SchemaSpy - Table SIEM.public.correlated

Associates a correlation event with the events that triggered the correlation event. This table is used to figure out what caused a correlation rule to fire.

Generated by
SchemaSpy

Legend:

Primary key columns

Columns with indexes

Excluded column relationships

< n > number of related tables

Column	Type	Size	Nulls	Default	Comments
parent_evt_id	uuid	2147483647			Reference to the parent event id
child_evt_id	uuid	2147483647			Id of the child event
parent_evt_time	timestamptz	35,6			Time of the parent event
child_evt_time	timestamptz	35,6			Time of the child event
date_created	timestamptz	35,6			Date the entry was created
date_modified	timestamptz	35,6			Date the entry was modified
created_by	int4	10	√	null	User who created object
modified_by	int4	10	√	null	User who last modified object
parent_part_id	int8	19			Partition id of parent event

Table contained 0 rows at Mon Mar 26 23:24 EDT 2012

Indexes:

Column(s)	Type	Sort	Constraint Name
parent_evt_time + parent_evt_id + child_evt_time + child_evt_id	Primary key	Asc/Asc/Asc/Asc	corr_events_p_max_pk
date_created + parent_evt_id + child_evt_id	Performance	Asc/Asc/Asc	corr_events_dc_pa_ch_idx
parent_part_id	Performance	Asc	corr_events_parent_part_id_idx