6.1 Views

Below listed are the views available with Sentinel Rapid Deployment.

6.1.1 ACTVY_PARM_RPT_V

View contains information about iTRAC activities.

Column Name

Datatype

Comment

ACTVY_PARM_ID

uuid

Activity parameter identifier

ACTVY_ID

uuid

Activity identifier

PARM_NAME

character varying(255)

Activity Parameter name

PARM_TYP_CD

character varying(1)

Activity parameter type code

DATA_TYP

character varying(50)

Activity parameter data type

DATA_SUBTYP

character varying(50)

Activity parameter data subtype

RQRD_F

boolean

Required flag

PARM_DESC

character varying(255)

Activity parameter description

PARM_VAL

character varying(1000)

Activity parameter value

FORMATTER

character varying(255)

Activity parameter formatter

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.2 ACTVY_REF_PARM_VAL_RPT_V

View contains information about iTRAC activities.

Column Name

Datatype

Comment

ACTVY_ID

uuid

Activity identifier

SEQ_NUM

integer

Sequence number

ACTVY_PARM_ID

uuid

Activity parameter identifier

PARM_VAL

character varying(1000)

Activity parameter value

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.3 ACTVY_REF_RPT_V

View contains information about iTRAC activities.

Column Name

Datatype

Comment

ACTVY_ID

uuid

Activity identifier

SEQ_NUM

integer

Sequence number

REFD_ACTVY_ID

uuid

Referenced activity identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.4 ACTVY_RPT_V

View contains information about iTRAC activities

Column Name

Datatype

Comment

ACTVY_ID

uuid

Activity identifier

ACTVY_NAME

character varying(255)

Activity name

ACTVY_TYP_CD

character varying(1)

Activity type code

ACCESS_LVL

character varying(50)

Access level

EXEC_LOC

character varying(50)

Execution location

ACTVY_DESC

character varying(255)

Activity description

PROCESSOR

character varying(255)

Processor

INPUT_FORMATTER

character varying(255)

Input formatter

OUTPUT_FORMATTER

character varying(255)

Output formatter

APP_NAME

character varying(25)

Application name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.5 ADV_NXS_FEED_V

This view contains information about the Advisor feed files that are processed on a regular schedule.

Column Name

Datatype

Comment

FILE_NAME

character varying (256)

The filename of the Advisor feed file.

HASH_VALUE

character varying (256)

The hash value of the Advisor feed file.

RECORDS_INSERTED

integer

The number of records inserted into the database.

RECORDS_UPDATED

integer

The number of records updated into the database.

PROCESSING_START_TIME

timestamp without time zone

Time stamp indicating when the processing of the feed files started.

PROCESSING_END_TIME

timestamp without time zone

Time stamp indicating when the processing of the feed files ended.

GENERATION

timestamp without time zone

The unique ID to which each feed file belongs.

DATE_CREATED

timestamp without time zone

Time stamp indicating when the feed file information was entered in the Sentinel database.

DATE_MODIFIED

timestamp without time zone

Time stamp indicating when the feed file information was modified in the Sentinel database.

CREATED_BY

integer

ID of the user who entered the feed file information in the Sentinel database.

MODIFIED_BY

integer

ID of the user who modified the feed file information in the Sentinel database.

6.1.6 ADV_NXS_PRODUCTS_V

This view contains information about all the products that are supported by Novell for Advisor, which include the Intrusion Detection System (IDS), Vulnerability Scanners, and Knowledge Base (OSVDB, CVE, and Bugtraq).

Column Name

Datatype

Comment

PRODUCT_ID

integer

The unique ID of the product.

PRODUCT_NAME

character varying (256 char)

Name of the product. For example, Cisco Secure IDS, Enterasys Dragon Network Sensor, or McAfee IntruShield.

INTERNAL_NAME

character varying (256 char)

Short name of the product that is used in generating the exploitdetection.csv file. This name is used by Collectors for exploit detection. For example, if the product name is Cisco Secure IDS, the internal name is Secure.

IS_ATTACK

boolean

This value is T if the product is IDS. Otherwise, this value is F.

IS_VULN

boolean

This value is T if the product is Vulnerability Scanner. Otherwise, this value is F.

IS_KB

boolean

This value is T if the product is Knowledge Base. Otherwise, this value is F.

IS_ACTIVE

boolean

This value is T if the product is selected for exploit detection in the Advisor window of Sentinel Control Center. If the value is F, attacks from this product are not populated in the exploitdetection.csv file.

IS_POPULATE_ATTACK_NAME

boolean

This value is T by default. If the value is F, the attack name is not populated in the exploitDetection.csv file.

IS_POPULATE_ATTACK_CODE

boolean

This value is T by default. If the value is F, the attack code is not populated in the exploitDetection.csv file.

DATE_CREATED

timestamp without time zone

Time stamp indicating when the product information was entered in the Sentinel database.

DATE_MODIFIED

timestamp without time zone

Time stamp indicating when the product information was modified in the Sentinel database.

CREATED_BY

integer

ID of the user who entered the product information in the Sentinel database.

MODIFIED_BY

integer

ID of the user who modified the product information in the Sentinel database.

6.1.7 ADV_NXS_SIGNATURES_V

This view contains the information about the list of signatures for each product that is supported by Novell for Advisor.

Column Name

Datatype

Comment

PRODUCT_ID

integer

The unique ID of the product.

SIGNATURE_ID

character varying (256 char)

The unique ID of the signature.

SIGNATURE_NAME

character varying (256 char)

Name of the signature.

PUBLISHED

timestamp without time zone

Time stamp indicating when the signature was published for the product by the vendor.

INSERTED

timestamp without time zone

Time stamp indicating when the signature information was entered in the vendor database.

UPDATED

timestamp without time zone

Time stamp indicating when the signature information was updated in the vendor database.

DATE_CREATED

timestamp without time zone

Time stamp indicating when the signature information was entered in the Sentinel database.

DATE_MODIFIED

timestamp without time zone

Time stamp indicating when the signature information was modified in the Sentinel database.

CREATED_BY

integer

ID of the user who entered the signature information in the Sentinel database.

MODIFIED_BY

integer

ID of the user who modified the signature information in the Sentinel database.

6.1.8 ADV_NXS_MAPPINGS_V

This view contains the mapping information for the products supported by Novell for Advisor. It provides information about the type of mapping between each product including the IDS product signatures, Vulnerability product signatures, and Knowledge Base product signatures.

Column Name

Datatype

Comment

SOURCE_PRODUCT_ID

integer

The unique ID of the source product.

SOURCE_SIGNATURE_ID

character varying (256 char)

The unique ID of the source signature.

TARGET_PRODUCT_ID

integer

The unique ID of the target product.

TARGET_SIGNATURE_ID

character varying (256 char)

The unique ID of the target signature.

MAPPING_DIRECT

boolean

This value is T if the mapping is direct.

MAPPING_INDIRECT

boolean

This value is T if the mapping is indirect.

MAPPING_NGRAM

boolean

This value is T if the mapping is n-gram.

INSERTED

timestamp without time zone

Time stamp indicating when the mapping information was entered in the vendor database.

UPDATED

timestamp without time zone

Time stamp indicating when the mapping was updated in the vendor database.

IS_DELETED

boolean

This value is T if the mapping is marked as invalid.

DELETED

timestamp without time zone

Time stamp indicating when the mapping was marked as invalid.

DATE_CREATED

timestamp without time zone

Time stamp indicating when the mapping information was entered in the Sentinel database.

DATE_MODIFIED

timestamp without time zone

Time stamp indicating when the mapping information was modified in the Sentinel database.

CREATED_BY

integer

ID of the user who entered the mapping information in the Sentinel database.

MODIFIED_BY

integer

ID of the user who modified the mapping information in the Sentinel database.

6.1.9 ADV_NXS_OSVDB_DETAILS_V

This view contains information about the known vulnerabilities from the OSVDB for the products supported by Novell for Advisor. It also stores the classifications to which the vulnerability applies.

Column Name

Datatype

Comment

OSVDB_ID

integer

The unique ID of the vulnerability in the OSVDB.

OSVDB_TITLE

character varying (256)

The normalized name of the vulnerability.

DESCRIPTION

text

A brief description of the vulnerability.

URGENCY

integer

Indicates the urgency of the vulnerability. The rating is 1- 10. The higher the number, the more urgent the vulnerability.

SEVERITY

integer

Indicates the severity of the vulnerability. The rating is 1- 10. The higher the number, the more urgent the vulnerability.

ATTACK_TYPE_AUTH_MANAGE

boolean

This value is T if the attack type is authentication management. For example, brute force attack, default password, and cookie poisoning.

ATTACK_TYPE_CRYPT

boolean

This value is T if the attack type is cryptographic. For example, weak encryption (implementation or algorithm), no encryption (plaintext), and sniffing.

ATTACK_TYPE_DOS

boolean

This value is T if the attack type is denial of service. For example, saturation flood, crash, lock up, and forced reboot.

ATTACK_TYPE_HIJACK

boolean

This value is T if the attack type is hijack. For example, man-in-the-middle attacks, IP spoofing, session timeout or take-over, and session replay.

ATTACK_TYPE_INFO_DISCLOSE

boolean

This value is T if the attack type is information disclosure. For example, comments, passwords, fingerprinting, and system information.

ATTACK_TYPE_INFRASTRUCT

boolean

This value is T if the attack type is infrastructure. For example, DNS poisoning and route manipulation.

ATTACK_TYPE_INPUT_MANIP

boolean

This value is T if the attack type is input manipulation. For example, XSS, SQL injection, file retrieval, directory traversal, overflows, and URL encoding.

ATTACK_TYPE_MISS_CONFIG

boolean

This value is T if the attack type is misconfiguration. For example, default files, debugging enabled, and directory indexing.

ATTACK_TYPE_RACE

boolean

This value is T if the attack type is race condition. For example, symlink.

ATTACK_TYPE_OTHER

boolean

This value is T if the attack type does not fall under any of the above attack types.

ATTACK_TYPE_UNKNOWN

boolean

This value is T if the attack type is unknown.

IMPACT_CONFIDENTIAL

boolean

This value is T if the impact of the attack(s) is loss of confidential information. For example, passwords, server information, environment variables, confirmation of file existence, path disclosure, file content access, and SQL injection.

IMPACT_INTEGRITY

boolean

This value is T if the impact of the attack(s) is loss of integrity, which results in data modifications by unauthorized persons. For example, unauthorized file modification, deletion, or creation, remote file inclusion, and arbitrary command execution.

IMPACT_AVAILABLE

boolean

This value is T if the impact of the attack is loss of availability of a service or information.

IMPACT_UNKNOWN

boolean

This value is T if the impact of the attack is unknown.

EXPLOIT_AVAILABLE

boolean

This value is T if an exploit is available for the vulnerability.

EXPLOIT_UNAVAILABLE

boolean

This value is T if an exploit is not available for the vulnerability.

EXPLOIT_RUMORED

boolean

This value is T if an exploit is rumored to exist for the vulnerability.

EXPLOIT_UNKNOWN

boolean

This value is T if an exploit is unknown for the vulnerability.

VULN_VERIFIED

boolean

This value is T if the existence of the vulnerability has been verified.

VULN_MYTH_FAKE

boolean

This value is T if the vulnerability is a myth or a false alarm.

VULN_BEST_PRAC

boolean

This value is T if the vulnerability is a result of not following the best practices in the configuration or usage of the vulnerable system or software.

VULN_CONCERN

boolean

This value is T if the vulnerability requires additional concern for remediation.

VULN_WEB_CHECK

boolean

This value is T if the vulnerability is a common problem in Web servers or Web applications.

ATTACK_SCENARIO

text

Description of how a vulnerability can be exploited.

SOLUTION_DESCRIPTION

text

Description of the solution that is used to fix the vulnerability.

FULL_DESCRIPTION

text

The complete description of the vulnerability.

LOCATION_PHYSICAL

boolean

This value is T if the vulnerability can be exploited with only physical system access.

LOCATION_LOCAL

boolean

This value is T if the vulnerability can be exploited on a local system.

LOCATION_REMOTE

boolean

This value is T if the vulnerability can be exploited on a remote system.

LOCATION_DIALUP

boolean

This value is T if the vulnerability can be exploited using a dial-up connection.

LOCATION_UNKNOWN

boolean

This value is T if the vulnerability is exploited in an unknown location.

PUBLISHED

timestamp without time zone

Time stamp indicating when the vulnerability was published in the OSVDB.

INSERTED

timestamp without time zone

Time stamp indicating when the vulnerability was inserted in the vendor database.

UPDATED

timestamp without time zone

Time stamp indicating when the vulnerability was updated in the vendor database.

DATE_CREATED

timestamp without time zone

Time stamp indicating when the vulnerability information was entered in the Sentinel database.

DATE_MODIFIED

timestamp without time zone

Time stamp indicating when the vulnerability information was modified in the Sentinel database.

CREATED_BY

integer

The ID of the user who entered the vulnerability information in the Sentinel database.

MODIFIED_BY

integer

The ID of the user who modified the vulnerability information in the Sentinel database.

6.1.10 ADV_NXS_KB_PATCH_V

This view contains information about the patches that are required to remove the vulnerabilities.

Column Name

Datatype

Comment

ID

integer

The unique ID for the row.

OSVDB_ID

integer

The ID of the vulnerability in the OSVDB.

TYPE_NAME

character varying (128)

The type of the patch used to remove the vulnerability.

TYPE_ID

integer

The unique ID of the patch.

REF_VALUE

text

The URL that has the patch information.

DATE_CREATED

timestamp without time zone

Time stamp indicating when the patch information was entered in the Sentinel database.

DATE_MODIFIED

timestamp without time zone

Time stamp indicating when the patch information was modified in the Sentinel database.

CREATED_BY

integer

The ID of the user who entered the patch information in the Sentinel database.

MODIFIED_BY

integer

The ID of the user who modified the patch information in the Sentinel database.

6.1.11 ADV_NXS_KB_PRODUCTSREF_V

This view contains the information about the products that are affected by the vulnerability.

Column Name

Datatype

Comment

ID

integer

The unique ID for the row.

OSVDB_ID

integer

The ID of the vulnerability in the OSVDB.

VENDOR_NAME

character varying (128 char)

Name of the vendor of the product that is affected by the vulnerability.

VERSION_NAME

character varying (128 char)

Version of the product that is affected by the vulnerability.

BASE_NAME

character varying (128 char)

Name of the product that is affected by the vulnerability.

TYPE_NAME

character varying (128 char)

Indicates whether the product is affected by the vulnerability or not.

DATE_CREATED

timestamp without time zone

Time stamp indicating when the product information was entered in the Sentinel database.

DATE_MODIFIED

timestamp without time zone

Time stamp indicating when the product information was modified in the Sentinel database.

CREATED_BY

integer

The ID of the user who entered the product information in the Sentinel database.

MODIFIED_BY

integer

The ID of the user who modified the product information in the Sentinel database.

6.1.12 ANNOTATIONS_RPT_V

View references ANNOTATIONS table that stores documentation or notes that can be associated with objects in the Sentinel Rapid Deployment system such as cases and incidents.

Column Name

Datatype

Comment

ANN_ID

integer

Annotation identifier - sequence number.

TEXT

character varying(4000)

Documentation or notes.

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

MODIFIED_BY

integer

User who last modified object

CREATED_BY

integer

User who created object

ACTION

character varying(255)

Action

6.1.13 ASSET_CATEGORY_RPT_V

View references ASSET_CTGRY table that stores information about asset categories

Column Name

Datatype

Comment

ASSET_CATEGORY_ID

bigint

Asset category identifier

ASSET_CATEGORY_NAME

character varying(100)

Asset category name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.14 ASSET_HOSTNAME_RPT_V

View references ASSET_HOSTNAME table that stores information about alternate host names for assets.

Column Name

Datatype

Comment

ASSET_HOSTNAME_ID

uuid

Asset alternate hostname identifier

PHYSICAL_ASSET_ID

uuid

Physical asset identifier

HOST_NAME

character varying(255)

Host name

CUST_ID

bigint

Customer identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.15 ASSET_IP_RPT_V

View references ASSET_IP table that stores information about alternate IP addresses for assets.

Column Name

Datatype

Comment

ASSET_IP_ID

uuid

Asset alternate IP identifier

PHYSICAL_ASSET_ID

uuid

Physical asset identifier

IP_ADDRESS

integer

Asset IP address

CUST_ID

bigint

Customer identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.16 ASSET_LOCATION_RPT_V

View references ASSET_LOC table that stores information about asset locations.

Column Name

Datatype

Comment

LOCATION_ID

bigint

Location identifier

CUST_ID

bigint

Customer identifier

BUILDING_NAME

character varying(255)

Building name

ADDRESS_LINE_1

character varying(255)

Address line 1

ADDRESS_LINE_2

character varying(255)

Address line 2

CITY

character varying(100)

City

STATE

character varying(100)

State

COUNTRY

character varying(100)

Country

ZIP_CODE

character varying(50)

Zip code

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.17 ASSET_RPT_V

View references ASSET table that stores information about the physical and soft assets.

Column Name

Datatype

Comment

ASSET_ID

uuid

Asset identifier

CUST_ID

bigint

Customer identifier

ASSET_NAME

character varying(255)

Asset name

PHYSICAL_ASSET_ID

uuid

Physical asset identifier

PRODUCT_ID

bigint

Product identifier

ASSET_CATEGORY_ID

bigint

Asset category identifier

ENVIRONMENT_IDENTITY_CD

bigint

Environment identify code

PHYSICAL_ASSET_IND

boolean

Physical asset indicator

ASSET_VALUE_CODE

bigint

Asset value code

CRITICALITY_ID

bigint

Asset criticality code

SENSITIVITY_ID

bigint

Asset sensitivity code

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.18 ASSET_VALUE_RPT_V

View references ASSET_VAL_LKUP table that stores information about the asset value.

Column Name

Datatype

Comment

ASSET_VALUE_ID

bigint

Asset value code

ASSET_VALUE_NAME

character varying(50)

Asset value name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.19 ASSET_X_ENTITY_X_ROLE_RPT_V

View references ASSET_X_ENTITY_X_ROLE table that associates a person or an organization to an asset.

Column Name

Datatype

Comment

PERSON_ID

uuid

Person identifier

ORGANIZATION_ID

uuid

Organization identifier

ROLE_CODE

character varying(5)

Role code

ASSET_ID

uuid

Asset identifier

ENTITY_TYPE_CODE

character varying(5)

Entity type code

PERSON_ROLE_SEQUENCE

integer

Order of persons under a particular role

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.20 ASSOCIATIONS_RPT_V

View references ASSOCIATIONS table that associates users to incidents, incidents to annotations and so on.

Column Name

Datatype

Comment

TABLE1

character varying(64)

Table name 1. For example, incidents

ID1

integer

ID1. For example, incident ID.

TABLE2

character varying(64)

Table name 2. For example, users.

ID2

integer

ID2. For example, user ID.

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.21 ATTACHMENTS_RPT_V

View references ATTACHMENTS table that stores attachment data.

Column Name

Datatype

Comment

ATTACHMENT_ID

integer

Attachment identifier

NAME

character varying(255)

Attachment name

SOURCE_REFERENCE

character varying(64)

Source reference

TYPE

character varying(32)

Attachment type

SUB_TYPE

character varying(32)

Attachment subtype

FILE_EXTENSION

character varying(32)

File extension

ATTACHMENT_DESCRIPTION

character varying(255)

Attachment description

DATA

text

Attachment data

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.22 AUDIT_RECORD_RPT_V

View references AUDIT_RECORD table that stores Sentinel Rapid Deployment internal audit data.

Column Name

Datatype

Comment

AUDIT_ID

uuid

Audit record identifier

AUDIT_TYPE

character varying(255)

Audit type

SRC

character varying(255)

Audit source

SENDER_HOSTNAME

character varying(255)

Sender hostname

SENDER_HOST_IP

character varying(255)

Sender host IP

SENDER_CONTAINER

character varying(255)

Sender container name

SENDER_ID

character varying(255)

Sender Identifier

CLIENT

character varying(255)

Client application that requested audit

EVT_NAME

character varying(255)

Event name

RES

character varying(255)

Event resource

SRES

character varying(255)

Event sub-resource

MSG

character varying(500)

Event message

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.23 CONFIGS_RPT_V

View references CONFIGS table that stores general configuration information of the application.

Column Name

Datatype

Comment

USR_ID

character varying(32)

User name

APPLICATION

character varying(255)

Application identifier

UNIT

character varying(64)

Application unit

VALUE

character varying(255)

Text value if any

DATA

text

XML data

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.24 CONTACTS_RPT_V

View references CONTACTS table that stores contact information.

Column Name

Datatype

Comment

CNT_ID

integer

Contact ID - Sequence number

FIRST_NAME

character varying(20)

Contact first name

LAST_NAME

character varying(30)

Contact last name

TITLE

character varying(128)

Contact title

DEPARTMENT

character varying(128)

Department

PHONE

character varying(64)

Contact phone

EMAIL

character varying(255)

Contact email

PAGER

character varying(64)

Contact pager

CELL

character varying(64)

Contact cell phone

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.25 CORRELATED_EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New reports should use CORRELATED_EVENTS_RPT_V1.

6.1.26 CORRELATED_EVENTS_RPT_V1

View contains current and historical correlated events (correlated events imported from archives).

Column Name

Datatype

Comment

PARENT_EVT_ID

uuid

Event Universal Unique Identifier (UUID) of parent event

CHILD_EVT_ID

uuid

Event Universal Unique Identifier (UUID) of child event

PARENT_EVT_TIME

timestamp with time zone

Parent event time

CHILD_EVT_TIME

timestamp with time zone

Child event time

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.27 CRITICALITY_RPT_V

View references CRIT_LKUP table that contains information about asset criticality.

Column Name

Datatype

Comment

CRITICALITY_ID

bigint

Asset criticality code

CRITICALITY_NAME

character varying(50)

Asset criticality name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.28 CUST_HIERARCHY_V

View references CUST_HIERARCHY table that stores information about MSSP customer hierarchy.

Column Name

Datatype

Comment

CUST_HIERARCHY_ID

bigint

Customer hierarchy ID

CUST_NAME

character varying(255)

Customer

CUST_HIERARCHY_LVL1

character varying(255)

Customer hierarchy level 1

CUST_HIERARCHY_LVL2

character varying(255)

Customer hierarchy level 2

CUST_HIERARCHY_LVL3

character varying(255)

Customer hierarchy level 3

CUST_HIERARCHY_LVL4

character varying(255)

Customer hierarchy level 4

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.29 CUST_RPT_V

View references CUST table that stores customer information for MSSPs.

Column Name

Datatype

Comment

CUST_ID

bigint

Customer identifier

CUSTOMER_NAME

character varying(255)

Customer name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.30 ENTITY_TYPE_RPT_V

View references ENTITY_TYP table that stores information about entity types (person, organization).

Column Name

Datatype

Comment

ENTITY_TYPE_CODE

character varying(5)

Entity type code

ENTITY_TYPE_NAME

character varying(50)

Entity type name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.31 ENV_IDENTITY_RPT_V

View references ENV_IDENTITY_LKUP table that stores information about asset environment identity.

Column Name

Datatype

Comment

ENVIRONMENT_IDENTITY_ID

bigint

Environment identity code

ENV_IDENTITY_NAME

character varying(255)

Environment identity name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.32 ESEC_CONTENT_GRP_CONTENT_RPT_V

View contains information about Solution Packs.

Column Name

Datatype

Comment

CONTENT_GRP_ID

uuid

Content group identifier

CONTENT_ID

character varying(255)

Content identifier

CONTENT_TYP

character varying(100)

Content type

CONTENT_HASH

character varying(255)

Content hash

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.33 ESEC_CONTENT_GRP_RPT_V

View contains information about Solution Packs.

Column Name

Datatype

Comment

CONTENT_GRP_ID

uuid

Content group identifier

CONTENT_GRP_NAME

character varying(255)

Content group name

CONTENT_GRP_DESC

text

Content group description

CTRL_ID

uuid

Control identifier

CONTENT_EXTERNAL_ID

character varying(255)

Content external identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.34 ESEC_CONTENT_PACK_RPT_V

View contains information about Solution Packs.

Column Name

Datatype

Comment

CONTENT_PACK_ID

uuid

Content pack identifier

CONTENT_PACK_DESC

text

Content pack description

CONTENT_PACK_NAME

character varying(255)

Content pack name

CONTENT_EXTERNAL_ID

character varying(255)

Content external identifier

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

DATE_CREATED

timestamp with time zone

Date the entry was created

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.35 ESEC_CONTENT_RPT_V

View contains information about Solution Packs.

Column Name

Datatype

Comment

CONTENT_ID

character varying(255)

Content identifier

CONTENT_NAME

character varying(255)

Content name

CONTENT_DESC

text

Content description

CONTENT_STATE

integer

Content state

CONTENT_TYP

character varying(100)

Content type

CONTENT_CONTEXT

text

Content context

CONTENT_HASH

character varying(255)

Content hash

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

MODIFIED_BY

integer

User who last modified object

CREATED_BY

integer

User who created object

6.1.36 ESEC_CTRL_CTGRY_RPT_V

View contains information about Solution Packs.

Column Name

Datatype

Comment

CTRL_CTGRY_ID

uuid

Control category identifier

CTRL_CTGRY_DESC

text

Control category description

CTRL_CTGRY_NAME

character varying(255)

Control category name

CONTENT_PACK_ID

uuid

Content pack identifier

CONTENT_EXTERNAL_ID

character varying(255)

Content external identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.37 ESEC_CTRL_RPT_V

View contains information about Solution Packs.

Column Name

Datatype

Comment

CTRL_ID

uuid

Control identifier

CTRL_NAME

character varying(255)

Control name

CTRL_DESC

text

Control description

CTRL_STATE

integer

Control state

CTRL_NOTES

text

Control notes

CTRL_CTGRY_ID

uuid

Control category identifier

CONTENT_EXTERNAL_ID

character varying(255)

Content external identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.38 ESEC_DISPLAY_RPT_V

View references ESEC_DISPLAY table that stores displayable properties of objects. Currently used in renaming meta-tags. Used with Event Configuration (Business Relevance).

Column Name

Datatype

Comment

DISPLAY_OBJECT

character varying(32)

The parent object of the property

TAG

character varying(32)

The native tag name of the property

LABEL

character varying(32)

The display string of tag.

POSITION

integer

Position of tag within display.

WIDTH

integer

The column width

ALIGNMENT

integer

The horizontal alignment

FORMAT

integer

The enumerated formatter for displaying the property

ENABLED

boolean

Indicates if the tag is shown.

TYPE

integer

Indicates datatype of tag.

1 = string

2 = ulong

3 = timestamp with time zone

4 = uuid

5 = ipv4

DESCRIPTION

character varying(255)

Textual description of the tag

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

REF_CONFIG

character varying(4000)

Referential data configuration

6.1.39 ESEC_PORT_REFERENCE_RPT_V

View references ESEC_PORT_REFERENCE table that stores industry standard assigned port numbers.

Column Name

Datatype

Comment

PORT_NUMBER

integer

Per http://www.iana.org/assignments/port-numbers, the numerical representation of the port. This port number is typically associated with the Transport Protocol level in the TCP/IP stack.

PROTOCOL_NUMBER

integer

Per http://www.iana.org/assignments/protocol-numbers, the numerical identifiers used to represent protocols that are encapsulated in an IP packet.

PORT_KEYWORD

character varying(64)

Per http://www.iana.org/assignments/port-numbers, the keyword representation of the port.

PORT_DESCRIPTION

character varying(512)

Port description

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.40 ESEC_PROTOCOL_REFERENCE_RPT_V

View references ESEC_PROTOCOL_REFERENCE table that stores industry standard assigned protocol numbers.

Column Name

Datatype

Comment

PROTOCOL_NUMBER

integer

Per http://www.iana.org/assignments/protocol-numbers, the numerical identifiers used to represent protocols that are encapsulated in an IP packet.

PROTOCOL_KEYWORD

character varying(64)

Per http://www.iana.org/assignments/protocol-numbers, the keyword used to represent protocols that are encapsulated in an IP packet.

PROTOCOL_DESCRIPTION

character varying(512)

IP packet protocol description

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.41 ESEC_SEQUENCE_RPT_V

View references ESEC_SEQUENCE table that’s used to generate primary key sequence numbers for Sentinel Rapid Deployment tables.

Column Name

Datatype

Comment

TABLE_NAME

character varying(32)

Name of the table.

COLUMN_NAME

character varying(255)

Name of the column

SEED

integer

Current value of primary key field

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.42 ESEC_UUID_UUID_ASSOC_RPT_V

Contains information about object relationships. Used internally by Sentinel Rapid Deployment and not for reporting purposes.

Column Name

Datatype

Comment

OBJECT1

character varying(64)

Object 1

ID1

uuid

UUID for object 1

OBJECT2

character varying(64)

Object 2

ID2

uuid

UUID for object 2

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.43 EVENTS_ALL_RPT_V (legacy view)

This view is provided for backward compatibility. View contains current and historical events (events imported from archives).

6.1.44 EVENTS_ALL_RPT_V1 (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current events.

6.1.45 EVENTS_ALL_V (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current events.

6.1.46 EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current and historical events.

6.1.47 EVENTS_RPT_V1 (legacy view)

This view is provided for backward compatibility. New reports should use EVENT_ALL_RPT_V. View contains current events.

6.1.48 EVENTS_RPT_V2

EVENTS_RPT_V2 is included for legacy reports but has been replaced in Sentinel 61 RD with EVENTS_RPT_V3.

Column Name

Datatype

Comment

EVENT_ID

uuid

Event identifier

RESOURCE_NAME

character varying(255)

Resource name

SUB_RESOURCE

character varying(255)

Subresource name

SEVERITY

integer

Event severity

EVENT_PARSE_TIME

timestamp with time zone

Event time

EVENT_DATETIME

timestamp with time zone

Event time

EVENT_DEVICE_TIME

timestamp with time zone

Event device time

SENTINEL_PROCESS_TIME

timestamp with time zone

Sentinel RD process time

BEGIN_TIME

timestamp with time zone

Events begin time

END_TIME

timestamp with time zone

Events end time

REPEAT_COUNT

integer

Events repeat count

DESTINATION_PORT_INT

integer

Destination port (integer)

SOURCE_PORT_INT

integer

Source port (integer)

BASE_MESSAGE

character varying(4000)

Base message

EVENT_NAME

character varying(255)

Name of the event as reported by the sensor

EVENT_TIME

character varying(255)

Event time as reported by the sensor

CUST_ID

bigint

Customer identifier

SOURCE_ASSET_ID

bigint

Source asset identifier

DESTINATION_ASSET_ID

bigint

Destination asset identifier

AGENT_ID

bigint

Collector identifier

PROTOCOL_ID

bigint

Protocol identifier

ARCHIVE_ID

bigint

Archive identifier

SOURCE_IP

integer

Source IP address in numeric format

SOURCE_IP_DOTTED

character varying

Source IP in dotted format

SOURCE_HOST_NAME

character varying(255)

Source host name

SOURCE_PORT

character varying(32)

Source port

DESTINATION_IP

integer

Destination IP address in numeric format

DESTINATION_IP_DOTTED

character varying

Destination in dotted format

DESTINATION_HOST_NAME

character varying(255)

Destination host name

DESTINATION_PORT

character varying(32)

Destination port

SOURCE_USER_NAME

character varying(255)

Source user name

DESTINATION_USER_NAME

character varying(255)

Destination user name

FILE_NAME

character varying(1000)

File name

EXTENDED_INFO

character varying(1000)

Extended information

CUSTOM_TAG_1

character varying(255)

Customer Tag 1

CUSTOM_TAG 2

character varying(255)

Customer Tag 2

CUSTOM_TAG 3

integer

Customer Tag 3

RESERVED_TAG_1

character varying(255)

Reserved Tag 1

Reserved for future use by Novell. This field is used for Advisor information concerning attack descriptions.

RESERVED_TAG_2

character varying(255)

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RESERVED_TAG_3

integer

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

VULNERABILITY_RATING

integer

Vulnerability rating

CRITICALITY_RATING

integer

Criticality rating

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

RV01 - 10

integer

Reserved Value 1 - 10

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV11 - 20

timestamp with time zone

Reserved Value 11 - 20

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV21 - 25

uuid

Reserved Value 21 - 25

Reserved for future use by Novell to store UUIDs. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV26 - 31

character varying(255)

Reserved Value 26 - 31

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV33

character varying(255)

Reserved Value 33

Reserved for EventContex

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV34

character varying(255)

Reserved Value 34

Reserved for SourceThreatLevel

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV35

character varying(255)

Reserved Value 35

Reserved for SourceUserContext.

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV36

character varying(255)

Reserved Value 36

Reserved for DataContext.

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV37

character varying(255)

Reserved Value 37

Reserved for SourceFunction.

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV38

character varying(255)

Reserved Value 38

Reserved for SourceOperationalContext.

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV40 - 43

character varying(255)

Reserved Value 40 - 43

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV44

character varying(255)

Reserved Value 44

Reserved for DestinationThreatLevel.

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV45

character varying(255)

Reserved Value 45

Reserved for DestinationUserContext.

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV46

character varying(255)

Reserved Value 46

Reserved for VirusStatus.

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV47

character varying(255)

Reserved Value 47

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV48

character varying(255)

Reserved Value 48

Reserved for DestinationOperationalContext.

Use of this field for any other purpose might result in data being overwritten by future functionality.

RV49

character varying(255)

Reserved Value 49

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

TAXONOMY_ID

bigint

Taxonomy identifier

REFERENCE_ID_01 - 20

bigint

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

CV01 - 10

integer

Custom Value 1 - 10

Reserved for use by Customer, typically for association of Business relevant data.

CV11 - 20

timestamp with time zone

Custom Value 11 - 20

Reserved for use by Customer, typically for association of Business relevant data.

CV21 - 29

character varying(255)

Custom Value 21 – 29

Reserved for use by Customer, typically for association of Business relevant data.

CV30 - 34

character varying(4000)

Custom Value 30 – 34

Reserved for use by Customer, typically for association of Business relevant data.

CV35 – 100

character varying(255)

Custom Value 35 – 100

Reserved for use by Customer, typically for association of Business relevant data.

6.1.49 EVENTS_RPT_V3

This is the primary reporting view for Sentinel Rapid Deployment. This view contains current event and historical events.

Column Name

Datatype

Comment

EVENT_ID

uuid

Event identifier

RESOURCE_NAME

character varying(255)

Resource name

SUB_RESOURCE

character varying(255)

Subresource name

SEVERITY

integer

Event severity

EVENT_PARSE_TIME

timestamp with time zone

Event time

EVENT_DATETIME

timestamp with time zone

Event date time

EVENT_DEVICE_TIME

timestamp with time zone

Event device time

SENTINEL_PROCESS_TIME

timestamp with time zone

Sentinel RD process time

BEGIN_TIME

timestamp with time zone

Events begin time

END_TIME

timestamp with time zone

Events end time

REPEAT_COUNT

integer

Repeat count

TARGET_SERVICE_PORT

integer

Target service port

INIT_SERVICE_PORT

integer

Service port

BASE_MESSAGE

character varying(4000)

Base message

EVENT_NAME

character varying(255)

Event name

EVENT_TIME

character varying(255)

Event time

CUST_ID

bigint

Customer identifier

INIT_ASSET_ID

bigint

Initiator asset identifier

TARGET_ASSET_ID

bigint

Target asset identifier

AGENT_ID

bigint

Agent identifier

PROTOCOL_ID

bigint

Protocol identifier

ARCHIVE_ID

bigint

Archive id

INIT_IP

integer

IP

INIT_IP_DOTTED

character varying

IP dotted

INIT_HOST_NAME

character varying(255)

Host name

INIT_SERVICE_PORT_NAME

character varying(32)

Service port name

TARGET_IP

integer

Target IP

TARGET_IP_DOTTED

character varying

Dotted Target IP

TARGET_HOST_NAME

character varying(255)

Target host name

TARGET_SERVICE_PORT_NAME

character varying(32)

Target service port name

INIT_USER_NAME

character varying(255)

User name

TARGET_USER_NAME

character varying(255)

Target user name

FILE_NAME

character varying(1000)

File name

EXTENDED_INFO

character varying(1000)

Extended info

INIT_USER_ID

character varying(255)

Initiator user ID

INIT_USER_IDENTITY

uuid

Initiator user identity

TARGET_USER_ID

character varying(255)

Target user ID

TARGET_USER_IDENTITY

uuid

Target user identity

EFFECTIVE_USER_NAME

character varying(255)

Effective user name

EFFECTIVE_USER_ID

character varying(255)

Effective user ID

EFFECTIVE_USER_DOMAIN

character varying(255)

Effective user domain

TARGET_TRUST_NAME

character varying(255)

Target trust name

TARGET_TRUST_ID

character varying(255)

Target trust ID

TARGET_TRUST_DOMAIN

character varying(255)

Target trust domain

OBSERVER_IP

integer

Observer IP address in numeric format.

OBSERVER_IP_DOTTED

character varying

Observer IP

REPORTER_IP

integer

Reporter IP address in numeric format.

REPORTER_IP_DOTTED

character varying

Reporter ID

OBSERVER_HOST_DOMAIN

character varying(255)

Observer host domain

REPORTER_HOST_DOMAIN

character varying(255)

Reporter host domain

OBSERVER_ASSET_ID

bigint

Observer asset identifier

REPORTER_ASSET_ID

bigint

Reporter asset identifier

INIT_SERVICE_COMP

character varying(255)

Initiator service component

TARGET_SERVICE_COMP

character varying(255)

Target service component

EVENT_GROUP_ID

character varying(255)

Event group id

CUSTOM_TAG_1

character varying(255)

Customer Tag 1

CUSTOM_TAG_2

character varying(255)

Customer Tag 2

CUSTOM_TAG_3

integer

Customer Tag 3

RESERVED_TAG_1

character varying(255)

Reserved Tag 1

RESERVED_TAG_2

character varying(255)

Reserved Tag 2

RESERVED_TAG_3

integer

Reserved Tag 3

VULNERABILITY_RATING

integer

Vulnerability rating

CRITICALITY_RATING

integer

Criticality rating

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

RV01

integer

Reserved Value 1

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

EVENT_METRIC

integer

Event metric

DATA_TAG_ID

integer

Data tag ID

RV04-RV10

integer

Reserved Value 04 - 10

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV11-RV20

timestamp with time zone

Reserved Value 11 - 20Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV21- RV25

uuid

Reserved Value 21 - 25

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

RV26- RV27

character varying(255)

Reserved Value 26 - 27

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

EVENT_METRIC_CLASS

character varying(255)

Event metric class

INIT_IP_COUNTRY

character varying(255)

IP country

TARGET_IP_COUNTRY

character varying(255)

Target IP country

RV31

character varying(255)

Reserved Value 31

RV33

character varying(255)

Reserved Value 33

INIT_THREAT_LEVEL

character varying(255)

Initiator treat level

INIT_USER_DOMAIN

character varying(255)

Initiator user domain

RV36

character varying(255)

Reserved Value 36

INIT_FUNCTION

character varying(255)

Initiator function

INIT_OPERATIONAL_CONTEXT

character varying(255)

Initiator operational context

RV40

character varying(255)

Reserved Value 40

TARGET_HOST_DOMAIN

character varying(255)

Target host domain

INIT_HOST_DOMAIN

character varying(255)

Host domain

RV43

character varying(255)

Reserved Value 43

TARGET_THREAT_LEVEL

character varying(255)

Target threat level

TARGET_USER_DOMAIN

character varying(255)

Target user domain

RV46

character varying(255)

Reserved Value 46

TARGET_FUNCTION

character varying(255)

Target function

TARGET_OPERATIONAL_CONEXT

character varying(255)

Target operational context

RV49

character varying(255)

Reserved Value 49

TAXONOMY_ID

bigint

Taxonomy identifier

XDAS_TAXONOMY_ID

bigint

XDAS taxonomy identifier

REFERENCE_ID_01-REFERENCE_ID_20

bigint

Reference ID 01-20

CV01-CV10

integer

Custom Value 01 - 10

Reserved for use by Customer, typically for association of Business relevant data.

CV11-CV20

timestamp with time zone

Custom Value 11 - 20

Reserved for use by Customer, typically for association of Business relevant data.

CV21- CV29

character varying(255)

Custom Value 21 - 29

Reserved for use by Customer, typically for association of Business relevant data.

CV30- CV34

character varying(4000)

Custom Value 30 - 34

Reserved for use by Customer, typically for association of Business relevant data.

CV35- CV100

character varying(255)

Custom Value 35 - 100

Reserved for use by Customer, typically for association of Business relevant data.

CUSTOMER_VAR_101-CUSTOMER_VAR_110

integer

Customer variable 101 - 110

CUSTOMER_VAR_111-CUSTOMER_VAR_120

timestamp with time zone

Customer variable 111 - 120

CUSTOMER_VAR_121-CUSTOMER_VAR_130

uuid

Customer variable 121 - 130

CUSTOMER_VAR_131-CUSTOMER_VAR_140

integer

Customer variable 131 - 140

CUSTOMER_VAR_131_DOTTED-CUSTOMER_VAR_140_DOTTED

character varying

Customer variable 131 - 140 Dotted

CUSTOMER_VAR_141-CUSTOMER_VAR_150

character varying(255)

Customer variable 141 - 150

6.1.50 EVT_AGENT_RPT_V

View references EVT_AGENT table that stores information about Collectors.

Column Name

Datatype

Comment

AGENT_ID

bigint

Collector identifier

CUST_ID

bigint

Customer identifier

AGENT

character varying(64)

Collector name

PORT

character varying(64)

Collector port

REPORT_NAME

character varying(255)

Reporter name

PRODUCT_NAME

character varying(255)

Product name

SENSOR_NAME

character varying(255)

Sensor name

SENSOR_TYPE

character varying(5)

Sensor type:

H - host-based

N - network-based

V - virus

O – other

DEVICE_CATEGORY

character varying(255)

Device category

SOURCE_UUID

uuid

Source component Universal Unique Identifier (UUID)

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.51 EVT_AGENT_RPT_V3

View references EVT_AGENT table that stores information about Collectors. The column names in this view reflects the name change of Sensor to Observer. This view is designed for use in Sentinel Rapid Deployment.

Column Name

Datatype

Comment

AGENT_ID

bigint

Collector identifier

CUST_ID

bigint

Customer identifier

AGENT

character varying(64)

Collector

PORT

character varying(64)

Port

REPORTER_HOST_NAME

character varying(255)

Reporter host name

PRODUCT_NAME

character varying(255)

Product name

OBSERVER_HOST_NAME

character varying(255)

Observer host name

SENSOR_TYPE

character varying(5)

Sensor type:

H - host-based

N - network-based

V - virus

O - other

DEVICE_CATEGORY

character varying(255)

Device category

SOURCE_UUID

uuid

Source component Universal Unique Identifier (UUID)

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.52 EVT_ASSET_RPT_V

View references EVT_ASSET table that stores asset information.

Column Name

Datatype

Comment

EVENT_ASSET_ID

bigint

Event asset identifier

CUST_ID

bigint

Customer identifier

ASSET_NAME

character varying(255)

Asset name

PHYSICAL_ASSET_NAME

character varying(255)

Physical asset name

REFERENCE_ASSET_ID

character varying(100)

Reference asset identifier, links to source asset management system.

MAC_ADDRESS

character varying(100)

MAC address

RACK_NUMBER

character varying(50)

Rack number

ROOM_NAME

character varying(100)

Room name

BUILDING_NAME

character varying(255)

Building name

CITY

character varying(100)

City

STATE

character varying(100)

State

COUNTRY

character varying(100)

Country

ZIP_CODE

character varying(50)

Zip code

ASSET_CATEGORY_NAME

character varying(100)

Asset category name

NETWORK_IDENTITY_NAME

character varying(255)

Asset network identity name

ENVIRONMENT_IDENTITY_NAME

character varying(255)

Environment name

ASSET_VALUE_NAME

character varying(50)

Asset value name

CRITICALITY_NAME

character varying(50)

Asset criticality name

SENSITIVITY_NAME

character varying(50)

Asset sensitivity name

CONTACT_NAME_1

character varying(255)

Name of contact person/organization 1

CONTACT_NAME_2

character varying(255)

Name of contact person/organization 2

ORGANIZATION_NAME_1

character varying(100)

Asset owner organization level 1

ORGANIZATION_NAME_2

character varying(100)

Asset owner organization level 2

ORGANIZATION_NAME_3

character varying(100)

Asset owner organization level 3

ORGANIZATION_NAME_4

character varying(100)

Asset owner organization level 4

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.53 EVT_ASSET_RPT_V3

View references EVT_ASSET table that stores asset information. This view is designed for Sentinel Rapid Deployment.

Column Name

Datatype

Comment

ASSET_CRITICALITY

character varying(50)

Asset criticality

ASSET_CLASS

character varying(100)

Asset class

ASSET_FUNCTION

character varying(255)

Asset function

ASSET_DEPARTMENT

character varying(100)

Asset department

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

EVENT_ASSET_ID

bigint

Event asset identifier

CUST_ID

bigint

Customer identifier

ASSET_NAME

character varying(255)

Asset name

PHYSICAL_ASSET_NAME

character varying(255)

Physical asset name

REFERENCE_ASSET_ID

character varying(100)

Reference asset identifier, links to source asset management system.

MAC_ADDRESS

character varying(100)

MAC address

RACK_NUMBER

character varying(50)

Rack number

ROOM_NAME

character varying(100)

Room name

BUILDING_NAME

character varying(255)

Building name

CITY

character varying(100)

City

STATE

character varying(100)

State

COUNTRY

character varying(100)

Country

ZIP_CODE

character varying(50)

Zip code

NETWORK_IDENTITY_NAME

character varying(255)

Asset network identity name

ASSET_VALUE_NAME

character varying(50)

Asset value name

SENSITIVITY_NAME

character varying(50)

Asset sensitivity name

CONTACT_NAME_1

character varying(255)

Name of contact person/organization 1

CONTACT_NAME_2

character varying(255)

Name of contact person/organization 2

ORGANIZATION_NAME_1

character varying(100)

Asset owner organization level 1

ORGANIZATION_NAME_2

character varying(100)

Asset owner organization level 2

ORGANIZATION_NAME_3

character varying(100)

Asset owner organization level 3

6.1.54 EVT_DEST_EVT_NAME_SMRY_1_RPT_V

View summarizes event count by destination, taxonomy, event name, severity and event time.

Column Name

Datatype

Comment

DESTINATION_IP

integer

Destination IP address

DESTINATION_EVENT_ASSET_ID

bigint

Event asset identifier

TAXONOMY_ID

bigint

Taxonomy identifier

EVENT_NAME_ID

bigint

Event name identifier

SEVERITY

integer

Event severity

CUST_ID

bigint

Customer identifier

EVENT_TIME

timestamp with time zone

Event time

XDAS_TAXONOMY_ID

bigint

Taxonomy identifier

EVENT_COUNT

integer

Event count

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DESTINATION_HOST_NAME

character varying(255)

Destination host name.

6.1.55 EVT_DEST_SMRY_1_RPT_V

View contains event destination summary information.

Column Name

Datatype

Comment

DESTINATION_IP

integer

Destination IP address

DESTINATION_EVENT_ASSET_ID

bigint

Event asset identifier

DESTINATION_PORT

character varying(32)

Destination port

DESTINATION_USER_ID

bigint

Destination user identifier

TAXONOMY_ID

bigint

Taxonomy identifier

EVENT_NAME_ID

bigint

Event name identifier

RESOURCE_ID

bigint

Resource identifier

AGENT_ID

bigint

Collector identifier

PROTOCOL_ID

bigint

Protocol identifier

SEVERITY

integer

Event severity

CUST_ID

bigint

Customer identifier

EVENT_TIME

timestamp with time zone

Event time

XDAS_TAXONOMY_ID

bigint

XDAS Taxonomy identifier

TARGET_USER_IDENTITY

uuid

User ID

EVENT_COUNT

integer

Event count

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DESTINATION_HOST_NAME

character varying(255)

Destination host name

6.1.56 EVT_DEST_TXNMY_SMRY_1_RPT_V

View summarizes event count by destination, taxonomy, severity and event time.

Column Name

Datatype

Comment

DESTINATION_IP

integer

Destination IP address

DESTINATION_EVENT_ASSET_ID

bigint

Event asset identifier

TAXONOMY_ID

bigint

Taxonomy identifier

SEVERITY

integer

Event severity

CUST_ID

bigint

Customer identifier

EVENT_TIME

timestamp with time zone

Event time

XDAS_TAXONOMY_ID

bigint

XDAS taxonomy identifier

EVENT_COUNT

integer

Event count

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DESTINATION_HOST_NAME

character varying(255)

Destination host name

6.1.57 EVT_NAME_RPT_V

View references EVT_NAME table that stores event name information.

Column Name

Datatype

Comment

EVENT_NAME_ID

bigint

Event name identifier

EVENT_NAME

character varying(255)

Event name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.58 EVT_PORT_SMRY_1_RPT_V

View summarizes event count by destination port, severity and event time.

Column Name

Datatype

Comment

DESTINATION_PORT

character varying(32)

Destination port

SEVERITY

integer

Event severity

CUST_ID

bigint

Customer identifier

EVENT_TIME

timestamp with time zone

Event time

EVENT_COUNT

integer

Event count

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.59 EVT_PRTCL_RPT_V

View references EVT_PRTCL table that stores event protocol information.

Column Name

Datatype

Comment

PROTOCOL_ID

bigint

Protocol identifier

PROTOCOL_NAME

character varying(255)

Protocol name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.60 EVT_PRTCL_RPT_V3

View references EVT_PRTCL table that stores event protocol information.

Column Name

Datatype

Comment

PROTOCOL_ID

bigint

Protocol identifier

PROTOCOL

character varying(255)

Protocol name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.61 EVT_RSRC_RPT_V

View references EVT_RSRC table that stores event resource information.

Column Name

Datatype

Comment

RESOURCE_ID

bigint

Resource identifier

CUST_ID

bigint

Customer Identifier

RESOURCE_NAME

character varying(255)

Resource name

SUB_RESOURCE_NAME

character varying(255)

Subresource name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.62 EVT_SEV_SMRY_1_RPT_V

View summarizes event count by severity and event time.

Column Name

Datatype

Comment

SEVERITY

integer

Event severity

CUST_ID

bigint

Customer identifier

EVENT_TIME

timestamp with time zone

Event time

EVENT_COUNT

integer

Event count

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.63 EVT_SRC_COLLECTOR_RPT_V

View contains information about the Event Source Management configuration.

Column Name

Datatype

Comment

EVT_SRC_COLLECTOR_ID

uuid

Event source collector identifier

SENTINEL_PLUGIN_ID

uuid

Sentinel RD plug-in identifier

EVT_SRC_MGR_ID

uuid

Event source manager identifier

EVT_SRC_COLLECTOR_NAME

character varying(255)

Event source collector name

STATE_IND

boolean

State indicator

EVT_SRC_COLLECTOR_PROPS

text

Event source collector prop

MAP_FILTER

text

Map filter

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.64 EVT_SRC_GRP_RPT_V

View contains information about the Event Source Management configuration.

Column Name

Datatype

Comment

EVT_SRC_GRP_ID

uuid

Event source group identifier

EVT_SRC_COLLECTOR_ID

uuid

Event source collector identifier

SENTINEL_PLUGIN_ID

uuid

Sentinel RD plugin identifier

EVT_SRC_SRVR_ID

uuid

Event source server identifier

EVT_SRC_GRP_NAME

character varying(255)

Event source group name

STATE_IND

boolean

State indicator

MAP_FILTER

text

Map filter

EVT_SRC_DEFAULT_CONFIG

text

Event source default configuration

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.65 EVT_SRC_MGR_RPT_V

View contains information about the Event Source Management configuration.

Column Name

Datatype

Comment

EVT_SRC_MGR_ID

uuid

Event source manager identifier

SENTINEL_ID

uuid

Sentinel RD identifier

SENTINEL_HOST_ID

uuid

Sentinel RD host identifier

EVT_SRC_MGR_NAME

character varying(255)

Event source manager name

STATE_IND

boolean

State indicator

EVT_SRC_MGR_CONFIG

text

Event source manager configuration

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.66 EVT_SRC_OFFSET_RPT_V

View contains information about the Event Source Management configuration.

Column Name

Datatype

Comment

EVT_SRC_ID

uuid

Event source identifier

OFFSET_VAL

text

Offset value

OFFSET_TIMESTAMP

timestamp with time zone

Offset timestamp

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.67 EVT_SRC_RPT_V

View contains information about the Event Source Management configuration.

Column Name

Datatype

Comment

EVT_SRC_ID

uuid

Event source identifier

EVT_SRC_NAME

character varying(255)

Event source name

EVT_SRC_GRP_ID

uuid

Event source group identifier

STATE_IND

boolean

State indicator

MAP_FILTER

text

Map filter

EVT_SRC_CONFIG

text

Event source configuration

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.68 EVT_SRC_SMRY_1_RPT_V

View contains event source and destination summary information.

Column Name

Datatype

Comment

SOURCE_IP

integer

Source IP address

SOURCE_EVENT_ASSET_ID

bigint

Source event asset identifier

SOURCE_PORT

character varying(32)

Source port

SOURCE_USER_ID

bigint

Source user identifier

TAXONOMY_ID

bigint

Taxonomy identifier

EVENT_NAME_ID

bigint

Event name identifier

RESOURCE_ID

bigint

Resource identifier

AGENT_ID

bigint

Collector identifier

PROTOCOL_ID

bigint

Protocol identifier

SEVERITY

integer

Event severity

CUST_ID

bigint

Customer identifier

EVENT_TIME

timestamp with time zone

Event time

XDAS_TAXONOMY_ID

bigint

XDAS taxonomy identifier

INIT_USER_IDENTITY

uuid

User identity

EVENT_COUNT

integer

Event count

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

SOURCE_HOST_NAME

character varying(255)

Source host name

6.1.69 EVT_SRC_SRVR_RPT_V

View contains information about the Event Source Management configuration.

Column Name

Datatype

Comment

EVT_SRC_SRVR_ID

uuid

Event source server identifier

EVT_SRC_SRVR_NAME

character varying(255)

Event source server name

EVT_SRC_MGR_ID

uuid

Event source manager identifier

SENTINEL_PLUGIN_ID

uuid

Sentinel RD plugin identifier

STATE_IND

boolean

State indicator

EVT_SRC_SRVR_CONFIG

text

Event source server configuration

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.70 EVT_TXNMY_RPT_V

View references EVT_TXNMY table that stores event taxonomy information.

Column Name

Datatype

Comment

TAXONOMY_ID

bigint

Taxonomy identifier

TAXONOMY_LEVEL_1

character varying(100)

Taxonomy level 1

TAXONOMY_LEVEL_2

character varying(100)

Taxonomy level 2

TAXONOMY_LEVEL_3

character varying(100)

Taxonomy level 3

TAXONOMY_LEVEL_4

character varying(100)

Taxonomy level 4

DEVICE_CATEGORY

character varying(255)

Device category

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.71 EVT_USR_RPT_V

View references EVT_USR table that stores event user information.

Column Name

Datatype

Comment

USER_ID

bigint

User identifier

USER_NAME

character varying(255)

User name

USER_DOMAIN

character varying(255)

User domain

CUST_ID

bigint

Customer identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.72 EVT_XDAS_TXNMY_RPT_V

Column Name

Datatype

Comment

XDAS_TAXONOMY_NAME

character varying(255)

XDAS taxonomy name

XDAS_OUTCOME_NAME

character varying(255)

XDAS outcome name

XDAS_REGISTRY

integer

XDAS registry

XDAS_PROVIDER

integer

XDAS provider

XDAS_CLASS

integer

XDAS class

XDAS_IDENTIFIER

integer

XDAS identifier

XDAS_OUTCOME

integer

XDAS outcome

XDAS_DETAIL

integer

XDAS detail

XDAS_TAXONOMY_ID

bigint

XDAS taxonomy identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.73 EXTERNAL_DATA_RPT_V

View references EXTERNAL_DATA table that stores external data.

Column Name

Datatype

Comment

EXTERNAL_DATA_ID

integer

External data identifier

SOURCE_NAME

character varying(50)

Source name

SOURCE_DATA_ID

character varying(255)

Source data identifier

EXTERNAL_DATA

text

External data

EXTERNAL_DATA_TYPE

character varying(10)

External data type

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.74 HIST_CORRELATED_EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New report should use CORRELATED_EVENTS_RPT_V1 instead.

6.1.75 HIST_EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. Sentinel RD reports should use EVENTS_RPT_V2 instead. Sentinel RD reports should use EVENTS_RPT_V3 instead.

6.1.76 IMAGES_RPT_V

View references IMAGES table that stores system overview image information.

Column Name

Datatype

Comment

NAME

character varying(128)

Image name

TYPE

character varying(64)

Image type

DATA

text

Image data

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.77 INCIDENTS_ASSETS_RPT_V

View references INCIDENTS_ASSETS table that stores information about the assets that makeup incidents created in the Sentinel RD Console.

Column Name

Datatype

Comment

INC_ID

integer

Incident identifier – sequence number

ASSET_ID

uuid

Asset Universal Unique Identifier (UUID)

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.78 INCIDENTS_EVENTS_RPT_V

View references INCIDENTS_EVENTS table that stores information about the events that makeup incidents created in the Sentinel RD Console.

Column Name

Datatype

Comment

INC_ID

integer

Incident identifier – sequence number

EVT_ID

uuid

Event Universal Unique Identifier (UUID)

EVT_TIME

timestamp with time zone

Event time

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.79 INCIDENTS_RPT_V

View references INCIDENTS table that stores information describing the details of incidents created in the Sentinel RD Console.

Column Name

Datatype

Comment

INC_ID

integer

Incident identifier – sequence number

NAME

character varying(255)

Incident name

SEVERITY

integer

Incident severity

STT_ID

integer

Incident State ID

SEVERITY_RATING

character varying(32)

Average of all the event severities that comprise an incident.

VULNERABILITY_RATING

character varying(32)

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

CRITICALITY_RATING

character varying(32)

Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

INC_DESC

character varying(4000)

Incident description

INC_CAT

character varying(255)

Incident category

INC_PRIORITY

integer

Incident priority

INC_RES

character varying(4000)

Incident resolution

6.1.80 INCIDENTS_VULN_RPT_V

View references INCIDENTS_VULN table that stores information about the vulnerabilities that makeup incidents created in the Sentinel RD Console.

Column Name

Datatype

Comment

INC_ID

integer

Incident identifier – sequence number

VULN_ID

uuid

Vulnerability Universal Unique Identifier (UUID)

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.81 L_STAT_RPT_V

View references L_STAT table that stores statistical information.

Column Name

Datatype

Comment

RES_NAME

character varying(32)

Resource name

STATS_NAME

character varying(32)

Statistic name

STATS_VALUE

character varying(32)

Value of the statistic

OPEN_TOT_SECS

numeric

Number of seconds since 1970.

6.1.82 LOGS_RPT_V

View references LOGS_RPT table that stores logging information.

Column Name

Datatype

Comment

LOG_ID

integer

Sequence number

TIME

timestamp with time zone

Date of Log

MODULE

character varying(64)

Module log is for

TEXT

character varying(4000)

Log text

6.1.83 MSSP_ASSOCIATIONS_V

View references MSSP_ASSOCIATIONS table that associates an number key in one table to a UUID in another table.

Column Name

Datatype

Comment

TABLE1

character varying(64)

Table name 1

ID1

bigint

ID1

TABLE2

character varying(64)

Table name 2

ID2

uuid

ID2

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.84 NETWORK_IDENTITY_RPT_V

View references NETWORK_IDENTITY_LKUP table that stores asset network identity information.

Column Name

Datatype

Comment

NETWORK_IDENTITY_ID

bigint

Network identity code

NETWORK_IDENTITY_NAME

character varying(255)

Network identify name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.85 ORGANIZATION_RPT_V

View references ORGANIZATION table that stores organization (asset) information.

Column Name

Datatype

Comment

ORGANIZATION_ID

uuid

Organization identifier

ORGANIZATION_NAME

character varying(100)

Organization name

CUST_ID

bigint

Customer identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.86 PERSON_RPT_V

View references PERSION table that stores personal (asset) information.

Column Name

Datatype

Comment

PERSON_ID

uuid

Person identifier

FIRST_NAME

character varying(255)

First name

LAST_NAME

character varying(255)

Last name

CUST_ID

bigint

Customer identifier

PHONE_NUMBER

character varying(50)

Phone number

EMAIL_ADDRESS

character varying(255)

Email address

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.87 PHYSICAL_ASSET_RPT_V

View references PHYSICAL_ASSET table that stores physical asset information.

Column Name

Datatype

Comment

PHYSICAL_ASSET_ID

uuid

Physical asset identifier

CUST_ID

bigint

Customer identifier

HOST_NAME

character varying(255)

Host name

IP_ADDRESS

integer

IP address

LOCATION_ID

bigint

Location identifier

NETWORK_IDENTITY_ID

bigint

Network identity code

MAC_ADDRESS

character varying(100)

MAC address

RACK_NUMBER

character varying(50)

Rack number

ROOM_NAME

character varying(100)

Room name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.88 PRODUCT_RPT_V

View references PRDT table that stores asset product information.

Column Name

Datatype

Comment

PRODUCT_ID

bigint

Product identifier

PRODUCT_NAME

character varying(255)

Product name

PRODUCT_VERSION

character varying(100)

Product version

VENDOR_ID

bigint

Vendor identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.89 ROLE_RPT_V

View references ROLE_LKUP table that stores user role (asset) information.

Column Name

Datatype

Comment

ROLE_CODE

character varying(5)

Role code

ROLE_NAME

character varying(255)

Role name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.90 RPT_LABELS_RPT_V

View contains report label translations.

Column Name

Datatype

Comment

RPT_NAME

character varying(100)

Report name

LABEL_1 - 35

character varying(2000)

Translated report labels

6.1.91 SENSITIVITY_RPT_V

View references SENSITIVITY_LKUP table that stores asset sensitivity information.

Column Name

Datatype

Comment

SENSITIVITY_ID

bigint

Asset sensitivity code

SENSITIVITY_NAME

character varying(50)

Asset sensitivity name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.92 SENTINEL_HOST_RPT_V

View contains data used internally by Sentinel RD.

Column Name

Datatype

Comment

SENTINEL_HOST_ID

uuid

Sentinel RD host identifier

SENTINEL_ID

uuid

Sentinel RD identifier

SENTINEL_HOST_NAME

character varying(255)

Sentinel RD host name

HOST_NAME

character varying(255)

Host name

IP_ADDR

character varying(255)

Host IP address

HOST_OS

character varying(255)

Host operating system

HOST_OS_VERSION

character varying(255)

Host operating system version

MODIFIED_BY

integer

User who last modified object

CREATED_BY

integer

User who created object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.93 SENTINEL_PLUGIN_RPT_V

View contains data used internally by Sentinel RD.

Column Name

Datatype

Comment

SENTINEL_PLUGIN_ID

uuid

Sentinel RD plugin identifier

SENTINEL_PLUGIN_NAME

character varying(255)

Sentinel RD plugin name

SENTINEL_PLUGIN_TYPE

character varying(255)

Sentinel RD plugin type

FILE_NAME

character varying(512)

File name

CONTENT_PKG

text

Content package

FILE_HASH

character varying(255)

File hash

AUX_FILE_NAME

character varying(512)

Auxiliary file name

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.94 SENTINEL_RPT_V

View contains data used internally by Sentinel RD.

Column Name

Datatype

Comment

SENTINEL_ID

uuid

Sentinel RD identifier

SENTINEL_NAME

character varying(255)

Sentinel RD name

ONLINE_IND

boolean

Online indicator

STATE_IND

boolean

State indicator

SENTINEL_CONFIG

text

Sentinel RD configuration

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

6.1.95 STATES_RPT_V

View references STATES table that stores definitions of states defined by applications or context.

Column Name

Datatype

Comment

STT_ID

integer

State ID – sequence number

CONTEXT

character varying(64)

Context of the state. That is case, incident, user.

NAME

character varying(64)

Name of the state.

TERMINAL_FLAG

character varying(1)

Indicates if state of incident is resolved.

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

MODIFIED_BY

integer

User who last modified object

CREATED_BY

integer

User who created object

6.1.96 UNASSIGNED_INCIDENTS_RPT_V

View references CASES and INCIDENTS tables to report on unassigned cases.

Name

Datatype

Comment

INC_ID

integer

Incident identifier

NAME

character varying(255)

Name

SEVERITY

integer

Severity

STT_ID

integer

identifier

SEVERITY_RATING

character varying(32)

Severity rating

VULNERABILITY_RATING

character varying(32)

Vulnerability rating

CRITICALITY_RATING

character varying(32)

Criticality rating

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

INC_DESC

character varying(4000)

Incident description

INC_CAT

character varying(255)

Incident category

INC_PRIORITY

integer

Incident priority

INC_RES

character varying(4000)

Incident registry

6.1.97 USERS_RPT_V

View references USERS table that lists all users of the application. The users will also be created as database users to accommodate timestamp with time zone 3rd party reporting tools.

Column Name

Datatype

Comment

USR_ID

integer

User identifier – Sequence number

NAME

character varying(64)

Short, unique user name used as a login

CNT_ID

integer

Contact ID – Sequence number

STT_ID

integer

State ID. Status is either active or inactive.

DESCRIPTION

character varying(512)

Comments

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

PERMISSIONS

character varying(4000)

Permissions currently assigned to the Sentinel RD user

FILTER

character varying(128)

Current security filter assigned to the Sentinel RD user

UPPER_NAME

character varying(64)

User name in upper case

DOMAIN_AUTH_IND

boolean

Domain authentication indication

6.1.98 USR_ACCOUNT_RPT_V

View contains user account information from an identity management system.

Column Name

Datatype

Comment

ACCOUNT_ID

bigint

Account identifier

USER_NAME

character varying(255)

User name

USER_DOMAIN

character varying(255)

User domain

CUST_ID

bigint

Customer identifier

BEGIN_EFFECTIVE_DATE

timestamp with time zone

Begin effective timestamp with time zone

END_EFFECTIVE_DATE

timestamp with time zone

End effective timestamp with time zone

CURRENT_F

boolean

Current flag

USER_STATUS

character varying(50)

User status

IDENTITY_GUID

uuid

Identity identifier

SOURCE_USER_ID

character varying(100)

User ID on source system

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.99 USR_IDENTITY_EXT_ATTR_RPT_V

View contains extended attributes information from an identity management system, including name value pairs in the ATTRIBUTE_NAME and ATTRIBUTE_VALUE columns.

Column Name

Datatype

Comment

IDENTITY_GUID

uuid

Identity identifier

ATTRIBUTE_NAME

character varying(255)

Attribute name

ATTRIBUTE_VALUE

character varying(1024)

Attribute value

6.1.100 USR_IDENTITY_RPT_V

View contains user identity information from an identity management system.

Column Name

Datatype

Comment

IDENTITY_GUID

uuid

Identity identifier

DN

character varying(255)

Distinguished name

CUST_ID

bigint

Customer identifier

SRC_IDENTITY_ID

character varying(100)

Source identity identifier

WFID

character varying(100)

Workforce identifier

FIRST_NAME

character varying(255)

First name

LAST_NAME

character varying(255)

Last name

FULL_NAME

character varying(255)

Full name

JOB_TITLE

character varying(255)

Job title

DEPARTMENT_NAME

character varying(100)

Department name

OFFICE_LOC_CD

character varying(100)

Office location code

PRIMARY_EMAIL

character varying(255)

Primary email address

PRIMARY_PHONE

character varying(100)

Primary phone number

VAULT_NAME

character varying(100)

Identity vault name

MGR_GUID

uuid

Manager identity identifier

PHOTO

text

Photo

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.101 VENDOR_RPT_V

View references VNDR table that stores information about asset product vendors.

Column Name

Datatype

Comment

VENDOR_ID

bigint

Vendor identifier

VENDOR_NAME

character varying(255)

Vendor name

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.102 VULN_CALC_SEVERITY_RPT_V

View references VULN_RSRC and VULN to calculate eSecurity vulnerability severity rating base on current vulnerabilities.

Column Name

Datatype

Comment

RSRC_ID

uuid

Resource identifier

IP

text

IP

HOST_NAME

text

Host name

CRITICALITY

integer

Asset criticality code

ASSIGNED_VULN_SEVERITY

integer

Assigned vulnerability severity

VULN_COUNT

bigint

Vulnerability Count

CALC_SEVERITY

numeric

Calculated severity

6.1.103 VULN_CODE_RPT_V

View references VULN_CODE table that stores industry assigned vulnerability codes such as Mitre’s CVEs and CANs.

Column Name

Datatype

Comment

VULN_CODE_ID

uuid

Vulnerability code identifier

VULN_ID

uuid

Vulnerability identifier

VULN_CODE_TYPE

character varying(64)

Vulnerability code type

VULN_CODE_VALUE

character varying(255)

Vulnerability code value

URL

character varying(512)

Web URL

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.104 VULN_INFO_RPT_V

View references VULN_INFO table that stores additional information reported during a scan.

Column Name

Datatype

Comment

VULN_INFO_ID

uuid

Vulnerability info identifier

VULN_ID

uuid

Vulnerability identifier

VULN_INFO_TYPE

character varying(36)

Vulnerability info type

VULN_INFO_VALUE

character varying(2000)

Vulnerability info value

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.105 VULN_RPT_V

View references VULN table that stores information of scanned system. Each scanner will have its own entry for each system.

Column Name

Datatype

Comment

VULN_ID

uuid

Vulnerability identifier

RSRC_ID

uuid

Resource identifier

PORT_NAME

character varying(64)

Port Name

PORT_NUMBER

integer

Port Number

NETWORK_PROTOCOL

integer

Network Protocol

APPLICATION_PROTOCOL

character varying(64)

Application Protocol

ASSIGNED_VULN_SEVERITY

integer

Assigned vulnerability severity

COMPUTED_VULN_SEVERITY

integer

Computed vulnerability severity

VULN_DESCRIPTION

text

Vulnerability description

VULN_SOLUTION

text

Vulnerability solution

VULN_SUMMARY

character varying(1000)

Vulnerability summary

BEGIN_EFFECTIVE_DATE

timestamp with time zone

Date from which the entry is valid

END_EFFECTIVE_DATE

timestamp with time zone

Date until which the entry is valid

DETECTED_OS

character varying(64)

Operating system of scanned machine

DETECTED_OS_VERSION

character varying(64)

Operating system version of scanned machine

SCANNED_APP

character varying(64)

Scanned application

SCANNED_APP_VERSION

character varying(64)

Scanned application version

VULN_USER_NAME

character varying(64)

Username used by scanner

VULN_USER_DOMAIN

character varying(64)

Domain of user used by scanned

VULN_TAXONOMY

character varying(1000)

Vulnerability taxonomy

SCANNER_CLASSIFICATION

character varying(255)

Scanner classification

VULN_NAME

character varying(300)

Vulnerability name

VULN_MODULE

character varying(64)

Vulnerability module

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.106 VULN_RSRC_RPT_V

View references VULN_RSRC table that stores each resource scanned for a particular scan.

Column Name

Datatype

Comment

RSRC_ID

uuid

Resource identifier

SCANNER_ID

uuid

Scanner identifier

IP

character varying(32)

IP Address

HOST_NAME

character varying(255)

Host name

LOCATION

character varying(128)

Location

DEPARTMENT

character varying(128)

Department

BUSINESS_SYSTEM

character varying(128)

Business System

OPERATIONAL_ENVIRONMENT

character varying(64)

Operational environment

CRITICALITY

integer

Criticality

REGULATION

character varying(128)

Regulation

REGULATION_RATING

character varying(64)

Regulation rating

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.107 VULN_RSRC_SCAN_RPT_V

View references VULN_RSRC_SCAN table that stores each resource scanned for a particular scan.

Column Name

Datatype

Comment

RSRC_ID

uuid

Resource identifier

SCAN_ID

uuid

Vulnerability scan identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.108 VULN_SCAN_RPT_V

View references table that stores information pertaining to scans.

Column Name

Datatype

Comment

SCAN_ID

uuid

Vulnerability scan identifier

SCANNER_ID

uuid

Vulnerability scanner identifier

SCAN_TYPE

character varying(10)

Vulnerability scan type

SCAN_START_DATE

timestamp with time zone

Scan start timestamp with time zone

SCAN_END_DATE

timestamp with time zone

Scan start timestamp with time zone

CONSOLIDATION_SERVER

character varying(64)

Consolidation server

LOAD_STATUS

character varying(64)

Load status

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.109 VULN_SCAN_VULN_RPT_V

View references VULN_SCAN_VULN table that stores vulnerabilities detected during scans.

Column Name

Datatype

Comment

SCAN_ID

uuid

Vulnerability scan identifier

VULN_ID

uuid

Vulnerability identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.110 VULN_SCANNER_RPT_V

View references VULN_SCANNER table that stores information about vulnerability scanners.

Column Name

Datatype

Comment

SCANNER_ID

uuid

Vulnerability scanner identifier

PRODUCT_NAME

character varying(100)

Product Name

PRODUCT_VERSION

character varying(64)

Product Version

SCANNER_TYPE

character varying(64)

Vulnerability Scanner Type

VENDOR

character varying(100)

Vendor

SCANNER_INSTANCE

character varying(64)

Scanner Instance

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.111 WORKFLOW_DEF_RPT_V

Column Name

Datatype

Comment

PKG_NAME

character varying(255)

Package name

PKG_DATA

text

Package data

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object

6.1.112 WORKFLOW_INFO_RPT_V

Column Name

Datatype

Comment

INFO_ID

bigint

Info identifier

PROCESS_DEF_ID

character varying(100)

Process definition identifier

PROCESS_INSTANCE_ID

character varying(150)

Process instance identifier

DATE_CREATED

timestamp with time zone

Date the entry was created

DATE_MODIFIED

timestamp with time zone

Date the entry was modified

CREATED_BY

integer

User who created object

MODIFIED_BY

integer

User who last modified object