Sentinel DB Views

This page may be out of date and will be replaced during the Beta; please refer to the interactive schema page for more information.

From Developer Community

1 Sentinel Schema ER Diagrams
2 SQL Server Views
3 Oracle Views
- 3.1 Views
- 3.2 Deprecated Views
4 PostgreSQL Views
5 Lucene Views

Sentinel Schema ER Diagrams

Advisor

Aggregation Service

Asset

Content Management

Correlation

Events

Event Source Management

Event Summaries

Incidents

Policy Based Archiving

Sentinel Data Manager

Vulnerability

Workflow Activity

SQL Server Views

Oracle Views

This section lists the Sentinel™ schema views for Oracle*. The views provide information for developing your own reports (Crystal Reports*). Sentinel defines an event schema that is used to hold the parsed data received from event sources. For more information on the Sentinel Event schema, see Event schema.

Views

Listed below are the views available with Sentinel.

ACTVY_PARM_RPT_V

This view contains information about iTRAC™ activities.

Column Name	Datatype	Comment
ACTVY_PARM_ID	varchar2(36)	Activity parameter identifier
ACTVY_ID	varchar2(36)	Activity identifier
PARM_NAME	varchar2(255)	Activity Parameter name
PARM_TYP_CD	varchar2(1)	Activity parameter type code
DATA_TYP	varchar2(50)	Activity parameter data type
DATA_SUBTYP	varchar2(50)	Activity parameter data subtype
RQRD_F	number (1,0)	Required flag
PARM_DESC	varchar2(255)	Activity parameter description
PARM_VAL	varchar2(1000)	Activity parameter value
FORMATTER	varchar2(255)	Activity parameter formatter
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number (38,0)	User who created the object
MODIFIED_BY	number (38,0)	User who last modified the object

ACTVY_REF_PARM_VAL_RPT_V

This view contains information about iTRAC™ activities.

Column Name	Datatype	Comment
ACTVY_ID	varchar2(36)	Activity identifier
ACTVY_PARM_ID	varchar2(36)	Activity parameter identifier
CREATED_BY	number(38,0)	User who created the object
DATE_CREATED	Date	Date the entry was created
DATE_MODIFIED	Date	Date the entry was modified
MODIFIED_BY	number(38,0)	User who last modified the object
PARM_VAL	varchar2(1000)	Activity parameter value
SEQ_NUM	number(38,0)	Sequence number

ACTVY_REF_RPT_V

This view contains information about iTRAC activities.

Column Name	Datatype	Comment
ACTVY_ID	varchar2(36)	Activity identifier
SEQ_NUM	number(38,0)	Sequence number
REFD_ACTVY_ID	varchar2(36)	Referenced activity identifier
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

ACTVY_RPT_V

This view contains information about iTRAC activities.

Column Name	Datatype	Comment
ACTVY_ID	varchar2(36)	Activity identifier
ACTVY_NAME	varchar2(255)	Activity name
ACTVY_TYP_CD	varchar2(1)	Activity type code
ACCESS_LVL	varchar2(50)	Access level
EXEC_LOC	varchar2(50)	Execution location
ACTVY_DESC	varchar2(255)	Activity description
PROCESSOR	varchar2(255)	Processor
INPUT_FORMATTER	varchar2(255)	Input formatter
OUTPUT_FORMATTER	varchar2 (255)	Output formatter
APP_NAME	varchar2 (25)	Application name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number (38,0)	User who created object
MODIFIED_BY	number (38,0)	User who last modified object

ADV_NXS_FEED_V

This view contains information about the Advisor feed files that are processed on a regular schedule.

Column Name	Datatype	Comment
FILE_NAME	varchar (256)	The filename of the Advisor feed file.
HASH_VALUE	varchar (256)	The hash value of the Advisor feed file.
RECORDS_INSERTED	number (18,0)	The number of records inserted into the database.
RECORDS_UPDATED	number (18,0)	The number of records updated into the database.
PROCESSING_START_TIME	date	Time stamp indicating when the processing of the feed files started.
PROCESSING_END_TIME	date	Time stamp indicating when the processing of the feed files ended.
GENERATION	date	The unique ID to which each feed file belongs.
DATE_CREATED	date	Time stamp indicating when the feed file information was entered in the Sentinel database.
DATE_MODIFIED	date	Time stamp indicating when the feed file information was modified in the Sentinel database.
CREATED_BY	number	ID of the user who entered the feed file information in the Sentinel database.
MODIFIED_BY	number	ID of the user who modified the feed file information in the Sentinel database.

ADV_NXS_PRODUCTS_V

This view contains information about all the products that are supported by Novell® for Advisor, which include the Intrusion Detection System (IDS), Vulnerability Scanners, and Knowledge Base (OSVDB, CVE, and Bugtraq).

Column Name	Datatype	Comment
PRODUCT_ID	number	The unique ID of the product.
PRODUCT_NAME	varchar2 (256 char)	Name of the product. For example, Cisco* Secure IDS, Enterasys* Dragon* Network Sensor, or McAfee* IntruShield*.
INTERNAL_NAME	varchar2 (256 char)	Short name of the product that is used in generating the exploitdetection.csv file. This name is used by Collectors for exploit detection. For example, if the product name is Cisco Secure IDS, the internal name is Secure.
IS_ATTACK	number (1,0)	This value is 1 if the product is IDS. Otherwise, this value is 0.
IS_VULN	number (1,0)	This value is 1 if the product is Vulnerability Scanner. Otherwise, this value is 0.
IS_KB	number (1,0)	This value is 1 if the product is Knowledge Base. Otherwise, this value is 0.
IS_ACTIVE	number (1,0)	This value is 1 if the product is selected for exploit detection in the Advisor window of Sentinel Control Center. If the value is 0, attacks from this product are not populated in the exploitdetection.csv file.
IS_POPULATE_ATTACK_NAME	number (1, 0)	This value is 1 by default. If the value is 0, the attack name is not populated in the exploitDetection.csv file.
IS_POPULATE_ATTACK_CODE	number (1, 0)	This value is 1 by default. If the value is 0, the attack code is not populated in the exploitDetection.csv file.
DATE_CREATED	date	Time stamp indicating when the product information was entered in the Sentinel database.
DATE_MODIFIED	date	Time stamp indicating when the product information was modified in the Sentinel database.
CREATED_BY	number	ID of the user who entered the product information in the Sentinel database.
MODIFIED_BY	number	ID of the user who modified the product information in the Sentinel database.

ADV_NXS_SIGNATURES_V

This view contains the information about the list of signatures for each product that is supported by Novell for Advisor.

Column Name	Datatype	Comment
PRODUCT_ID	number	The unique ID of the product.
SIGNATURE_ID	number	The unique ID of the signature.
SIGNATURE_NAME	varchar2 (256 char)	Name of the signature.
PUBLISHED	date	Time stamp indicating when the signature was published for the product by the vendor.
INSERTED	date	Time stamp indicating when the signature information was entered in the vendor database.
UPDATED	date	Time stamp indicating when the signature information was updated in the vendor database.
DATE_CREATED	date	Time stamp indicating when the signature information was entered in the Sentinel database.
DATE_MODIFIED	date	Time stamp indicating when the signature information was modified in the Sentinel database.
CREATED_BY	number	ID of the user who entered the signature information in the Sentinel database.
MODIFIED_BY	number	ID of the user who modified the signature information in the Sentinel database.

ADV_NXS_MAPPINGS_V

This view contains the mapping information for the products supported by Novell for Advisor. It provides information about the type of mapping between each product including the IDS product signatures, Vulnerability product signatures, and Knowledge Base product signatures.

Column Name	Datatype	Comment
SOURCE_PRODUCT_ID	number	The unique ID of the source product.
SOURCE_SIGNATURE_ID	number	The unique ID of the source signature.
TARGET_PRODUCT_ID	number	The unique ID of the target product.
TARGET_SIGNATURE_ID	number	The unique ID of the target signature.
MAPPING_DIRECT	number (1, 0)	This value is 1 if the mapping is direct.
MAPPING_INDIRECT	number (1, 0)	This value is 1 if the mapping is indirect.
MAPPING_NGRAM	number (1, 0)	This value is 1 if the mapping is n-gram.
INSERTED	date	Time stamp indicating when the mapping information was entered in the vendor database.
UPDATED	date	Time stamp indicating when the mapping was updated in the vendor database.
IS_DELETED	number (1, 0)	This value is 1 if the mapping is marked as invalid.
DELETED	date	Time stamp indicating when the mapping was marked as invalid.
DATE_CREATED	date	Time stamp indicating when the mapping information was entered in the Sentinel database.
DATE_MODIFIED	date	Time stamp indicating when the mapping information was modified in the Sentinel database.
CREATED_BY	number	ID of the user who entered the mapping information in the Sentinel database.
MODIFIED_BY	number	ID of the user who modified the mapping information in the Sentinel database.

ADV_OSVDB_DETAILS_V

This view contains information about the known vulnerabilities from the OSVDB for the products supported by Novell for Advisor. It also stores the classifications to which the vulnerability applies.

Column Name	Datatype	Comment
OSVDB_ID	number	The unique ID of the vulnerability in the OSVDB.
OSVDB_TITLE	clob	The normalized name of the vulnerability.
DESCRIPTION	clob	A brief description of the vulnerability.
URGENCY	number	Indicates the urgency of the vulnerability. The rating is 1- 10. The higher the number, the more urgent the vulnerability.
SEVERITY	number	Indicates the severity of the vulnerability. The rating is 1- 10. The higher the number, the more urgent the vulnerability.
ATTACK_TYPE_AUTH_MANAGE	number (1, 0)	This value is 1 if the attack type is authentication management. For example, brute force attack, default password, and cookie poisoning.
ATTACK_TYPE_CRYPT	number (1, 0)	This value is 1 if the attack type is cryptographic. For example, weak encryption (implementation or algorithm), no encryption (plaintext), and sniffing.
ATTACK_TYPE_DOS	number (1, 0)	This value is 1 if the attack type is denial of service. For example, saturation flood, crash, lock up, and forced reboot.
ATTACK_TYPE_HIJACK	number (1, 0)	This value is 1 if the attack type is hijack. For example, man-in-the-middle attacks, IP spoofing, session timeout or take-over, and session replay.
ATTACK_TYPE_INFO_DISCLOSE	number (1, 0)	This value is 1 if the attack type is information disclosure. For example, comments, passwords, fingerprinting, and system information.
ATTACK_TYPE_INFRASTRUCT	number (1, 0)	This value is 1 if the attack type is infrastructure. For example, DNS poisoning and route manipulation.
ATTACK_TYPE_INPUT_MANIP	number (1, 0)	This value is 1 if the attack type is input manipulation. For example, XSS, SQL injection, file retrieval, directory traversal, overflows, and URL encoding.
ATTACK_TYPE_MISS_CONFIG	number (1, 0)	This value is 1 if the attack type is misconfiguration. For example, default files, debugging enabled, and directory indexing.
ATTACK_TYPE_RACE	number (1, 0)	This value is 1 if the attack type is race condition. For example, symlink.
ATTACK_TYPE_OTHER	number (1, 0)	This value is 1 if the attack type does not fall under any of the above attack types.
ATTACK_TYPE_UNKNOWN	number (1, 0)	This value is 1 if the attack type is unknown.
IMPACT_CONFIDENTIAL	number (1, 0)	This value is 1 if the impact of the attack(s) is loss of confidential information. For example, passwords, server information, environment variables, confirmation of file existence, path disclosure, file content access, and SQL injection.
IMPACT_INTEGRITY	number (1, 0)	This value is 1 if the impact of the attack(s) is loss of integrity, which results in data modifications by unauthorized persons. For example, unauthorized file modification, deletion, or creation, remote file inclusion, and arbitrary command execution.
IMPACT_AVAILABLE	number (1, 0)	This value is 1 if the impact of the attack is loss of availability of a service or information.
IMPACT_UNKNOWN	number (1, 0)	This value is 1 if the impact of the attack is unknown.
EXPLOIT_AVAILABLE	number (1, 0)	This value is 1 if an exploit is available for the vulnerability.
EXPLOIT_UNAVAILABLE	number (1, 0)	This value is 1 if an exploit is not available for the vulnerability.
EXPLOIT_RUMORED	number (1, 0)	This value is 1 if an exploit is rumored to exist for the vulnerability.
EXPLOIT_UNKNOWN	number (1, 0)	This value is 1 if an exploit is unknown for the vulnerability.
VULN_VERIFIED	number (1, 0)	This value is 1 if the existence of the vulnerability has been verified.
VULN_MYTH_FAKE	number (1, 0)	This value is 1 if the vulnerability is a myth or a false alarm.
VULN_BEST_PRAC	number (1, 0)	This value is 1 if the vulnerability is a result of not following the best practices in the configuration or usage of the vulnerable system or software.
VULN_CONCERN	number (1, 0)	This value is 1 if the vulnerability requires additional concern for remediation.
VULN_WEB_CHECK	number (1, 0)	This value is 1 if the vulnerability is a common problem in Web servers or Web applications.
ATTACK_SCENARIO	clob	Description of how a vulnerability can be exploited.
SOLUTION_DESCRIPTION	clob	Description of the solution that is used to fix the vulnerability.
FULL_DESCRIPTION	clob	The complete description of the vulnerability.
LOCATION_PHYSICAL	number (1, 0)	This value is 1 if the vulnerability can be exploited with only physical system access<literal/>.
LOCATION_LOCAL	number (1, 0)	This value is 1 if the vulnerability can be exploited on a local system.
LOCATION_REMOTE	number (1, 0)	This value is 1 if the vulnerability can be exploited on a remote system.
LOCATION_DIALUP	number (1, 0)	This value is 1 if the vulnerability can be exploited using a dial-up connection.
LOCATION_UNKNOWN	number (1, 0)	This value is 1 if the vulnerability is exploited in an unknown location.
PUBLISHED	date	Time stamp indicating when the vulnerability was published in the OSVDB.
INSERTED	date	Time stamp indicating when the vulnerability was inserted in the vendor database.
UPDATED	date	Time stamp indicating when the vulnerability was updated in the vendor database.
DATE_CREATED	date	Time stamp indicating when the vulnerability information was entered in the Sentinel database.
DATE_MODIFIED	date	Time stamp indicating when the vulnerability information was modified in the Sentinel database.
CREATED_BY	number	The ID of the user who entered the vulnerability information in the Sentinel database.
MODIFIED_BY	number	The ID of the user who modified the vulnerability information in the Sentinel database.

ADV_NXS_KB_PATCH_V

This view contains information about the patches that are required to remove the vulnerabilities.

Column Name	Datatype	Comment
ID	number	The unique ID for the row.
OSVDB_ID	number	The ID of the vulnerability in the OSVDB.
TYPE_NAME	varchar2 (128 char)	The type of the patch used to remove the vulnerability.
TYPE_ID	number	The unique ID of the patch.
REF_VALUE	clob	The URL that has the patch information.
DATE_CREATED	date	Time stamp indicating when the patch information was entered in the Sentinel database.
DATE_MODIFIED	date	Time stamp indicating when the patch information was modified in the Sentinel database.
CREATED_BY	number	The ID of the user who entered the patch information in the Sentinel database.
MODIFIED_BY	number	The ID of the user who modified the patch information in the Sentinel database.

ADV_NXS_KB_PRODUCTSREF_V

This view contains the information about the products that are affected by the vulnerability.

Column Name	Datatype	Comment
ID	number	The unique ID for the row.
OSVDB_ID	number	The ID of the vulnerability in the OSVDB.
VENDOR_NAME	varchar2 (128 char)	Name of the vendor of the product that is affected by the vulnerability.
VERSION_NAME	varchar2 (128 char)	Version of the product that is affected by the vulnerability.
BASE_NAME	varchar2 (128 char)	Name of the product that is affected by the vulnerability.
TYPE_NAME	varchar2 (128 char)	Indicates whether the product is affected by the vulnerability or not.
DATE_CREATED	date	Time stamp indicating when the product information was entered in the Sentinel database.
DATE_MODIFIED	date	Time stamp indicating when the product information was modified in the Sentinel database.
CREATED_BY	number	The ID of the user who entered the product information in the Sentinel database.
MODIFIED_BY	number	The ID of the user who modified the product information in the Sentinel database.

ASSET_CATEGORY_RPT_V

This iew references ASSET_CTGRY table that stores information about asset categories

Column Name	Datatype	Comment
ASSET_CATEGORY_ID	number(38)	Asset category identifier
ASSET_CATEGORY_NAME	varchar2(100)	Asset category name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ASSET_HOSTNAME_RPT_V

This view references ASSET_HOSTNAME table that stores information about alternate host names for assets.

Column Name	Datatype	Comment
ASSET_HOSTNAME_ID	varchar2(36)	Asset alternate hostname identifier
PHYSICAL_ASSET_ID	varchar2(36)	Physical asset identifier
HOST_NAME	varchar2(255)	Host name
CUST_ID	number(38)	Customer identifier
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ASSET_IP_RPT_V

This view references ASSET_IP table that stores information about alternate IP addresses for assets.

Column Name	Datatype	Comment
ASSET_IP_ID	varchar2(36)	Asset alternate IP identifier
PHYSICAL_ASSET_ID	varchar2(36)	Physical asset identifier
IP_ADDRESS	number(38)	Asset IP address
CUST_ID	number(38)	Customer identifier
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ASSET_LOCATION_RPT_V

This view references ASSET_LOC table that stores information about asset locations.

Column Name	Datatype	Comment
LOCATION_ID	number(38)	Location identifier
CUST_ID	number(38)	Customer identifier
BUILDING_NAME	varchar2(255)	Building name
ADDRESS_LINE_1	varchar2(255)	Address line 1
ADDRESS_LINE_2	varchar2(255)	Address line 2
CITY	varchar2(100)	City
STATE	varchar2(100)	State
COUNTRY	varchar2(100)	Country
ZIP_CODE	varchar2(50)	Zip code
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ASSET_RPT_V

This view references ASSET table that stores information about the physical and soft assets.

Column Name	Datatype	Comment
ASSET_ID	varchar2(36)	Asset identifier
CUST_ID	number(38)	Customer identifier
ASSET_NAME	varchar2(255)	Asset name
PHYSICAL_ASSET_ID	varchar2(36)	Physical asset identifier
PRODUCT_ID	number(38)	Product identifier
ASSET_CATEGORY_ID	number(38)	Asset category identifier
ENVIRONMENT_IDENTITY_ID	number(38)	Environment identify code
PHYSICAL_ASSET_IND	number(1)	Physical asset indicator
ASSET_VALUE_ID	number(38)	Asset value code
CRITICALITY_ID	number(38)	Asset criticality code
SENSITIVITY_ID	number(38)	Asset sensitivity code
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ASSET_VALUE_RPT_V

This view references ASSET_VAL_LKUP table that stores information about the asset value.

Column Name	Datatype	Comment
ASSET_VALUE_ID	number(38)	Asset value code
ASSET_VALUE_NAME	varchar2(50)	Asset value name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ASSET_X_ENTITY_X_ROLE_RPT_V

This view references ASSET_X_ENTITY_X_ROLE table that associates a person or an organization to an asset.

Column Name	Datatype	Comment
PERSON_ID	varchar2(36)	Person identifier
ORGANIZATION_ID	varchar2(36)	Organization identifier
ROLE_CODE	varchar2(5)	Role code
ASSET_ID	varchar2(36)	Asset identifier
ENTITY_TYPE_CODE	varchar2(5)	Entity type code
PERSON_ROLE_SEQUENCE	number(38)	Order of persons under a particular role
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ASSOCIATIONS_RPT_V

This view references ASSOCIATIONS table that associates users to incidents, incidents to annotations and so on.

Column Name	Datatype	Comment
TABLE1	varchar2(64)	Table name 1. For example, incidents
ID1	varchar2(36)	ID1. For example, incident ID.
TABLE2	varchar2(64)	Table name 2. For example, users.
ID2	varchar2(36)	ID2. For example, user ID.
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object

ATTACHMENTS_RPT_V

This view references ATTACHMENTS table that stores attachment data.

Column Name	Datatype	Comment
ATTACHMENT_ID	number	Attachment identifier
NAME	varchar2(255)	Attachment name
SOURCE_REFERENCE	varchar2(64)	Source reference
TYPE	varchar2(32)	Attachment type
SUB_TYPE	varchar2(32)	Attachment subtype
FILE_EXTENSION	varchar2(32)	File extension
ATTACHMENT_DESCRIPTION	varchar2(255)	Attachment description
DATA	clob	Attachment data
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object

AUDIT_RECORD_RPT_V

This view references AUDIT_RECORD table that stores Sentinel internal audit data.

Column Name	Datatype	Comment
AUDIT_ID	varchar2(36)	Audit record identifier
AUDIT_TYPE	varchar2(255)	Audit type
SRC	varchar2(255)	Audit source
SENDER_HOSTNAME	varchar2(255)	Sender hostname
SENDER_HOST_IP	varchar2(255)	Sender host IP
SENDER_CONTAINER	varchar2(255)	Sender container name
SENDER_ID	varchar2(255)	Sender Identifier
CLIENT	varchar2(255)	Client application that requested audit
EVT_NAME	varchar2(255)	Event name
RES	varchar2(255)	Event resource
SRES	varchar2(255)	Event sub-resource
MSG	varchar2(500)	Event message
CREATED_BY	number(0)	User who created object
MODIFIED_BY	number(0)	User who last modified object
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified

CONFIGS_RPT_V

This view references CONFIGS table that stores general configuration information of the application.

Column Name	Datatype	Comment
USR_ID	varchar2(32)	User name.
APPLICATION	varchar2(255)	Application identifier
UNIT	varchar2(64)	Application unit
VALUE	varchar2(255)	Text value if any
DATA	clob	XML data
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object

CONTACTS_RPT_V

This view references CONTACTS table that stores contact information.

Column Name	Datatype	Comment
CNT_ID	number	Contact ID - Sequence number
FIRST_NAME	varchar2(20)	Contact first name.
LAST_NAME	varchar2(30)	Contact last name.
TITLE	varchar2(128)	Contact title
DEPARTMENT	varchar2(128)	Department
PHONE	varchar2(64)	Contact phone
EMAIL	varchar2(255)	Contact e-mail
PAGER	varchar2(64)	Contact pager
CELL	varchar2(64)	Contact cell phone
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object

CORRELATED_EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New reports should use CORRELATED_EVENTS_RPT_V1.

CORRELATED_EVENTS_RPT_V1

This vew contains current and historical correlated events (correlated events imported from archives).

Column Name	Datatype	Comment
PARENT_EVT_ID	varchar2(36)	Event Universal Unique Identifier (UUID) of parent event
CHILD_EVT_ID	varchar2(36)	Event Universal Unique Identifier (UUID) of child event
PARENT_EVT_TIME	date	Parent event time
CHILD_EVT_TIME	date	Child event time
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

CRITICALITY_RPT_V

This view references CRIT_LKUP table that contains information about asset criticality.

Column Name	Datatype	Comment
CRITICALITY_ID	number(38)	Asset criticality code
CRITICALITY_NAME	varchar2(50)	Asset criticality name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

CUST_HIERARCHY_V

This view references CUST_HIERARCHY table that stores information about MSSP customer hierarchy.

Column Name	Datatype	Comment
CUST_HIERARCHY_ID	number(38)	Customer hierarchy ID
CUST_NAME	varchar2(255)	Customer
CUST_HIERARCHY_LVL1	varchar2(255)	Customer hierarchy level 1
CUST_HIERARCHY_LVL2	varchar2(255)	Customer hierarchy level 2
CUST_HIERARCHY_LVL3	varchar2(255)	Customer hierarchy level 3
CUST_HIERARCHY_LVL4	varchar2(255)	Customer hierarchy level 4
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object

CUST_RPT_V

This view references CUST table that stores customer information for MSSPs.

Column Name	Datatype	Comment
CUST_ID	number(38)	Customer identifier
CUSTOMER_NAME	varchar2(255)	Customer name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ENTITY_TYPE_RPT_V

This view references ENTITY_TYP table that stores information about entity types (person, organization).

Column Name	Datatype	Comment
ENTITY_TYPE_CODE	varchar2(5)	Entity type code
ENTITY_TYPE_NAME	varchar2(50)	Entity type name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ENV_IDENTITY_RPT_V

This view references ENV_IDENTITY_LKUP table that stores information about asset environment identity.

Column Name	Datatype	Comment
ENVIRONMENT_IDENTITY_ID	number(38)	Environment identity code
ENV_IDENTITY_NAME	varchar2(255)	Environment identity name
DATE_CREATED	Date	Date the entry was created
DATE_MODIFIED	Date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

ESEC_CONTENT_GRP_CONTENT_RPT_V

This view contains information about Solution Packs.

Column Name	Datatype	Comment
CONTENT_GRP_ID	varchar2(36)	Content group identifier
CONTENT_ID	varchar2(255)	Content identifier
CONTENT_TYP	varchar2(100)	Content type
CONTENT_HASH	varchar2(255)	Content hash
DATE_CREATED	Date	Date the entry was created
DATE_MODIFIED	Date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

ESEC_CONTENT_GRP_RPT_V

This view contains information about Solution Packs.

Column Name	Datatype	Comment
CONTENT_GRP_ID	varchar2(36)	Content group identifier
CONTENT_GRP_NAME	varchar2(255)	Content group name
CONTENT_GRP_DESC	Clob	Content group description
CTRL_ID	varchar2(36)	Control identifier
CONTENT_EXTERNAL_ID	varchar2(255)	Content external identifier
DATE_CREATED	Date	Date the entry was created
DATE_MODIFIED	Date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

ESEC_CONTENT_PACK_RPT_V

This view contains information about Solution Packs.

Column Name	Datatype	Comment
CONTENT_PACK_ID	varchar2(36)	Content pack identifier
CONTENT_PACK_DESC	Clob	Content pack description
CONTENT_PACK_NAME	varchar2(255)	Content pack name
CONTENT_EXTERNAL_ID	varchar2(255)	Content external identifier
DATE_MODIFIED	Date	Date the entry was modified
DATE_CREATED	Date	Date the entry was created
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

ESEC_CONTENT_RPT_V

This view contains information about Solution Packs.

Column Name	Datatype	Comment
CONTENT_PACK_ID	varchar2(36)	Content pack identifier
CONTENT_ID	varchar2(255)	Content identifier
CONTENT_NAME	varchar2(255)	Content name
CONTENT_STATE	number(38,0)	Content state
CONTENT_TYP	varchar2(100)	Content type
CONTENT_DESC	Clob	Content description
CONTENT_CONTEXT	Clob	Content context
CONTENT_HASH	varchar2(255)	Content hash
DATE_CREATED	Date	Date the entry was created
DATE_MODIFIED	Date	Date the entry was modified
MODIFIED_BY	number(38,0)	User who last modified object
CREATED_BY	number(38,0)	User who created object

ESEC_CTRL_CTGRY_RPT_V

This view contains information about Solution Packs.

Column Name	Datatype	Comment
CTRL_CTGRY_ID	varchar2(36)	Control category identifier
CTRL_CTGRY_DESC	Clob	Control category description
CTRL_CTGRY_NAME	varchar2(255)	Control category name
CONTENT_PACK_ID	varchar2(36)	Content pack identifier
CONTENT_EXTERNAL_ID	varchar2(255)	Content external identifier
DATE_CREATED	Date	Date the entry was created
DATE_MODIFIED	Date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

ESEC_CTRL_RPT_V

This view contains information about Solution Packs.

Column Name	Datatype	Comment
CTRL_ID	varchar2(36)	Control identifier
CTRL_NAME	varchar2(255)	Control name
CTRL_DESC	clob	Control description
CTRL_STATE	number(38,0)	Control state
CTRL_NOTES	clob	Control notes
CTRL_CTGRY_ID	varchar2(36)	Control category identifier
CONTENT_EXTERNAL_ID	varchar2(255)	Content external identifier
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

ESEC_DISPLAY_RPT_V

This view references ESEC_DISPLAY table that stores displayable properties of objects. Currently used in renaming meta-tags. Used with Event Configuration (Business Relevance).

Column Name	Datatype	Comment
DISPLAY_OBJECT	varchar2(32)	The parent object of the property
TAG	varchar2(32)	The native tag name of the property
LABEL	varchar2(32)	The display string of tag.
POSITION	number	Position of tag within display.
WIDTH	number	The column width
ALIGNMENT	number	The horizontal alignment
FORMAT	number	The enumerated formatter for displaying the property
ENABLED	varchar2(1)	Indicates if the tag is shown.
TYPE	number	Indicates datatype of tag. 1 = string 2 = ulong 3 = date 4 = uuid 5 = ipv4
DESCRIPTION	varchar2(255)	Textual description of the tag
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object
REF_CONFIG	varchar2(4000)	Referential data configuration

ESEC_PORT_REFERENCE_RPT_V

This view references ESEC_PORT_REFERENCE table that stores industry standard assigned port numbers.

Column Name	Datatype	Comment
PORT_NUMBER	number	Per http://www.iana.org/assignments/port-numbers, the numerical representation of the port. This port number is typically associated with the Transport Protocol level in the TCP/IP stack.
PROTOCOL_NUMBER	number	Per http://www.iana.org/assignments/protocol-numbers, the numerical identifiers used to represent protocols that are encapsulated in an IP packet.
PORT_KEYWORD	varchar2(64)	Per http://www.iana.org/assignments/port-numbers, the keyword representation of the port.
PORT_DESCRIPTION	varchar2(512)	Port description.
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object

ESEC_PROTOCOL_REFERENCE_RPT_V

This view references ESEC_PROTOCOL_REFERENCE table that stores industry standard assigned protocol numbers.

Column Name	Datatype	Comment
PROTOCOL_NUMBER	number	Per http://www.iana.org/assignments/protocol-numbers, the numerical identifiers used to represent protocols that are encapsulated in an IP packet.
PROTOCOL_KEYWORD	varchar2(64)	Per http://www.iana.org/assignments/protocol-numbers, the keyword used to represent protocols that are encapsulated in an IP packet.
PROTOCOL_DESCRIPTION	varchar2(512)	IP packet protocol description.
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object

ESEC_SEQUENCE_RPT_V

This view references ESEC_SEQUENCE table that’s used to generate primary key sequence numbers for Sentinel tables.

Column Name	Datatype	Comment
TABLE_NAME	varchar2(32)	Name of the table.
COLUMN_NAME	varchar2(255)	Name of the column
SEED	number	Current value of primary key field.
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number	User who created object
MODIFIED_BY	number	User who last modified object

ESEC_UUID_UUID_ASSOC_RPT_V

This view contains information about object relationships. Used internally by Sentinel and not for reporting purposes.

Column Name	Datatype	Comment
OBJECT1	varchar2(64)	Object 1
ID1	varchar2(36)	UUID for object 1
OBJECT2	varchar2(64)	Object 2
ID2	varchar2(36)	UUID for object 2
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

EVENTS_ALL_RPT_V (legacy view)

This view is provided for backward compatibility. View contains current and historical events (events imported from archives).

EVENTS_ALL_RPT_V1 (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current events.

EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current and historical events.

EVENTS_RPT_V1 (legacy view)

This view is provided for backward compatibility. New reports should use EVENT_ALL_RPT_V. View contains current events.

EVENTS_RPT_V2

This is the primary reporting view for Sentinel 6.0. This view contains current event and historical events. It is included for legacy reports but has been replaced in Sentinel 6.1 with EVENTS_RPT_V3.

Column Name	Datatype	Comment
EVENT_ID	varchar2(36)	Event identifier
RESOURCE_NAME	varchar2(255)	Resource name
SUB_RESOURCE	varchar2(255)	Subresource name
SEVERITY	integer	Event severity
EVENT_PARSE_TIME	date	Event time
EVENT_DATETIME	date	Event time
EVENT_DEVICE_TIME	date	Event device time
SENTINEL_PROCESS_TIME	date	Sentinel process time
BEGIN_TIME	date	Events begin time
END_TIME	date	Events end time
REPEAT_COUNT	integer	Events repeat count
DESTINATION_PORT_INT	integer	Destination port (integer)
SOURCE_PORT_INT	integer	Source port (integer)
BASE_MESSAGE	varchar2(4000)	Base message
EVENT_NAME	varchar2(255)	Name of the event as reported by the sensor
EVENT_TIME	varchar2(255)	Event time as reported by the sensor
CUST_ID	integer	Customer identifier
SOURCE_ASSET_ID	integer	Source asset identifier
DESTINATION_ASSET_ID	integer	Destination asset identifier
AGENT_ID	integer	Collector identifier
PROTOCOL_ID	integer	Protocol identifier
ARCHIVE_ID	integer	Archive identifier
SOURCE_IP	integer	Source IP address in numeric format
SOURCE_IP_DOTTED	varchar2(16)	Source IP in dotted format
SOURCE_HOST_NAME	varchar2(255)	Source host name
SOURCE_PORT	varchar2(32)	Source port
DESTINATION_IP	integer	Destination IP address in numeric format
DESTINATION_IP_DOTTED	varchar2(16)	Destination in dotted format
DESTINATION_HOST_NAME	varchar2(255)	Destination host name
DESTINATION_PORT	varchar2(32)	Destination port
SOURCE_USER_NAME	varchar2(255)	Source user name
DESTINATION_USER_NAME	varchar2(255)	Destination user name
FILE_NAME	varchar2(1000)	File name
EXTENDED_INFO	varchar2(1000)	Extended information
CUSTOM_TAG_1	varchar2(255)	Customer Tag 1
CUSTOM_TAG 2	varchar2(255)	Customer Tag 2
CUSTOM_TAG 3	integer	Customer Tag 3
RESERVED_TAG_1	varchar2(255)	Reserved Tag 1 Reserved for future use by Novell. This field is used for Advisor information concerning attack descriptions.
RESERVED_TAG_2	varchar2(255)	Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
RESERVED_TAG_3	integer	Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
VULNERABILITY_RATING	integer	Vulnerability rating
CRITICALITY_RATING	integer	Criticality rating
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	integer	User who created object
MODIFIED_BY	integer	User who last modified object
RV01 - 10	integer	Reserved Value 1 - 10 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV11 - 20	date	Reserved Value 1 - 31 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV21 - 25	varchar2(36)	Reserved Value 21 - 25 Reserved for future use by Novell to store UUIDs. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV26 - 31	varchar2(255)	Reserved Value 26 - 31 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV33	varchar2(255)	Reserved Value 33 Reserved for EventContex Use of this field for any other purpose might result in data being overwritten by future functionality.
RV34	varchar2(255)	Reserved Value 34 Reserved for SourceThreatLevel Use of this field for any other purpose might result in data being overwritten by future functionality.
RV35	varchar2(255)	Reserved Value 35 Reserved for SourceUserContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV36	varchar2(255)	Reserved Value 36 Reserved for DataContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV37	varchar2(255)	Reserved Value 37 Reserved for SourceFunction. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV38	varchar2(255)	Reserved Value 38 Reserved for SourceOperationalContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV40 - 43	varchar2(255)	Reserved Value 40 - 43 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV44	varchar2(255)	Reserved Value 44 Reserved for DestinationThreatLevel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV45	varchar2(255)	Reserved Value 45 Reserved for DestinationUserContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV46	varchar2(255)	Reserved Value 46 Reserved for VirusStatus. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV47	varchar2(255)	Reserved Value 47 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV48	varchar2(255)	Reserved Value 48 Reserved for DestinationOperationalContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV49	varchar2(255)	Reserved Value 49 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
TAXONOMY_ID	integer
REFERENCE_ID_01 - 20	integer	Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality.
CV01 - 10	integer	Custom Value 1 - 10 Reserved for use by Customer, typically for association of Business relevant data
CV11 - 20	date	Custom Value 11 - 20 Reserved for use by Customer, typically for association of Business relevant data
CV21 - 29	varchar2(255)	Custom Value 21 – 100 Reserved for use by Customer, typically for association of Business relevant data
CV30 - 34	varchar2(4000)
CV35 – 100	varchar2(255)

EVENTS_RPT_V3

This is the primary reporting view for Sentinel 6.1. This view contains current event and historical events. It is included for legacy reports.

Column Name	Datatype	Comment
EVENT_ID	varchar2(36)	Event identifier
RESOURCE_NAME	varchar2(255)
SUB_RESOURCE	varchar2(255)	Subresource name
SEVERITY	number(38,0)	Event severity
EVENT_PARSE_TIME	date	Event time
EVENT_DATETIME	date
EVENT_DEVICE_TIME	date	Event device time
SENTINEL_PROCESS_TIME	date	Sentinel process time
BEGIN_TIME	date	Events begin time
END_TIME	date	Events end time
REPEAT_COUNT	number(38,0)
TARGET_SERVICE_PORT	number(38,0)	Target service port
INIT_SERVICE_PORT	number(38,0)
BASE_MESSAGE	varchar2(4000)
EVENT_NAME	varchar2(255)
EVENT_TIME	varchar2(255)	Event time
CUST_ID	number(38,0)
INIT_ASSET_ID	number(38,0)	Initiator asset identifier
TARGET_ASSET_ID	number(38,0)	Target asset identifier
AGENT_ID	number(38,0)
PROTOCOL_ID	number(38,0)
ARCHIVE_ID	number(38,0)
INIT_IP	number(38,0)
INIT_IP_DOTTED	varchar2(4000)
INIT_HOST_NAME	varchar2(255)
INIT_SERVICE_PORT_NAME	varchar2(32)
TARGET_IP	number(38,0)
TARGET_IP_DOTTED	varchar2(4000)
TARGET_HOST_NAME	varchar2(255)
TARGET_SERVICE_PORT_NAME	varchar2(32)
INIT_USER_NAME	varchar2(255)	The initiating user's account name (SourceUsername).
TARGET_USER_NAME	varchar2(255)
FILE_NAME	varchar2(1000)
EXTENDED_INFO	varchar2(1000)
CUSTOM_TAG_1	varchar2(255)	Customer Tag 1
CUSTOM_TAG_2	varchar2(255)	Customer Tag 2
CUSTOM_TAG_3	number(38,0)	Customer Tag 3
RESERVED_TAG_1	varchar2(255)
RESERVED_TAG_2	varchar2(255)
RESERVED_TAG_3	number(38,0)
VULNERABILITY_RATING	number(38,0)
CRITICALITY_RATING	number(38,0)
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object
RV01	number(38,0)
EVENT_METRIC	number(38,0)	Event metric
DATA_TAG_ID	number(38,0)	Data tag ID
RV04-RV10	number(38,0)
RV11-RV20	date
RV21- RV28	varchar2(255)
INIT_IP_COUNTRY	varchar2(255)
TARGET_IP_COUNTRY	varchar2(255)
RV31	varchar2(255)
RV33	varchar2(255)
INIT_THREAT_LEVEL	varchar2(255)	Initiator threat level
INIT_USER_DOMAIN	varchar2(255)	The domain (namespace) in which the initiating account exists.
RV36	varchar2(255)
INIT_FUNCTION	varchar2(255)	Initiator function
INIT_OPERATIONAL_CONTEXT	varchar2(255)	Initiator operational context
RV40	varchar2(255)
TARGET_HOST_DOMAIN	varchar2(255)	Target host domain
INIT_HOST_DOMAIN	varchar2(255)
RV43	varchar2(255)
TARGET_THREAT_LEVEL	varchar2(255)	Target threat level
TARGET_USER_DOMAIN	varchar2(255)	Target user domain
RV46	varchar2(255)
TARGET_FUNCTION	varchar2(255)	Target function
TARGET_OPERATIONAL_CONEXT	varchar2(255)	Target operational context
RV49	varchar2(255)
TAXONOMY_ID	number(38,0)	Taxonomy identifier
REFERENCE_ID_01-REFERENCE_ID_20	number(38,0)
CV01-CV10	number(38,0)
CV11-CV20	date
CV21- CV29	varchar2(255)
CV30- CV34	varchar2(4000)
CV35- CV100	varchar2(255)
INIT_USER_ID	varchar2(255)	The initiating account's source-specific identifier as determined by the Collector based on raw device data.
INIT_USER_IDENTITY	varchar2(36)	The internal UUID of the identity associated with the initiating account.
TARGET_USER_ID	varchar2(255)	Target user ID
TARGET_USER_IDENTITY	varchar2(36)	Target user identity
EFFECTIVE_USER_NAME	varchar2(255)	Effective user name
EFFECTIVE_USER_ID	varchar2(255)	Effective user ID
EFFECTIVE_USER_DOMAIN	varchar2(255)	Effective user domain
TARGET_TRUST_NAME	varchar2(255)	Target trust name
TARGET_TRUST_ID	varchar2(255)	Target trust ID
TARGET_TRUST_DOMAIN	varchar2(255)	Target trust domain
OBSERVER_IP	number(38,0)	Observer IP address in numeric format
REPORTER_IP	number(38,0)	Reporter IP address in numeric format
OBSERVER_HOST_DOMAIN	varchar2(255)	Observer host domain
REPORTER_HOST_DOMAIN	varchar2(255)	Reporter host domain
OBSERVER_ASSET_ID	varchar2(255)	Observer asset identifier
REPORTER_ASSET_ID	varchar2(255)	Reporter asset identifier
INIT_SERVICE_COMP	varchar2(255)	Initiator service component
TARGET_SERVICE_COMP	varchar2(255)	Target service component
EVENT_GROUP_ID	varchar2(255)
CUSTOMER_VAR_101-CUSTOMER_VAR_110	number(38,0)
CUSTOMER_VAR_111-CUSTOMER_VAR_120	date
CUSTOMER_VAR_121-CUSTOMER_VAR_130	varchar2(36)
CUSTOMER_VAR_131-CUSTOMER_VAR_140	number(38,0)
CUSTOMER_VAR_141-CUSTOMER_VAR_150	varchar2(255)

EVT_AGENT_RPT_V

View references EVT_AGENT table that stores information about Collectors.

Column Name	Datatype	Comment
AGENT_ID	number(38)	Collector identifier
CUST_ID	number(38)
AGENT	varchar2(64)	Collector name
PORT	varchar2(64)	Collector port
REPORT_NAME	varchar2(255)	Reporter name
PRODUCT_NAME	varchar2(255)	Product name
SENSOR_NAME	varchar2(255)	Sensor name
SENSOR_TYPE	varchar2(5)	Sensor type: H - host-based N - network-based V - virus O – other
DEVICE_CATEGORY	varchar2(255)	Device category
SOURCE_UUID	varchar2(36)	Source component Universal Unique Identifier (UUID)
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

EVT_AGENT_RPT_V3

View references EVT_AGENT table that stores information about Collectors. The column names in this view reflects the name change of Sensor to Observer. This view is designed for use in Sentinel 6.1.

Column Name	Datatype	Comment
AGENT_ID	number(38,0)	Collector identifier
CUST_ID	number(38,0)	Customer identifier
AGENT	varchar2(64)	Collector
PORT	varchar2(64)	Port
REPORTER_HOST_NAME	varchar2(255)	Reporter host name
PRODUCT_NAME	varchar2(255)
OBSERVER_HOST_NAME	varchar2(255)
SENSOR_TYPE	varchar2(5)	Sensor type: H - host-based N - network-based V - virus O - other
DEVICE_CATEGORY	varchar2(255)	Device category
SOURCE_UUID	varchar2(36)	Source component Universal Unique Identifier (UUID)
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

EVT_ASSET_RPT_V

View references EVT_ASSET table that stores asset information.

Column Name	Datatype	Comment
EVENT_ASSET_ID	number(38)	Event asset identifier
CUST_ID	number(38)	Customer identifier
ASSET_NAME	varchar2(255)	Asset name
PHYSICAL_ASSET_NAME	varchar2(255)	Physical asset name
REFERENCE_ASSET_ID	varchar2(100)	Reference asset identifier, links to source asset management system.
MAC_ADDRESS	varchar2(100)	MAC address
RACK_NUMBER	varchar2(50)	Rack number
ROOM_NAME	varchar2(100)	Room name
BUILDING_NAME	varchar2(255)	Building name
CITY	varchar2(100)	City
STATE	varchar2(100)	State
COUNTRY	varchar2(100)	Country
ZIP_CODE	varchar2(50)	Zip code
ASSET_CATEGORY_NAME	varchar2(100)	Asset category name
NETWORK_IDENTITY_NAME	varchar2(255)	Asset network identity name
ENVIRONMENT_IDENTITY_NAME	varchar2(255)	Environment name
ASSET_VALUE_NAME	varchar2(50)	Asset value name
CRITICALITY_NAME	varchar2(50)	Asset criticality name
SENSITIVITY_NAME	varchar2(50)	Asset sensitivity name
CONTACT_NAME_1	varchar2(255)	Name of contact person/organization 1
CONTACT_NAME_2	varchar2(255)	Name of contact person/organization 2
ORGANIZATION_NAME_1	varchar2(100)	Asset owner organization level 1
ORGANIZATION_NAME_2	varchar2(100)	Asset owner organization level 2
ORGANIZATION_NAME_3	varchar2(100)	Asset owner organization level 3
ORGANIZATION_NAME_4	varchar2(100)	Asset owner organization level 4
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

EVT_ASSET_RPT_V3

View references EVT_ASSET table that stores asset information. This view is designed for Sentinel 6.1.

Column Name	Datatype	Comment
ASSET_CRITICALITY	varchar2(50)
ASSET_CLASS	varchar2(100)
ASSET_FUNCTION	varchar2(255)
ASSET_DEPARTMENT	varchar2(100)	Asset department
DATE_CREATED	Date	Date the entry was created
DATE_MODIFIED	Date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

EVT_DEST_EVT_NAME_SMRY_1_RPT_V

View summarizes event count by destination, taxonomy, event name, severity and event time.

Column Name	Datatype	Comment
DESTINATION_IP	number(38)	Destination IP address
DESTINATION_EVENT_ASSET_ID	number(38)	Event asset identifier
TAXONOMY_ID	number(38)	Taxonomy identifier
EVENT_NAME_ID	number(38)	Event name identifier
SEVERITY	number(38)	Event severity
CUST_ID	number(38)	Customer identifier
EVENT_TIME	date	Event time
EVENT_COUNT	number(38)	Event count
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object
DESTINATION_HOST_NAME	varchar2(255)

EVT_DEST_SMRY_1_RPT_V

View contains event destination summary information.

Column Name	Datatype	Comment
DESTINATION_IP	number(38)	Destination IP address
DESTINATION_EVENT_ASSET_ID	number(38)	Event asset identifier
DESTINATION_PORT	varchar2(32)	Destination port
DESTINATION_USER_ID	number(38)	Destination user identifier
TAXONOMY_ID	number(38)	Taxonomy identifier
EVENT_NAME_ID	number(38)	Event name identifier
RESOURCE_ID	number(38)	Resource identifier
AGENT_ID	number(38)	Collector identifier
PROTOCOL_ID	number(38)	Protocol identifier
SEVERITY	number(38)	Event severity
CUST_ID	number(38)	Customer identifier
EVENT_TIME	date	Event time
EVENT_COUNT	number(38)	Event count
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object
DESTINATION_HOST_NAME	varchar2(255)

EVT_DEST_TXNMY_SMRY_1_RPT_V

View summarizes event count by destination, taxonomy, severity and event time.

Column Name	Datatype	Comment
DESTINATION_IP	number(38)	Destination IP address
DESTINATION_EVENT_ASSET_ID	number(38)	Event asset identifier
TAXONOMY_ID	number(38)	Taxonomy identifier
SEVERITY	number(38)	Event severity
CUST_ID	number(38)	Customer identifier
EVENT_TIME	date	Event time
EVENT_COUNT	number(38)	Event count
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object
DESTINATION_HOST_NAME	varchar2(255)

EVT_NAME_RPT_V

View references EVT_NAME table that stores event name information.

Column Name	Datatype	Comment
EVENT_NAME_ID	number(38)	Event name identifier
EVENT_NAME	varchar2(255)	Event name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

EVT_PORT_SMRY_1_RPT_V

View summarizes event count by destination port, severity and event time.

Column Name	Datatype	Comment
DESTINATION_PORT	varchar2(32)	Destination port
SEVERITY	number(38)	Event severity
CUST_ID	number(38)	Customer identifier
EVENT_TIME	date	Event time
EVENT_COUNT	number(38)	Event count
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

EVT_PRTCL_RPT_V

View references EVT_PRTCL table that stores event protocol information.

Column Name	Datatype	Comment
PROTOCOL_ID	number(38)	Protocol identifier
PROTOCOL_NAME	varchar2(255)	Protocol name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object

EVT_PRTCL_RPT_V3

View references EVT_PRTCL table that stores event protocol information.

Column Name	Datatype	Comment
PROTOCOL_ID	number(38,0)	Protocol identifier
PROTOCOL	varchar2(255)	Protocol name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38,0)	User who created object
MODIFIED_BY	number(38,0)	User who last modified object

EVT_RSRC_RPT_V

View references EVT_RSRC table that stores event resource information.

Column Name	Datatype	Comment
RESOURCE_ID	number(38)	Resource identifier
CUST_ID	number(38)	Customer Identifier
RESOURCE_NAME	varchar2(255)	Resource name
SUB_RESOURCE_NAME	varchar2(255)	Subresource name
DATE_CREATED	date	Date the entry was created
DATE_MODIFIED	date	Date the entry was modified
CREATED_BY	number(38)	User who created object
MODIFIED_BY	number(38)	User who last modified object