do-List entity) other than Reviewed or Signed. This report has non-standard run time parameters: there are no from and to dates, which means that all outstanding task results will be reported. You can clone the query that this report is based upon (it has the same name), but you cannot clone or regenerate the default report. The cloned query will have all of the standard run-time parameters (including the from and to dates).
The number of active Guardium audit processes. When central management is used, this report contains data on the Central Manager only, and is empty on all managed units (the standard message, No data found for requested query, displays). This report has non-standard run time parameters: there are no from and to date parameters, so all active audit processes will be reported. You can clone the query that this report is based upon (Number of Active Processes), but you cannot clone or regenerate the default report. The cloned query will have all of the standard run-time parameters (including the from and to dates).
In the Currently Installed Policy panel, this special report displays the installed policy name, the number of rules it contains, and the number of baseline rules. You cannot access the query this report is based upon.
For the reporting period, this report displays the number of policy violations logged.
This report displays a bar representing the total number of alerts logged during the reporting period, for each type of threshold alert logged, based on the Alert Description attribute of the Threshold Alert Details entity.
This report displays a bar representing the total number of alerts logged during the reporting period, for each type of real-time alert logged, based on the Access Rule Description attribute of the Policy Rule Violation entity.
See the Incident Management topic.
See the Incident Management topic.