Sentinel DB Views
This page may be out of date and will be replaced during the Beta; please refer to the interactive schema page for more information.
From Developer Community
Sentinel Schema ER Diagrams
Advisor
Aggregation Service
Asset
Content Management
Correlation
Events
Event Source Management
Event Summaries
Incidents
Policy Based Archiving
Sentinel Data Manager
Vulnerability
Workflow Activity
SQL Server Views
Oracle Views
This section lists the Sentinel™ schema views for Oracle*. The views provide information for developing your own reports (Crystal Reports*). Sentinel defines an event schema that is used to hold the parsed data received from event sources. For more information on the Sentinel Event schema, see Event schema.
Views
Listed below are the views available with Sentinel.
ACTVY_PARM_RPT_V
This view contains information about iTRAC™ activities.
Column Name | Datatype | Comment |
---|---|---|
ACTVY_PARM_ID | varchar2(36) | Activity parameter identifier |
ACTVY_ID | varchar2(36) | Activity identifier |
PARM_NAME | varchar2(255) | Activity Parameter name |
PARM_TYP_CD | varchar2(1) | Activity parameter type code |
DATA_TYP | varchar2(50) | Activity parameter data type |
DATA_SUBTYP | varchar2(50) | Activity parameter data subtype |
RQRD_F | number (1,0) | Required flag |
PARM_DESC | varchar2(255) | Activity parameter description |
PARM_VAL | varchar2(1000) | Activity parameter value |
FORMATTER | varchar2(255) | Activity parameter formatter |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number (38,0) | User who created the object |
MODIFIED_BY | number (38,0) | User who last modified the object |
ACTVY_REF_PARM_VAL_RPT_V
This view contains information about iTRAC™ activities.
Column Name | Datatype | Comment |
---|---|---|
ACTVY_ID | varchar2(36) | Activity identifier |
ACTVY_PARM_ID | varchar2(36) | Activity parameter identifier |
CREATED_BY | number(38,0) | User who created the object |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
MODIFIED_BY | number(38,0) | User who last modified the object |
PARM_VAL | varchar2(1000) | Activity parameter value |
SEQ_NUM | number(38,0) | Sequence number |
ACTVY_REF_RPT_V
This view contains information about iTRAC activities.
Column Name | Datatype | Comment |
---|---|---|
ACTVY_ID | varchar2(36) | Activity identifier |
SEQ_NUM | number(38,0) | Sequence number |
REFD_ACTVY_ID | varchar2(36) | Referenced activity identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
ACTVY_RPT_V
This view contains information about iTRAC activities.
Column Name | Datatype | Comment |
---|---|---|
ACTVY_ID | varchar2(36) | Activity identifier |
ACTVY_NAME | varchar2(255) | Activity name |
ACTVY_TYP_CD | varchar2(1) | Activity type code |
ACCESS_LVL | varchar2(50) | Access level |
EXEC_LOC | varchar2(50) | Execution location |
ACTVY_DESC | varchar2(255) | Activity description |
PROCESSOR | varchar2(255) | Processor |
INPUT_FORMATTER | varchar2(255) | Input formatter |
OUTPUT_FORMATTER | varchar2 (255) | Output formatter |
APP_NAME | varchar2 (25) | Application name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number (38,0) | User who created object |
MODIFIED_BY | number (38,0) | User who last modified object |
ADV_NXS_FEED_V
This view contains information about the Advisor feed files that are processed on a regular schedule.
Column Name | Datatype | Comment |
---|---|---|
FILE_NAME | varchar (256) | The filename of the Advisor feed file. |
HASH_VALUE | varchar (256) | The hash value of the Advisor feed file. |
RECORDS_INSERTED | number (18,0) | The number of records inserted into the database. |
RECORDS_UPDATED | number (18,0) | The number of records updated into the database. |
PROCESSING_START_TIME | date | Time stamp indicating when the processing of the feed files started. |
PROCESSING_END_TIME | date | Time stamp indicating when the processing of the feed files ended. |
GENERATION | date | The unique ID to which each feed file belongs. |
DATE_CREATED | date | Time stamp indicating when the feed file information was entered in the Sentinel database. |
DATE_MODIFIED | date | Time stamp indicating when the feed file information was modified in the Sentinel database. |
CREATED_BY | number | ID of the user who entered the feed file information in the Sentinel database. |
MODIFIED_BY | number | ID of the user who modified the feed file information in the Sentinel database. |
ADV_NXS_PRODUCTS_V
This view contains information about all the products that are supported by Novell® for Advisor, which include the Intrusion Detection System (IDS), Vulnerability Scanners, and Knowledge Base (OSVDB, CVE, and Bugtraq).
Column Name | Datatype | Comment |
---|---|---|
PRODUCT_ID | number | The unique ID of the product. |
PRODUCT_NAME | varchar2 (256 char) | Name of the product. For example, Cisco* Secure IDS, Enterasys* Dragon* Network Sensor, or McAfee* IntruShield*. |
INTERNAL_NAME | varchar2 (256 char) | Short name of the product that is used in generating the exploitdetection.csv file. This name is used by Collectors for exploit detection. For example, if the product name is Cisco Secure IDS, the internal name is Secure. |
IS_ATTACK | number (1,0) | This value is 1 if the product is IDS. Otherwise, this value is 0. |
IS_VULN | number (1,0) | This value is 1 if the product is Vulnerability Scanner. Otherwise, this value is 0. |
IS_KB | number (1,0) | This value is 1 if the product is Knowledge Base. Otherwise, this value is 0. |
IS_ACTIVE | number (1,0) | This value is 1 if the product is selected for exploit detection in the Advisor window of Sentinel Control Center. If the value is 0, attacks from this product are not populated in the exploitdetection.csv file. |
IS_POPULATE_ATTACK_NAME | number (1, 0) | This value is 1 by default. If the value is 0, the attack name is not populated in the exploitDetection.csv file. |
IS_POPULATE_ATTACK_CODE | number (1, 0) | This value is 1 by default. If the value is 0, the attack code is not populated in the exploitDetection.csv file. |
DATE_CREATED | date | Time stamp indicating when the product information was entered in the Sentinel database. |
DATE_MODIFIED | date | Time stamp indicating when the product information was modified in the Sentinel database. |
CREATED_BY | number | ID of the user who entered the product information in the Sentinel database. |
MODIFIED_BY | number | ID of the user who modified the product information in the Sentinel database. |
ADV_NXS_SIGNATURES_V
This view contains the information about the list of signatures for each product that is supported by Novell for Advisor.
Column Name | Datatype | Comment |
---|---|---|
PRODUCT_ID | number | The unique ID of the product. |
SIGNATURE_ID | number | The unique ID of the signature. |
SIGNATURE_NAME | varchar2 (256 char) | Name of the signature. |
PUBLISHED | date | Time stamp indicating when the signature was published for the product by the vendor. |
INSERTED | date | Time stamp indicating when the signature information was entered in the vendor database. |
UPDATED | date | Time stamp indicating when the signature information was updated in the vendor database. |
DATE_CREATED | date | Time stamp indicating when the signature information was entered in the Sentinel database. |
DATE_MODIFIED | date | Time stamp indicating when the signature information was modified in the Sentinel database. |
CREATED_BY | number | ID of the user who entered the signature information in the Sentinel database. |
MODIFIED_BY | number | ID of the user who modified the signature information in the Sentinel database. |
ADV_NXS_MAPPINGS_V
This view contains the mapping information for the products supported by Novell for Advisor. It provides information about the type of mapping between each product including the IDS product signatures, Vulnerability product signatures, and Knowledge Base product signatures.
Column Name | Datatype | Comment |
---|---|---|
SOURCE_PRODUCT_ID | number | The unique ID of the source product. |
SOURCE_SIGNATURE_ID | number | The unique ID of the source signature. |
TARGET_PRODUCT_ID | number | The unique ID of the target product. |
TARGET_SIGNATURE_ID | number | The unique ID of the target signature. |
MAPPING_DIRECT | number (1, 0) | This value is 1 if the mapping is direct. |
MAPPING_INDIRECT | number (1, 0) | This value is 1 if the mapping is indirect. |
MAPPING_NGRAM | number (1, 0) | This value is 1 if the mapping is n-gram. |
INSERTED | date | Time stamp indicating when the mapping information was entered in the vendor database. |
UPDATED | date | Time stamp indicating when the mapping was updated in the vendor database. |
IS_DELETED | number (1, 0) | This value is 1 if the mapping is marked as invalid. |
DELETED | date | Time stamp indicating when the mapping was marked as invalid. |
DATE_CREATED | date | Time stamp indicating when the mapping information was entered in the Sentinel database. |
DATE_MODIFIED | date | Time stamp indicating when the mapping information was modified in the Sentinel database. |
CREATED_BY | number | ID of the user who entered the mapping information in the Sentinel database. |
MODIFIED_BY | number | ID of the user who modified the mapping information in the Sentinel database. |
ADV_OSVDB_DETAILS_V
This view contains information about the known vulnerabilities from the OSVDB for the products supported by Novell for Advisor. It also stores the classifications to which the vulnerability applies.
Column Name | Datatype | Comment |
---|---|---|
OSVDB_ID | number | The unique ID of the vulnerability in the OSVDB. |
OSVDB_TITLE | clob | The normalized name of the vulnerability. |
DESCRIPTION | clob | A brief description of the vulnerability. |
URGENCY | number | Indicates the urgency of the vulnerability. The rating is 1- 10. The higher the number, the more urgent the vulnerability. |
SEVERITY | number | Indicates the severity of the vulnerability. The rating is 1- 10. The higher the number, the more urgent the vulnerability. |
ATTACK_TYPE_AUTH_MANAGE | number (1, 0) | This value is 1 if the attack type is authentication management. For example, brute force attack, default password, and cookie poisoning. |
ATTACK_TYPE_CRYPT | number (1, 0) | This value is 1 if the attack type is cryptographic. For example, weak encryption (implementation or algorithm), no encryption (plaintext), and sniffing. |
ATTACK_TYPE_DOS | number (1, 0) | This value is 1 if the attack type is denial of service. For example, saturation flood, crash, lock up, and forced reboot. |
ATTACK_TYPE_HIJACK | number (1, 0) | This value is 1 if the attack type is hijack. For example, man-in-the-middle attacks, IP spoofing, session timeout or take-over, and session replay. |
ATTACK_TYPE_INFO_DISCLOSE | number (1, 0) | This value is 1 if the attack type is information disclosure. For example, comments, passwords, fingerprinting, and system information. |
ATTACK_TYPE_INFRASTRUCT | number (1, 0) | This value is 1 if the attack type is infrastructure. For example, DNS poisoning and route manipulation. |
ATTACK_TYPE_INPUT_MANIP | number (1, 0) | This value is 1 if the attack type is input manipulation. For example, XSS, SQL injection, file retrieval, directory traversal, overflows, and URL encoding. |
ATTACK_TYPE_MISS_CONFIG | number (1, 0) | This value is 1 if the attack type is misconfiguration. For example, default files, debugging enabled, and directory indexing. |
ATTACK_TYPE_RACE | number (1, 0) | This value is 1 if the attack type is race condition. For example, symlink. |
ATTACK_TYPE_OTHER | number (1, 0) | This value is 1 if the attack type does not fall under any of the above attack types. |
ATTACK_TYPE_UNKNOWN | number (1, 0) | This value is 1 if the attack type is unknown. |
IMPACT_CONFIDENTIAL | number (1, 0) | This value is 1 if the impact of the attack(s) is loss of confidential information. For example, passwords, server information, environment variables, confirmation of file existence, path disclosure, file content access, and SQL injection. |
IMPACT_INTEGRITY | number (1, 0) | This value is 1 if the impact of the attack(s) is loss of integrity, which results in data modifications by unauthorized persons. For example, unauthorized file modification, deletion, or creation, remote file inclusion, and arbitrary command execution. |
IMPACT_AVAILABLE | number (1, 0) | This value is 1 if the impact of the attack is loss of availability of a service or information. |
IMPACT_UNKNOWN | number (1, 0) | This value is 1 if the impact of the attack is unknown. |
EXPLOIT_AVAILABLE | number (1, 0) | This value is 1 if an exploit is available for the vulnerability. |
EXPLOIT_UNAVAILABLE | number (1, 0) | This value is 1 if an exploit is not available for the vulnerability. |
EXPLOIT_RUMORED | number (1, 0) | This value is 1 if an exploit is rumored to exist for the vulnerability. |
EXPLOIT_UNKNOWN | number (1, 0) | This value is 1 if an exploit is unknown for the vulnerability. |
VULN_VERIFIED | number (1, 0) | This value is 1 if the existence of the vulnerability has been verified. |
VULN_MYTH_FAKE | number (1, 0) | This value is 1 if the vulnerability is a myth or a false alarm. |
VULN_BEST_PRAC | number (1, 0) | This value is 1 if the vulnerability is a result of not following the best practices in the configuration or usage of the vulnerable system or software. |
VULN_CONCERN | number (1, 0) | This value is 1 if the vulnerability requires additional concern for remediation. |
VULN_WEB_CHECK | number (1, 0) | This value is 1 if the vulnerability is a common problem in Web servers or Web applications. |
ATTACK_SCENARIO | clob | Description of how a vulnerability can be exploited. |
SOLUTION_DESCRIPTION | clob | Description of the solution that is used to fix the vulnerability. |
FULL_DESCRIPTION | clob | The complete description of the vulnerability. |
LOCATION_PHYSICAL | number (1, 0) | This value is 1 if the vulnerability can be exploited with only physical system access<literal/>. |
LOCATION_LOCAL | number (1, 0) | This value is 1 if the vulnerability can be exploited on a local system. |
LOCATION_REMOTE | number (1, 0) | This value is 1 if the vulnerability can be exploited on a remote system. |
LOCATION_DIALUP | number (1, 0) | This value is 1 if the vulnerability can be exploited using a dial-up connection. |
LOCATION_UNKNOWN | number (1, 0) | This value is 1 if the vulnerability is exploited in an unknown location. |
PUBLISHED | date | Time stamp indicating when the vulnerability was published in the OSVDB. |
INSERTED | date | Time stamp indicating when the vulnerability was inserted in the vendor database. |
UPDATED | date | Time stamp indicating when the vulnerability was updated in the vendor database. |
DATE_CREATED | date | Time stamp indicating when the vulnerability information was entered in the Sentinel database. |
DATE_MODIFIED | date | Time stamp indicating when the vulnerability information was modified in the Sentinel database. |
CREATED_BY | number | The ID of the user who entered the vulnerability information in the Sentinel database. |
MODIFIED_BY | number | The ID of the user who modified the vulnerability information in the Sentinel database. |
ADV_NXS_KB_PATCH_V
This view contains information about the patches that are required to remove the vulnerabilities.
Column Name | Datatype | Comment |
---|---|---|
ID | number | The unique ID for the row. |
OSVDB_ID | number | The ID of the vulnerability in the OSVDB. |
TYPE_NAME | varchar2 (128 char) | The type of the patch used to remove the vulnerability. |
TYPE_ID | number | The unique ID of the patch. |
REF_VALUE | clob | The URL that has the patch information. |
DATE_CREATED | date | Time stamp indicating when the patch information was entered in the Sentinel database. |
DATE_MODIFIED | date | Time stamp indicating when the patch information was modified in the Sentinel database. |
CREATED_BY | number | The ID of the user who entered the patch information in the Sentinel database. |
MODIFIED_BY | number | The ID of the user who modified the patch information in the Sentinel database. |
ADV_NXS_KB_PRODUCTSREF_V
This view contains the information about the products that are affected by the vulnerability.
Column Name | Datatype | Comment |
---|---|---|
ID | number | The unique ID for the row. |
OSVDB_ID | number | The ID of the vulnerability in the OSVDB. |
VENDOR_NAME | varchar2 (128 char) | Name of the vendor of the product that is affected by the vulnerability. |
VERSION_NAME | varchar2 (128 char) | Version of the product that is affected by the vulnerability. |
BASE_NAME | varchar2 (128 char) | Name of the product that is affected by the vulnerability. |
TYPE_NAME | varchar2 (128 char) | Indicates whether the product is affected by the vulnerability or not. |
DATE_CREATED | date | Time stamp indicating when the product information was entered in the Sentinel database. |
DATE_MODIFIED | date | Time stamp indicating when the product information was modified in the Sentinel database. |
CREATED_BY | number | The ID of the user who entered the product information in the Sentinel database. |
MODIFIED_BY | number | The ID of the user who modified the product information in the Sentinel database. |
ASSET_CATEGORY_RPT_V
This iew references ASSET_CTGRY table that stores information about asset categories
Column Name | Datatype | Comment |
---|---|---|
ASSET_CATEGORY_ID | number(38) | Asset category identifier |
ASSET_CATEGORY_NAME | varchar2(100) | Asset category name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ASSET_HOSTNAME_RPT_V
This view references ASSET_HOSTNAME table that stores information about alternate host names for assets.
Column Name | Datatype | Comment |
---|---|---|
ASSET_HOSTNAME_ID | varchar2(36) | Asset alternate hostname identifier |
PHYSICAL_ASSET_ID | varchar2(36) | Physical asset identifier |
HOST_NAME | varchar2(255) | Host name |
CUST_ID | number(38) | Customer identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ASSET_IP_RPT_V
This view references ASSET_IP table that stores information about alternate IP addresses for assets.
Column Name | Datatype | Comment |
---|---|---|
ASSET_IP_ID | varchar2(36) | Asset alternate IP identifier |
PHYSICAL_ASSET_ID | varchar2(36) | Physical asset identifier |
IP_ADDRESS | number(38) | Asset IP address |
CUST_ID | number(38) | Customer identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ASSET_LOCATION_RPT_V
This view references ASSET_LOC table that stores information about asset locations.
Column Name | Datatype | Comment |
---|---|---|
LOCATION_ID | number(38) | Location identifier |
CUST_ID | number(38) | Customer identifier |
BUILDING_NAME | varchar2(255) | Building name |
ADDRESS_LINE_1 | varchar2(255) | Address line 1 |
ADDRESS_LINE_2 | varchar2(255) | Address line 2 |
CITY | varchar2(100) | City |
STATE | varchar2(100) | State |
COUNTRY | varchar2(100) | Country |
ZIP_CODE | varchar2(50) | Zip code |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ASSET_RPT_V
This view references ASSET table that stores information about the physical and soft assets.
Column Name | Datatype | Comment |
---|---|---|
ASSET_ID | varchar2(36) | Asset identifier |
CUST_ID | number(38) | Customer identifier |
ASSET_NAME | varchar2(255) | Asset name |
PHYSICAL_ASSET_ID | varchar2(36) | Physical asset identifier |
PRODUCT_ID | number(38) | Product identifier |
ASSET_CATEGORY_ID | number(38) | Asset category identifier |
ENVIRONMENT_IDENTITY_ID | number(38) | Environment identify code |
PHYSICAL_ASSET_IND | number(1) | Physical asset indicator |
ASSET_VALUE_ID | number(38) | Asset value code |
CRITICALITY_ID | number(38) | Asset criticality code |
SENSITIVITY_ID | number(38) | Asset sensitivity code |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ASSET_VALUE_RPT_V
This view references ASSET_VAL_LKUP table that stores information about the asset value.
Column Name | Datatype | Comment |
---|---|---|
ASSET_VALUE_ID | number(38) | Asset value code |
ASSET_VALUE_NAME | varchar2(50) | Asset value name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ASSET_X_ENTITY_X_ROLE_RPT_V
This view references ASSET_X_ENTITY_X_ROLE table that associates a person or an organization to an asset.
Column Name | Datatype | Comment |
---|---|---|
PERSON_ID | varchar2(36) | Person identifier |
ORGANIZATION_ID | varchar2(36) | Organization identifier |
ROLE_CODE | varchar2(5) | Role code |
ASSET_ID | varchar2(36) | Asset identifier |
ENTITY_TYPE_CODE | varchar2(5) | Entity type code |
PERSON_ROLE_SEQUENCE | number(38) | Order of persons under a particular role |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ASSOCIATIONS_RPT_V
This view references ASSOCIATIONS table that associates users to incidents, incidents to annotations and so on.
Column Name | Datatype | Comment |
---|---|---|
TABLE1 | varchar2(64) | Table name 1. For example, incidents |
ID1 | varchar2(36) | ID1. For example, incident ID. |
TABLE2 | varchar2(64) | Table name 2. For example, users. |
ID2 | varchar2(36) | ID2. For example, user ID. |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
ATTACHMENTS_RPT_V
This view references ATTACHMENTS table that stores attachment data.
Column Name | Datatype | Comment |
---|---|---|
ATTACHMENT_ID | number | Attachment identifier |
NAME | varchar2(255) | Attachment name |
SOURCE_REFERENCE | varchar2(64) | Source reference |
TYPE | varchar2(32) | Attachment type |
SUB_TYPE | varchar2(32) | Attachment subtype |
FILE_EXTENSION | varchar2(32) | File extension |
ATTACHMENT_DESCRIPTION | varchar2(255) | Attachment description |
DATA | clob | Attachment data |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
AUDIT_RECORD_RPT_V
This view references AUDIT_RECORD table that stores Sentinel internal audit data.
Column Name | Datatype | Comment |
---|---|---|
AUDIT_ID | varchar2(36) | Audit record identifier |
AUDIT_TYPE | varchar2(255) | Audit type |
SRC | varchar2(255) | Audit source |
SENDER_HOSTNAME | varchar2(255) | Sender hostname |
SENDER_HOST_IP | varchar2(255) | Sender host IP |
SENDER_CONTAINER | varchar2(255) | Sender container name |
SENDER_ID | varchar2(255) | Sender Identifier |
CLIENT | varchar2(255) | Client application that requested audit |
EVT_NAME | varchar2(255) | Event name |
RES | varchar2(255) | Event resource |
SRES | varchar2(255) | Event sub-resource |
MSG | varchar2(500) | Event message |
CREATED_BY | number(0) | User who created object |
MODIFIED_BY | number(0) | User who last modified object |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CONFIGS_RPT_V
This view references CONFIGS table that stores general configuration information of the application.
Column Name | Datatype | Comment |
---|---|---|
USR_ID | varchar2(32) | User name. |
APPLICATION | varchar2(255) | Application identifier |
UNIT | varchar2(64) | Application unit |
VALUE | varchar2(255) | Text value if any |
DATA | clob | XML data |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
CONTACTS_RPT_V
This view references CONTACTS table that stores contact information.
Column Name | Datatype | Comment |
---|---|---|
CNT_ID | number | Contact ID - Sequence number |
FIRST_NAME | varchar2(20) | Contact first name. |
LAST_NAME | varchar2(30) | Contact last name. |
TITLE | varchar2(128) | Contact title |
DEPARTMENT | varchar2(128) | Department |
PHONE | varchar2(64) | Contact phone |
varchar2(255) | Contact e-mail | |
PAGER | varchar2(64) | Contact pager |
CELL | varchar2(64) | Contact cell phone |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
CORRELATED_EVENTS_RPT_V (legacy view)
This view is provided for backward compatibility. New reports should use CORRELATED_EVENTS_RPT_V1.
CORRELATED_EVENTS_RPT_V1
This vew contains current and historical correlated events (correlated events imported from archives).
Column Name | Datatype | Comment |
---|---|---|
PARENT_EVT_ID | varchar2(36) | Event Universal Unique Identifier (UUID) of parent event |
CHILD_EVT_ID | varchar2(36) | Event Universal Unique Identifier (UUID) of child event |
PARENT_EVT_TIME | date | Parent event time |
CHILD_EVT_TIME | date | Child event time |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
CRITICALITY_RPT_V
This view references CRIT_LKUP table that contains information about asset criticality.
Column Name | Datatype | Comment |
---|---|---|
CRITICALITY_ID | number(38) | Asset criticality code |
CRITICALITY_NAME | varchar2(50) | Asset criticality name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
CUST_HIERARCHY_V
This view references CUST_HIERARCHY table that stores information about MSSP customer hierarchy.
Column Name | Datatype | Comment |
---|---|---|
CUST_HIERARCHY_ID | number(38) | Customer hierarchy ID |
CUST_NAME | varchar2(255) | Customer |
CUST_HIERARCHY_LVL1 | varchar2(255) | Customer hierarchy level 1 |
CUST_HIERARCHY_LVL2 | varchar2(255) | Customer hierarchy level 2 |
CUST_HIERARCHY_LVL3 | varchar2(255) | Customer hierarchy level 3 |
CUST_HIERARCHY_LVL4 | varchar2(255) | Customer hierarchy level 4 |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
CUST_RPT_V
This view references CUST table that stores customer information for MSSPs.
Column Name | Datatype | Comment |
---|---|---|
CUST_ID | number(38) | Customer identifier |
CUSTOMER_NAME | varchar2(255) | Customer name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ENTITY_TYPE_RPT_V
This view references ENTITY_TYP table that stores information about entity types (person, organization).
Column Name | Datatype | Comment |
---|---|---|
ENTITY_TYPE_CODE | varchar2(5) | Entity type code |
ENTITY_TYPE_NAME | varchar2(50) | Entity type name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ENV_IDENTITY_RPT_V
This view references ENV_IDENTITY_LKUP table that stores information about asset environment identity.
Column Name | Datatype | Comment |
---|---|---|
ENVIRONMENT_IDENTITY_ID | number(38) | Environment identity code |
ENV_IDENTITY_NAME | varchar2(255) | Environment identity name |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ESEC_CONTENT_GRP_CONTENT_RPT_V
This view contains information about Solution Packs.
Column Name | Datatype | Comment |
---|---|---|
CONTENT_GRP_ID | varchar2(36) | Content group identifier |
CONTENT_ID | varchar2(255) | Content identifier |
CONTENT_TYP | varchar2(100) | Content type |
CONTENT_HASH | varchar2(255) | Content hash |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
ESEC_CONTENT_GRP_RPT_V
This view contains information about Solution Packs.
Column Name | Datatype | Comment |
---|---|---|
CONTENT_GRP_ID | varchar2(36) | Content group identifier |
CONTENT_GRP_NAME | varchar2(255) | Content group name |
CONTENT_GRP_DESC | Clob | Content group description |
CTRL_ID | varchar2(36) | Control identifier |
CONTENT_EXTERNAL_ID | varchar2(255) | Content external identifier |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
ESEC_CONTENT_PACK_RPT_V
This view contains information about Solution Packs.
Column Name | Datatype | Comment |
---|---|---|
CONTENT_PACK_ID | varchar2(36) | Content pack identifier |
CONTENT_PACK_DESC | Clob | Content pack description |
CONTENT_PACK_NAME | varchar2(255) | Content pack name |
CONTENT_EXTERNAL_ID | varchar2(255) | Content external identifier |
DATE_MODIFIED | Date | Date the entry was modified |
DATE_CREATED | Date | Date the entry was created |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
ESEC_CONTENT_RPT_V
This view contains information about Solution Packs.
Column Name | Datatype | Comment |
---|---|---|
CONTENT_PACK_ID | varchar2(36) | Content pack identifier |
CONTENT_ID | varchar2(255) | Content identifier |
CONTENT_NAME | varchar2(255) | Content name |
CONTENT_STATE | number(38,0) | Content state |
CONTENT_TYP | varchar2(100) | Content type |
CONTENT_DESC | Clob | Content description |
CONTENT_CONTEXT | Clob | Content context |
CONTENT_HASH | varchar2(255) | Content hash |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
MODIFIED_BY | number(38,0) | User who last modified object |
CREATED_BY | number(38,0) | User who created object |
ESEC_CTRL_CTGRY_RPT_V
This view contains information about Solution Packs.
Column Name | Datatype | Comment |
---|---|---|
CTRL_CTGRY_ID | varchar2(36) | Control category identifier |
CTRL_CTGRY_DESC | Clob | Control category description |
CTRL_CTGRY_NAME | varchar2(255) | Control category name |
CONTENT_PACK_ID | varchar2(36) | Content pack identifier |
CONTENT_EXTERNAL_ID | varchar2(255) | Content external identifier |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
ESEC_CTRL_RPT_V
This view contains information about Solution Packs.
Column Name | Datatype | Comment |
---|---|---|
CTRL_ID | varchar2(36) | Control identifier |
CTRL_NAME | varchar2(255) | Control name |
CTRL_DESC | clob | Control description |
CTRL_STATE | number(38,0) | Control state |
CTRL_NOTES | clob | Control notes |
CTRL_CTGRY_ID | varchar2(36) | Control category identifier |
CONTENT_EXTERNAL_ID | varchar2(255) | Content external identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
ESEC_DISPLAY_RPT_V
This view references ESEC_DISPLAY table that stores displayable properties of objects. Currently used in renaming meta-tags. Used with Event Configuration (Business Relevance).
Column Name | Datatype | Comment |
---|---|---|
DISPLAY_OBJECT | varchar2(32) | The parent object of the property |
TAG | varchar2(32) | The native tag name of the property |
LABEL | varchar2(32) | The display string of tag. |
POSITION | number | Position of tag within display. |
WIDTH | number | The column width |
ALIGNMENT | number | The horizontal alignment |
FORMAT | number | The enumerated formatter for displaying the property |
ENABLED | varchar2(1) | Indicates if the tag is shown. |
TYPE | number | Indicates datatype of tag. 1 = string 2 = ulong 3 = date 4 = uuid 5 = ipv4 |
DESCRIPTION | varchar2(255) | Textual description of the tag |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
REF_CONFIG | varchar2(4000) | Referential data configuration |
ESEC_PORT_REFERENCE_RPT_V
This view references ESEC_PORT_REFERENCE table that stores industry standard assigned port numbers.
Column Name | Datatype | Comment |
---|---|---|
PORT_NUMBER | number | Per http://www.iana.org/assignments/port-numbers, the numerical representation of the port. This port number is typically associated with the Transport Protocol level in the TCP/IP stack. |
PROTOCOL_NUMBER | number | Per http://www.iana.org/assignments/protocol-numbers, the numerical identifiers used to represent protocols that are encapsulated in an IP packet. |
PORT_KEYWORD | varchar2(64) | Per http://www.iana.org/assignments/port-numbers, the keyword representation of the port. |
PORT_DESCRIPTION | varchar2(512) | Port description. |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
ESEC_PROTOCOL_REFERENCE_RPT_V
This view references ESEC_PROTOCOL_REFERENCE table that stores industry standard assigned protocol numbers.
Column Name | Datatype | Comment |
---|---|---|
PROTOCOL_NUMBER | number | Per http://www.iana.org/assignments/protocol-numbers, the numerical identifiers used to represent protocols that are encapsulated in an IP packet. |
PROTOCOL_KEYWORD | varchar2(64) | Per http://www.iana.org/assignments/protocol-numbers, the keyword used to represent protocols that are encapsulated in an IP packet. |
PROTOCOL_DESCRIPTION | varchar2(512) | IP packet protocol description. |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
ESEC_SEQUENCE_RPT_V
This view references ESEC_SEQUENCE table that’s used to generate primary key sequence numbers for Sentinel tables.
Column Name | Datatype | Comment |
---|---|---|
TABLE_NAME | varchar2(32) | Name of the table. |
COLUMN_NAME | varchar2(255) | Name of the column |
SEED | number | Current value of primary key field. |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
ESEC_UUID_UUID_ASSOC_RPT_V
This view contains information about object relationships. Used internally by Sentinel and not for reporting purposes.
Column Name | Datatype | Comment |
---|---|---|
OBJECT1 | varchar2(64) | Object 1 |
ID1 | varchar2(36) | UUID for object 1 |
OBJECT2 | varchar2(64) | Object 2 |
ID2 | varchar2(36) | UUID for object 2 |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
EVENTS_ALL_RPT_V (legacy view)
This view is provided for backward compatibility. View contains current and historical events (events imported from archives).
EVENTS_ALL_RPT_V1 (legacy view)
This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current events.
EVENTS_RPT_V (legacy view)
This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current and historical events.
EVENTS_RPT_V1 (legacy view)
This view is provided for backward compatibility. New reports should use EVENT_ALL_RPT_V. View contains current events.
EVENTS_RPT_V2
This is the primary reporting view for Sentinel 6.0. This view contains current event and historical events. It is included for legacy reports but has been replaced in Sentinel 6.1 with EVENTS_RPT_V3.
Column Name | Datatype | Comment |
---|---|---|
EVENT_ID | varchar2(36) | Event identifier |
RESOURCE_NAME | varchar2(255) | Resource name |
SUB_RESOURCE | varchar2(255) | Subresource name |
SEVERITY | integer | Event severity |
EVENT_PARSE_TIME | date | Event time |
EVENT_DATETIME | date | Event time |
EVENT_DEVICE_TIME | date | Event device time |
SENTINEL_PROCESS_TIME | date | Sentinel process time |
BEGIN_TIME | date | Events begin time |
END_TIME | date | Events end time |
REPEAT_COUNT | integer | Events repeat count |
DESTINATION_PORT_INT | integer | Destination port (integer) |
SOURCE_PORT_INT | integer | Source port (integer) |
BASE_MESSAGE | varchar2(4000) | Base message |
EVENT_NAME | varchar2(255) | Name of the event as reported by the sensor |
EVENT_TIME | varchar2(255) | Event time as reported by the sensor |
CUST_ID | integer | Customer identifier |
SOURCE_ASSET_ID | integer | Source asset identifier |
DESTINATION_ASSET_ID | integer | Destination asset identifier |
AGENT_ID | integer | Collector identifier |
PROTOCOL_ID | integer | Protocol identifier |
ARCHIVE_ID | integer | Archive identifier |
SOURCE_IP | integer | Source IP address in numeric format |
SOURCE_IP_DOTTED | varchar2(16) | Source IP in dotted format |
SOURCE_HOST_NAME | varchar2(255) | Source host name |
SOURCE_PORT | varchar2(32) | Source port |
DESTINATION_IP | integer | Destination IP address in numeric format |
DESTINATION_IP_DOTTED | varchar2(16) | Destination in dotted format |
DESTINATION_HOST_NAME | varchar2(255) | Destination host name |
DESTINATION_PORT | varchar2(32) | Destination port |
SOURCE_USER_NAME | varchar2(255) | Source user name |
DESTINATION_USER_NAME | varchar2(255) | Destination user name |
FILE_NAME | varchar2(1000) | File name |
EXTENDED_INFO | varchar2(1000) | Extended information |
CUSTOM_TAG_1 | varchar2(255) | Customer Tag 1 |
CUSTOM_TAG 2 | varchar2(255) | Customer Tag 2 |
CUSTOM_TAG 3 | integer | Customer Tag 3 |
RESERVED_TAG_1 | varchar2(255) | Reserved Tag 1 Reserved for future use by Novell. This field is used for Advisor information concerning attack descriptions. |
RESERVED_TAG_2 | varchar2(255) | Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RESERVED_TAG_3 | integer | Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
VULNERABILITY_RATING | integer | Vulnerability rating |
CRITICALITY_RATING | integer | Criticality rating |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | integer | User who created object |
MODIFIED_BY | integer | User who last modified object |
RV01 - 10 | integer | Reserved Value 1 - 10 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV11 - 20 | date | Reserved Value 1 - 31 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV21 - 25 | varchar2(36) | Reserved Value 21 - 25 Reserved for future use by Novell to store UUIDs. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV26 - 31 | varchar2(255) | Reserved Value 26 - 31 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV33 | varchar2(255) | Reserved Value 33 Reserved for EventContex Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV34 | varchar2(255) | Reserved Value 34 Reserved for SourceThreatLevel Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV35 | varchar2(255) | Reserved Value 35 Reserved for SourceUserContext. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV36 | varchar2(255) | Reserved Value 36 Reserved for DataContext. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV37 | varchar2(255) | Reserved Value 37 Reserved for SourceFunction. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV38 | varchar2(255) | Reserved Value 38 Reserved for SourceOperationalContext. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV40 - 43 | varchar2(255) | Reserved Value 40 - 43 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV44 | varchar2(255) | Reserved Value 44 Reserved for DestinationThreatLevel. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV45 | varchar2(255) | Reserved Value 45 Reserved for DestinationUserContext. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV46 | varchar2(255) | Reserved Value 46 Reserved for VirusStatus. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV47 | varchar2(255) | Reserved Value 47 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV48 | varchar2(255) | Reserved Value 48 Reserved for DestinationOperationalContext. Use of this field for any other purpose might result in data being overwritten by future functionality. |
RV49 | varchar2(255) | Reserved Value 49 Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
TAXONOMY_ID | integer | |
REFERENCE_ID_01 - 20 | integer | Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
CV01 - 10 | integer | Custom Value 1 - 10 Reserved for use by Customer, typically for association of Business relevant data |
CV11 - 20 | date | Custom Value 11 - 20 Reserved for use by Customer, typically for association of Business relevant data |
CV21 - 29 | varchar2(255) | Custom Value 21 – 100 Reserved for use by Customer, typically for association of Business relevant data |
CV30 - 34 | varchar2(4000) | |
CV35 – 100 | varchar2(255) |
EVENTS_RPT_V3
This is the primary reporting view for Sentinel 6.1. This view contains current event and historical events. It is included for legacy reports.
Column Name | Datatype | Comment |
---|---|---|
EVENT_ID | varchar2(36) | Event identifier |
RESOURCE_NAME | varchar2(255) | |
SUB_RESOURCE | varchar2(255) | Subresource name |
SEVERITY | number(38,0) | Event severity |
EVENT_PARSE_TIME | date | Event time |
EVENT_DATETIME | date | |
EVENT_DEVICE_TIME | date | Event device time |
SENTINEL_PROCESS_TIME | date | Sentinel process time |
BEGIN_TIME | date | Events begin time |
END_TIME | date | Events end time |
REPEAT_COUNT | number(38,0) | |
TARGET_SERVICE_PORT | number(38,0) | Target service port |
INIT_SERVICE_PORT | number(38,0) | |
BASE_MESSAGE | varchar2(4000) | |
EVENT_NAME | varchar2(255) | |
EVENT_TIME | varchar2(255) | Event time |
CUST_ID | number(38,0) | |
INIT_ASSET_ID | number(38,0) | Initiator asset identifier |
TARGET_ASSET_ID | number(38,0) | Target asset identifier |
AGENT_ID | number(38,0) | |
PROTOCOL_ID | number(38,0) | |
ARCHIVE_ID | number(38,0) | |
INIT_IP | number(38,0) | |
INIT_IP_DOTTED | varchar2(4000) | |
INIT_HOST_NAME | varchar2(255) | |
INIT_SERVICE_PORT_NAME | varchar2(32) | |
TARGET_IP | number(38,0) | |
TARGET_IP_DOTTED | varchar2(4000) | |
TARGET_HOST_NAME | varchar2(255) | |
TARGET_SERVICE_PORT_NAME | varchar2(32) | |
INIT_USER_NAME | varchar2(255) | The initiating user's account name (SourceUsername). |
TARGET_USER_NAME | varchar2(255) | |
FILE_NAME | varchar2(1000) | |
EXTENDED_INFO | varchar2(1000) | |
CUSTOM_TAG_1 | varchar2(255) | Customer Tag 1 |
CUSTOM_TAG_2 | varchar2(255) | Customer Tag 2 |
CUSTOM_TAG_3 | number(38,0) | Customer Tag 3 |
RESERVED_TAG_1 | varchar2(255) | |
RESERVED_TAG_2 | varchar2(255) | |
RESERVED_TAG_3 | number(38,0) | |
VULNERABILITY_RATING | number(38,0) | |
CRITICALITY_RATING | number(38,0) | |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
RV01 | number(38,0) | |
EVENT_METRIC | number(38,0) | Event metric |
DATA_TAG_ID | number(38,0) | Data tag ID |
RV04-RV10 | number(38,0) | |
RV11-RV20 | date | |
RV21- RV28 | varchar2(255) | |
INIT_IP_COUNTRY | varchar2(255) | |
TARGET_IP_COUNTRY | varchar2(255) | |
RV31 | varchar2(255) | |
RV33 | varchar2(255) | |
INIT_THREAT_LEVEL | varchar2(255) | Initiator threat level |
INIT_USER_DOMAIN | varchar2(255) | The domain (namespace) in which the initiating account exists. |
RV36 | varchar2(255) | |
INIT_FUNCTION | varchar2(255) | Initiator function |
INIT_OPERATIONAL_CONTEXT | varchar2(255) | Initiator operational context |
RV40 | varchar2(255) | |
TARGET_HOST_DOMAIN | varchar2(255) | Target host domain |
INIT_HOST_DOMAIN | varchar2(255) | |
RV43 | varchar2(255) | |
TARGET_THREAT_LEVEL | varchar2(255) | Target threat level |
TARGET_USER_DOMAIN | varchar2(255) | Target user domain |
RV46 | varchar2(255) | |
TARGET_FUNCTION | varchar2(255) | Target function |
TARGET_OPERATIONAL_CONEXT | varchar2(255) | Target operational context |
RV49 | varchar2(255) | |
TAXONOMY_ID | number(38,0) | Taxonomy identifier |
REFERENCE_ID_01-REFERENCE_ID_20 | number(38,0) | |
CV01-CV10 | number(38,0) | |
CV11-CV20 | date | |
CV21- CV29 | varchar2(255) | |
CV30- CV34 | varchar2(4000) | |
CV35- CV100 | varchar2(255) | |
INIT_USER_ID | varchar2(255) | The initiating account's source-specific identifier as determined by the Collector based on raw device data. |
INIT_USER_IDENTITY | varchar2(36) | The internal UUID of the identity associated with the initiating account. |
TARGET_USER_ID | varchar2(255) | Target user ID |
TARGET_USER_IDENTITY | varchar2(36) | Target user identity |
EFFECTIVE_USER_NAME | varchar2(255) | Effective user name |
EFFECTIVE_USER_ID | varchar2(255) | Effective user ID |
EFFECTIVE_USER_DOMAIN | varchar2(255) | Effective user domain |
TARGET_TRUST_NAME | varchar2(255) | Target trust name |
TARGET_TRUST_ID | varchar2(255) | Target trust ID |
TARGET_TRUST_DOMAIN | varchar2(255) | Target trust domain |
OBSERVER_IP | number(38,0) | Observer IP address in numeric format |
REPORTER_IP | number(38,0) | Reporter IP address in numeric format |
OBSERVER_HOST_DOMAIN | varchar2(255) | Observer host domain |
REPORTER_HOST_DOMAIN | varchar2(255) | Reporter host domain |
OBSERVER_ASSET_ID | varchar2(255) | Observer asset identifier |
REPORTER_ASSET_ID | varchar2(255) | Reporter asset identifier |
INIT_SERVICE_COMP | varchar2(255) | Initiator service component |
TARGET_SERVICE_COMP | varchar2(255) | Target service component |
EVENT_GROUP_ID | varchar2(255) | |
CUSTOMER_VAR_101-CUSTOMER_VAR_110 | number(38,0) | |
CUSTOMER_VAR_111-CUSTOMER_VAR_120 | date | |
CUSTOMER_VAR_121-CUSTOMER_VAR_130 | varchar2(36) | |
CUSTOMER_VAR_131-CUSTOMER_VAR_140 | number(38,0) | |
CUSTOMER_VAR_141-CUSTOMER_VAR_150 | varchar2(255) |
EVT_AGENT_RPT_V
View references EVT_AGENT table that stores information about Collectors.
Column Name | Datatype | Comment |
---|---|---|
AGENT_ID | number(38) | Collector identifier |
CUST_ID | number(38) | |
AGENT | varchar2(64) | Collector name |
PORT | varchar2(64) | Collector port |
REPORT_NAME | varchar2(255) | Reporter name |
PRODUCT_NAME | varchar2(255) | Product name |
SENSOR_NAME | varchar2(255) | Sensor name |
SENSOR_TYPE | varchar2(5) | Sensor type: H - host-based N - network-based V - virus O – other |
DEVICE_CATEGORY | varchar2(255) | Device category |
SOURCE_UUID | varchar2(36) | Source component Universal Unique Identifier (UUID) |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_AGENT_RPT_V3
View references EVT_AGENT table that stores information about Collectors. The column names in this view reflects the name change of Sensor to Observer. This view is designed for use in Sentinel 6.1.
Column Name | Datatype | Comment |
---|---|---|
AGENT_ID | number(38,0) | Collector identifier |
CUST_ID | number(38,0) | Customer identifier |
AGENT | varchar2(64) | Collector |
PORT | varchar2(64) | Port |
REPORTER_HOST_NAME | varchar2(255) | Reporter host name |
PRODUCT_NAME | varchar2(255) | |
OBSERVER_HOST_NAME | varchar2(255) | |
SENSOR_TYPE | varchar2(5) | Sensor type: H - host-based N - network-based V - virus O - other |
DEVICE_CATEGORY | varchar2(255) | Device category |
SOURCE_UUID | varchar2(36) | Source component Universal Unique Identifier (UUID) |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
EVT_ASSET_RPT_V
View references EVT_ASSET table that stores asset information.
Column Name | Datatype | Comment |
---|---|---|
EVENT_ASSET_ID | number(38) | Event asset identifier |
CUST_ID | number(38) | Customer identifier |
ASSET_NAME | varchar2(255) | Asset name |
PHYSICAL_ASSET_NAME | varchar2(255) | Physical asset name |
REFERENCE_ASSET_ID | varchar2(100) | Reference asset identifier, links to source asset management system. |
MAC_ADDRESS | varchar2(100) | MAC address |
RACK_NUMBER | varchar2(50) | Rack number |
ROOM_NAME | varchar2(100) | Room name |
BUILDING_NAME | varchar2(255) | Building name |
CITY | varchar2(100) | City |
STATE | varchar2(100) | State |
COUNTRY | varchar2(100) | Country |
ZIP_CODE | varchar2(50) | Zip code |
ASSET_CATEGORY_NAME | varchar2(100) | Asset category name |
NETWORK_IDENTITY_NAME | varchar2(255) | Asset network identity name |
ENVIRONMENT_IDENTITY_NAME | varchar2(255) | Environment name |
ASSET_VALUE_NAME | varchar2(50) | Asset value name |
CRITICALITY_NAME | varchar2(50) | Asset criticality name |
SENSITIVITY_NAME | varchar2(50) | Asset sensitivity name |
CONTACT_NAME_1 | varchar2(255) | Name of contact person/organization 1 |
CONTACT_NAME_2 | varchar2(255) | Name of contact person/organization 2 |
ORGANIZATION_NAME_1 | varchar2(100) | Asset owner organization level 1 |
ORGANIZATION_NAME_2 | varchar2(100) | Asset owner organization level 2 |
ORGANIZATION_NAME_3 | varchar2(100) | Asset owner organization level 3 |
ORGANIZATION_NAME_4 | varchar2(100) | Asset owner organization level 4 |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_ASSET_RPT_V3
View references EVT_ASSET table that stores asset information. This view is designed for Sentinel 6.1.
Column Name | Datatype | Comment |
---|---|---|
ASSET_CRITICALITY | varchar2(50) | |
ASSET_CLASS | varchar2(100) | |
ASSET_FUNCTION | varchar2(255) | |
ASSET_DEPARTMENT | varchar2(100) | Asset department |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
EVT_DEST_EVT_NAME_SMRY_1_RPT_V
View summarizes event count by destination, taxonomy, event name, severity and event time.
Column Name | Datatype | Comment |
---|---|---|
DESTINATION_IP | number(38) | Destination IP address |
DESTINATION_EVENT_ASSET_ID | number(38) | Event asset identifier |
TAXONOMY_ID | number(38) | Taxonomy identifier |
EVENT_NAME_ID | number(38) | Event name identifier |
SEVERITY | number(38) | Event severity |
CUST_ID | number(38) | Customer identifier |
EVENT_TIME | date | Event time |
EVENT_COUNT | number(38) | Event count |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
DESTINATION_HOST_NAME | varchar2(255) |
EVT_DEST_SMRY_1_RPT_V
View contains event destination summary information.
Column Name | Datatype | Comment |
---|---|---|
DESTINATION_IP | number(38) | Destination IP address |
DESTINATION_EVENT_ASSET_ID | number(38) | Event asset identifier |
DESTINATION_PORT | varchar2(32) | Destination port |
DESTINATION_USER_ID | number(38) | Destination user identifier |
TAXONOMY_ID | number(38) | Taxonomy identifier |
EVENT_NAME_ID | number(38) | Event name identifier |
RESOURCE_ID | number(38) | Resource identifier |
AGENT_ID | number(38) | Collector identifier |
PROTOCOL_ID | number(38) | Protocol identifier |
SEVERITY | number(38) | Event severity |
CUST_ID | number(38) | Customer identifier |
EVENT_TIME | date | Event time |
EVENT_COUNT | number(38) | Event count |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
DESTINATION_HOST_NAME | varchar2(255) |
EVT_DEST_TXNMY_SMRY_1_RPT_V
View summarizes event count by destination, taxonomy, severity and event time.
Column Name | Datatype | Comment |
---|---|---|
DESTINATION_IP | number(38) | Destination IP address |
DESTINATION_EVENT_ASSET_ID | number(38) | Event asset identifier |
TAXONOMY_ID | number(38) | Taxonomy identifier |
SEVERITY | number(38) | Event severity |
CUST_ID | number(38) | Customer identifier |
EVENT_TIME | date | Event time |
EVENT_COUNT | number(38) | Event count |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
DESTINATION_HOST_NAME | varchar2(255) |
EVT_NAME_RPT_V
View references EVT_NAME table that stores event name information.
Column Name | Datatype | Comment |
---|---|---|
EVENT_NAME_ID | number(38) | Event name identifier |
EVENT_NAME | varchar2(255) | Event name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_PORT_SMRY_1_RPT_V
View summarizes event count by destination port, severity and event time.
Column Name | Datatype | Comment |
---|---|---|
DESTINATION_PORT | varchar2(32) | Destination port |
SEVERITY | number(38) | Event severity |
CUST_ID | number(38) | Customer identifier |
EVENT_TIME | date | Event time |
EVENT_COUNT | number(38) | Event count |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_PRTCL_RPT_V
View references EVT_PRTCL table that stores event protocol information.
Column Name | Datatype | Comment |
---|---|---|
PROTOCOL_ID | number(38) | Protocol identifier |
PROTOCOL_NAME | varchar2(255) | Protocol name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_PRTCL_RPT_V3
View references EVT_PRTCL table that stores event protocol information.
Column Name | Datatype | Comment |
---|---|---|
PROTOCOL_ID | number(38,0) | Protocol identifier |
PROTOCOL | varchar2(255) | Protocol name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
EVT_RSRC_RPT_V
View references EVT_RSRC table that stores event resource information.
Column Name | Datatype | Comment |
---|---|---|
RESOURCE_ID | number(38) | Resource identifier |
CUST_ID | number(38) | Customer Identifier |
RESOURCE_NAME | varchar2(255) | Resource name |
SUB_RESOURCE_NAME | varchar2(255) | Subresource name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_SEV_SMRY_1_RPT_V
View summarizes event count by severity and event time.
Column Name | Datatype | Comment |
---|---|---|
SEVERITY | number(38) | Event severity |
CUST_ID | number(38) | Customer identifier |
EVENT_TIME | date | Event time |
EVENT_COUNT | number(38) | Event count |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_SRC_COLLECTOR_RPT_V
View contains information about the Event Source Management configuration.
Column Name | Datatype | Comment |
---|---|---|
EVT_SRC_COLLECTOR_ID | varchar2(36) | Event source collector identifier |
SENTINEL_PLUGIN_ID | varchar2(36) | Sentinel plug-in identifier |
EVT_SRC_MGR_ID | varchar2(36) | Event source manager identifier |
EVT_SRC_COLLECTOR_NAME | varchar2(255) | Event source collector name |
STATE_IND | number(1,0) | State indicator |
EVT_SRC_COLLECTOR_PROPS | clob | Event source collector prop |
MAP_FILTER | clob | Map filter |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
EVT_SRC_GRP_RPT_V
View contains information about the Event Source Management configuration.
Column Name | Datatype | Comment |
---|---|---|
EVT_SRC_GRP_ID | varchar2(36) | Event source group identifier |
EVT_SRC_COLLECTOR_ID | varchar2(36) | Event source collector identifier |
SENTINEL_PLUGIN_ID | varchar2(36) | Sentinel plug-in identifier |
EVT_SRC_SRVR_ID | varchar2(36) | Event source server identifier |
EVT_SRC_GRP_NAME | varchar2(255) | Event source group name |
STATE_IND | number(1,0) | State indicator |
EVT_SRC_DEFAULT_CONFIG | clob | Event source default configuration |
MAP_FILTER | clob | Map filter |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
EVT_SRC_MGR_RPT_V
View contains information about the Event Source Management configuration.
Column Name | Datatype | Comment |
---|---|---|
EVT_SRC_MGR_ID | varchar2(36) | Event source manager identifier |
SENTINEL_ID | varchar2(36) | Sentinel identifier |
EVT_SRC_MGR_NAME | varchar2(255) | Event source manager name |
SENTINEL_HOST_ID | varchar2(36) | Sentinel host identifier |
STATE_IND | number(1,0) | State indicator |
EVT_SRC_MGR_CONFIG | clob | Event source manager configuration |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
EVT_SRC_OFFSET_RPT_V
View contains information about the Event Source Management configuration.
Column Name | Datatype | Comment |
---|---|---|
EVT_SRC_ID | varchar2(36) | Event source identifier |
OFFSET_VAL | clob | Offset value |
OFFSET_TIMESTAMP | date | Offset timestamp |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
EVT_SRC_RPT_V
View contains information about the Event Source Management configuration.
Column Name | Datatype | Comment |
---|---|---|
EVT_SRC_ID | varchar2(36) | Event source identifier |
EVT_SRC_NAME | varchar2(255) | Event source name |
EVT_SRC_GRP_ID | varchar2(36) | Event source group identifier |
STATE_IND | number(1,0) | State indicator |
MAP_FILTER | clob | Map filter |
EVT_SRC_CONFIG | clob | Event source configuration |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
EVT_SRC_SMRY_1_RPT_V
View contains event source and destination summary information.
Column Name | Datatype | Comment |
---|---|---|
SOURCE_IP | number(38) | Source IP address |
SOURCE_EVENT_ASSET_ID | number(38) | Source event asset identifier |
SOURCE_PORT | varchar2(32) | Source port |
SOURCE_USER_ID | number(38) | Source user identifier |
TAXONOMY_ID | number(38) | Taxonomy identifier |
EVENT_NAME_ID | number(38) | Event name identifier |
RESOURCE_ID | number(38) | Resource identifier |
AGENT_ID | number(38) | Collector identifier |
PROTOCOL_ID | number(38) | Protocol identifier |
SEVERITY | number(38) | Event severity |
CUST_ID | number(38) | Customer identifier |
EVENT_TIME | date | Event time |
EVENT_COUNT | number(38) | Event count |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
SOURCE_HOST_NAME | varchar2(255) |
EVT_SRC_SRVR_RPT_V
View contains information about the Event Source Management configuration.
Column Name | Datatype | Comment |
---|---|---|
EVT_SRC_SRVR_ID | varchar2(36) | Event source server identifier |
EVT_SRC_SRVR_NAME | varchar2(255) | Event source server name |
EVT_SRC_MGR_ID | varchar2(36) | Event source manager identifier |
SENTINEL_PLUGIN_ID | varchar2(36) | Sentinel plug-in identifier |
STATE_IND | number(1,0) | State indicator |
EVT_SRC_SRVR_CONFIG | clob | Event source server configuration |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
EVT_TXNMY_RPT_V
View references EVT_TXNMY table that stores event taxonomy information.
Column Name | Datatype | Comment |
---|---|---|
TAXONOMY_ID | number(38) | Taxonomy identifier |
TAXONOMY_LEVEL_1 | varchar2(100) | Taxonomy level 1 |
TAXONOMY_LEVEL_2 | varchar2(100) | Taxonomy level 2 |
TAXONOMY_LEVEL_3 | varchar2(100) | Taxonomy level 3 |
TAXONOMY_LEVEL_4 | varchar2(100) | Taxonomy level 4 |
DEVICE_CATEGORY | varchar2(255) | |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_USR_RPT_V
View references EVT_USR table that stores event user information.
Column Name | Datatype | Comment |
---|---|---|
USER_ID | number(38) | User identifier |
USER_NAME | varchar2(255) | User name |
USER_DOMAIN | varchar2(255) | |
CUST_ID | number(38) | Customer identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
EVT_XDAS_TXNMY_RPT_V
Column Name | Datatype | Comment |
---|---|---|
EVENT_TAXONOMY | varchar2(255) | Event taxonomy name |
EVENT_OUTCOME | varchar2(255) | Event outcome name |
XDAS_REGISTRY | number(38,0) | XDAS registry |
XDAS_PROVIDER | number(38,0) | XDAS provider |
XDAS_CLASS | number(38,0) | XDAS class |
XDAS_IDENTIFIER | number(38,0) | XDAS identifier |
XDAS_OUTCOME | number(38,0) | XDAS outcome |
XDAS_DETAIL | number(38,0) | XDAS detail |
XDAS_TAXONOMY_ID | number(38,0) | XDAS taxonomy identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
EXTERNAL_DATA_RPT_V
View references EXTERNAL_DATA table that stores external data.
Column Name | Datatype | Comment |
---|---|---|
EXTERNAL_DATA_ID | number | External data identifier |
SOURCE_NAME | varchar2(50) | Source name |
SOURCE_DATA_ID | varchar2(255) | Source data identifier |
EXTERNAL_DATA | clob | External data |
EXTERNAL_DATA_TYPE | varchar2(10) | External data type |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
HIST_CORRELATED_EVENTS_RPT_V (legacy view)
This view is provided for backward compatibility. New report should use CORRELATED_EVENTS_RPT_V1 instead.
HIST_EVENTS_RPT_V (legacy view)
This view is provided for backward compatibility. Sentinel 6.0 reports should use EVENTS_RPT_V2 instead. Sentinel 6.1 reports should use EVENTS_RPT_V3 instead.
IMAGES_RPT_V
View references IMAGES table that stores system overview image information.
Column Name | Datatype | Comment |
---|---|---|
NAME | varchar2(128) | Image name |
TYPE | varchar2(64) | Image type |
DATA | clob | Image data |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
INCIDENTS_ASSETS_RPT_V
View references INCIDENTS_ASSETS table that stores information about the assets that makeup incidents created in the Sentinel Console.
Column Name | Datatype | Comment |
---|---|---|
INC_ID | number | Incident identifier – sequence number |
ASSET_ID | varchar2(36) | Asset Universal Unique Identifier (UUID) |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
INCIDENTS_EVENTS_RPT_V
View references INCIDENTS_EVENTS table that stores information about the events that makeup incidents created in the Sentinel Console.
Column Name | Datatype | Comment |
---|---|---|
INC_ID | number | Incident identifier – sequence number |
EVT_ID | varchar2(36) | Event Universal Unique Identifier (UUID) |
EVT_TIME | date | Event time |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
INCIDENTS_RPT_V
View references INCIDENTS table that stores information describing the details of incidents created in the Sentinel Console.
Column Name | Datatype | Comment |
---|---|---|
INC_ID | number | Incident identifier – sequence number |
NAME | varchar2(255) | Incident name |
SEVERITY | number | Incident severity |
STT_ID | number | Incident State ID |
SEVERITY_RATING | varchar2(32) | Average of all the event severities that comprise an incident. |
VULNERABILITY_RATING | varchar2(32) | Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
CRITICALITY_RATING | varchar2(32) | Reserved for future use by Novell. Use of this field for any other purpose might result in data being overwritten by future functionality. |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
INC_DESC | varchar2(4000) | Incident description |
INC_CAT | varchar2(255) | Incident category |
INC_PRIORITY | number | Incident priority |
INC_RES | varchar2(4000) | Incident resolution |
INCIDENTS_VULN_RPT_V
View references INCIDENTS_VULN table that stores information about the vulnerabilities that makeup incidents created in the Sentinel Console.
Column Name | Datatype | Comment |
---|---|---|
INC_ID | number | Incident identifier – sequence number |
VULN_ID | varchar2(36) | Vulnerability Universal Unique Identifier (UUID) |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
L_STAT_RPT_V
View references L_STAT table that stores statistical information.
Column Name | Datatype | Comment |
---|---|---|
RES_NAME | varchar2(32) | Resource name |
STATS_NAME | varchar2(32) | Statistic name |
STATS_VALUE | varchar2(32) | Value of the statistic |
OPEN_TOT_SECS | number(38) | Number of seconds since 1970. |
LOGS_RPT_V
View references LOGS_RPT table that stores logging information.
Column Name | Datatype | Comment |
---|---|---|
LOG_ID | number | Sequence number |
TIME | date | Date of Log |
MODULE | varchar2(64) | Module log is for |
TEXT | varchar2(4000) | Log text |
MSSP_ASSOCIATIONS_V
View references MSSP_ASSOCIATIONS table that associates an number key in one table to a UUID in another table.
Column Name | Datatype | Comment |
---|---|---|
TABLE1 | varchar2(64) | Table name 1 |
ID1 | number(38) | ID1 |
TABLE2 | varchar2(64) | Table name 2 |
ID2 | varchar2(36) | ID2 |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
NETWORK_IDENTITY_RPT_V
View references NETWORK_IDENTITY_LKUP table that stores asset network identity information.
Column Name | Datatype | Comment |
---|---|---|
NETWORK_IDENTITY_ID | number(38) | Network identity code |
NETWORK_IDENTITY_NAME | varchar2(255) | Network identify name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ORGANIZATION_RPT_V
View references ORGANIZATION table that stores organization (asset) information.
Column Name | Datatype | Comment |
---|---|---|
ORGANIZATION_ID | varchar2(36) | Organization identifier |
ORGANIZATION_NAME | varchar2(100) | Organization name |
CUST_ID | number(38) | Customer identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
PERSON_RPT_V
View references PERSION table that stores personal (asset) information.
Column Name | Datatype | Comment |
---|---|---|
PERSON_ID | varchar2(36) | Person identifier |
FIRST_NAME | varchar2(255) | First name |
LAST_NAME | varchar2(255) | Last name |
CUST_ID | number(38) | Customer identifier |
PHONE_NUMBER | varchar2(50) | Phone number |
EMAIL_ADDRESS | varchar2(255) | E-mail address |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
PHYSICAL_ASSET_RPT_V
View references PHYSICAL_ASSET table that stores physical asset information.
Column Name | Datatype | Comment |
---|---|---|
PHYSICAL_ASSET_ID | varchar2(36) | Physical asset identifier |
CUST_ID | number(38) | Customer identifier |
HOST_NAME | varchar2(255) | Host name |
IP_ADDRESS | number(38) | IP address |
LOCATION_ID | number(38) | Location identifier |
NETWORK_IDENTITY_ID | number(38) | Network identity code |
MAC_ADDRESS | varchar2(100) | MAC address |
RACK_NUMBER | varchar2(50) | Rack number |
ROOM_NAME | varchar2(100) | Room name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
PRODUCT_RPT_V
View references PRDT table that stores asset product information.
Column Name | Datatype | Comment |
---|---|---|
PRODUCT_ID | number(38) | Product identifier |
PRODUCT_NAME | varchar2(255) | Product name |
PRODUCT_VERSION | varchar2(100) | Product version |
VENDOR_ID | number(38) | Vendor identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
ROLE_RPT_V
View references ROLE_LKUP table that stores user role (asset) information.
Column Name | Datatype | Comment |
---|---|---|
ROLE_CODE | varchar2(5) | Role code |
ROLE_NAME | varchar2(255) | Role name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
RPT_LABELS_RPT_V
View contains report label translations.
Column Name | Datatype | Comment |
---|---|---|
RPT_NAME | varchar2(100) | Report name |
LABEL_1 - 35 | varchar2(2000) | Translated report labels |
SENSITIVITY_RPT_V
View references SENSITIVITY_LKUP table that stores asset sensitivity information.
Column Name | Datatype | Comment |
---|---|---|
SENSITIVITY_ID | number(38) | Asset sensitivity code |
SENSITIVITY_NAME | varchar2(50) | Asset sensitivity name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
SENTINEL_HOST_RPT_V
View contains data used internally by Sentinel.
Column Name | Datatype | Comment |
---|---|---|
SENTINEL_HOST_ID | varchar2(36) | Sentinel host identifier |
SENTINEL_ID | varchar2(36) | Sentinel identifier |
SENTINEL_HOST_NAME | varchar2(255) | Sentinel host name |
HOST_NAME | varchar2(255) | Host name |
IP_ADDR | varchar2(255) | Host IP address |
HOST_OS | varchar2(255) | Host operating system |
HOST_OS_VERSION | varchar2(255) | Host operating system version |
MODIFIED_BY | number(38,0) | User who last modified object |
CREATED_BY | number(38,0) | User who created object |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
SENTINEL_PLUGIN_RPT_V
View contains data used internally by Sentinel.
Column Name | Datatype | Comment |
---|---|---|
SENTINEL_HOST_ID | varchar2(36) | Sentinel host identifier |
SENTINEL_ID | varchar2(36) | Sentinel identifier |
SENTINEL_HOST_NAME | varchar2(255) | Sentinel host name |
HOST_NAME | varchar2(255) | Host name |
IP_ADDR | varchar2(255) | Host IP address |
HOST_OS | varchar2(255) | Host operating system |
HOST_OS_VERSION | varchar2(255) | Host operating system version |
MODIFIED_BY | number(38,0) | User who last modified object |
CREATED_BY | number(38,0) | User who created object |
DATE_CREATED | Date | Date the entry was created |
DATE_MODIFIED | Date | Date the entry was modified |
SENTINEL_RPT_V
View contains data used internally by Sentinel.
Column Name | Datatype | Comment |
---|---|---|
SENTINEL_ID | varchar2(36) | Sentinel identifier |
SENTINEL_NAME | varchar2(255) | Sentinel name |
ONLINE_IND | number(1,0) | Online indicator |
STATE_IND | number(1,0) | State indicator |
SENTINEL_CONFIG | clob | Sentinel configuration |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
STATES_RPT_V
View references STATES table that stores definitions of states defined by applications or context.
Column Name | Datatype | Comment |
---|---|---|
STT_ID | number(38) | State ID – sequence number |
CONTEXT | varchar2(64) | Context of the state. That is case, incident, user. |
NAME | varchar2(64) | Name of the state. |
TERMINAL_FLAG | varchar2(1) | Indicates if state of incident is resolved. |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
MODIFIED_BY | number | User who last modified object |
CREATED_BY | number | User who created object |
UNASSIGNED_INCIDENTS_RPT_V
View references CASES and INCIDENTS tables to report on unassigned cases.
Name | Datatype | Comment |
INC_ID | number | |
NAME | varchar2(255) | |
SEVERITY | number | |
STT_ID | number | |
SEVERITY_RATING | varchar2(32) | |
VULNERABILITY_RATING | varchar2(32) | |
CRITICALITY_RATING | varchar2(32) | |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
INC_DESC | varchar2(4000) | |
INC_CAT | varchar2(255) | |
INC_PRIORITY | number | |
INC_RES | varchar2(4000) |
USERS_RPT_V
View references USERS table that lists all users of the application. The users will also be created as database users to accommodate 3rd party reporting tools.
Column Name | Datatype | Comment |
---|---|---|
USR_ID | number | User identifier – Sequence number |
NAME | varchar2(64) | Short, unique user name used as a login |
CNT_ID | number | Contact ID – Sequence number |
STT_ID | number | State ID. Status is either active or inactive. |
DESCRIPTION | varchar2(512) | Comments |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
PERMISSIONS | varchar2(4000) | Permissions currently assigned to the Sentinel user |
FILTER | varchar2(128) | Current security filter assigned to the Sentinel user |
UPPER_NAME | varchar2(64) | User name in upper case |
DOMAIN_AUTH_IND | number (1) | Domain authentication indication |
USR_ACCOUNT_RPT_V
View contains user account information from an identity management system.
Column Name | Datatype | Comment |
---|---|---|
ACCOUNT_ID | number(38,0) | Account identifier |
USER_NAME | varchar2(255) | User name |
USER_DOMAIN | varchar2(255) | User domain |
CUST_ID | number(38,0) | Customer identifier |
BEGIN_EFFECTIVE_DATE | date | Begin effective date |
END_EFFECTIVE_DATE | date | End effective date |
CURRENT_F | number(1,0) | Current flag |
USER_STATUS | varchar2(50) | User status |
IDENTITY_GUID | varchar2(36) | Identity identifier |
SOURCE_USER_ID | varchar2(100) | User ID on source system |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
USR_IDENTITY_EXT_ATTR_RPT_V
View contains extended attributes information from an identity management system, including name value pairs in the ATTRIBUTE_NAME and ATTRIBUTE_VALUE columns.
Column Name | Datatype | Comment |
---|---|---|
IDENTITY_GUID | varchar2(36) | Identity identifier |
ATTRIBUTE_NAME | varchar2(255) | Attribute name |
ATTRIBUTE_VALUE | varchar2(1024) | Attribute value |
USR_IDENTITY_RPT_V
View contains user identity information from an identity management system.
Column Name | Datatype | Comment |
---|---|---|
IDENTITY_GUID | varchar2(36) | Identity identifier |
DN | varchar2(255) | Distinguished name |
CUST_ID | number(38,0) | Customer identifier |
SRC_IDENTITY_ID | varchar2(100) | Source identity identifier |
WFID | varchar2(100) | Workforce identifier |
FIRST_NAME | varchar2(255) | First name |
LAST_NAME | varchar2(255) | Last name |
FULL_NAME | varchar2(255) | Full name |
JOB_TITLE | varchar2(255) | Job title |
DEPARTMENT_NAME | varchar2(100) | Department name |
OFFICE_LOC_CD | varchar2(100) | Office location code |
PRIMARY_EMAIL | varchar2(255) | Primary e-mail address |
PRIMARY_PHONE | varchar2(100) | Primary phone number |
VAULT_NAME | varchar2(100) | Identity vault name |
MGR_GUID | varchar2(36) | Manager identity identifier |
PHOTO | clob | Photo |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
VENDOR_RPT_V
View references VNDR table that stores information about asset product vendors.
Column Name | Datatype | Comment |
---|---|---|
VENDOR_ID | number(38) | Vendor identifier |
VENDOR_NAME | varchar2(255) | Vendor name |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38) | User who created object |
MODIFIED_BY | number(38) | User who last modified object |
VULN_CALC_SEVERITY_RPT_V
View references VULN_RSRC and VULN to calculate eSecurity vulnerability severity rating base on current vulnerabilities.
Column Name | Datatype | Comment |
---|---|---|
RSRC_ID | varchar2(36) | Resource identifier |
IP | varchar2(32) | IP |
HOST_NAME | varchar2(255) | Host name |
CRITICALITY | number | Asset criticality code |
ASSIGNED_VULN_SEVERITY | number | |
VULN_COUNT | number | Vulnerability Count |
CALC_SEVERITY | number | Calculated severity |
VULN_CODE_RPT_V
View references VULN_CODE table that stores industry assigned vulnerability codes such as Mitre’s CVEs and CANs.
Column Name | Datatype | Comment |
---|---|---|
VULN_CODE_ID | varchar2(36) | Vulnerability code identifier |
VULN_ID | varchar2(36) | Vulnerability identifier |
VULN_CODE_TYPE | varchar2(64) | Vulnerability code type |
VULN_CODE_VALUE | varchar2(255) | Vulnerability code value |
URL | varchar2(512) | Web URL |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
VULN_INFO_RPT_V
View references VULN_INFO table that stores additional information reported during a scan.
Column Name | Datatype | Comment |
---|---|---|
VULN_INFO_ID | varchar2(36) | Vulnerability info identifier |
VULN_ID | varchar2(36) | Vulnerability identifier |
VULN_INFO_TYPE | varchar2(36) | Vulnerability info type |
VULN_INFO_VALUE | varchar2(2000) | Vulnerability info value |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
VULN_RPT_V
View references VULN table that stores information of scanned system. Each scanner will have its own entry for each system.
Column Name | Datatype | Comment |
---|---|---|
VULN_ID | varchar2(36) | Vulnerability identifier |
RSRC_ID | varchar2(36) | Resource identifier |
PORT_NAME | varchar2(64) | Port Name |
PORT_NUMBER | number | Port Number |
NETWORK_PROTOCOL | number | Network Protocol |
APPLICATION_PROTOCOL | varchar2(64) | Application Protocol |
ASSIGNED_VULN_SEVERITY | number | |
COMPUTED_VULN_SEVERITY | number | |
VULN_DESCRIPTION | clob | Vulnerability description |
VULN_SOLUTION | clob | Vulnerability solution |
VULN_SUMMARY | varchar2(1000) | Vulnerability summary |
BEGIN_EFFECTIVE_DATE | date | Date from which the entry is valid |
END_EFFECTIVE_DATE | date | Date until which the entry is valid |
DETECTED_OS | varchar2(64) | Operating system of scanned machine |
DETECTED_OS_VERSION | varchar2(64) | Operating system version of scanned machine |
SCANNED_APP | varchar2(64) | |
SCANNED_APP_VERSION | varchar2(64) | |
VULN_USER_NAME | varchar2(64) | Username used by scanner |
VULN_USER_DOMAIN | varchar2(64) | Domain of user used by scanned |
VULN_TAXONOMY | varchar2(1000) | |
SCANNER_CLASSIFICATION | varchar2(255) | |
VULN_NAME | varchar2(300) | |
VULN_MODULE | varchar2(64) | |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
VULN_RSRC_RPT_V
View references VULN_RSRC table that stores each resource scanned for a particular scan.
Column Name | Datatype | Comment |
---|---|---|
RSRC_ID | varchar2(36) | Resource identifier |
SCANNER_ID | varchar2(36) | Scanner identifier |
IP | varchar2(32) | IP Address |
HOST_NAME | varchar2(255) | Host name |
LOCATION | varchar2(128) | Location |
DEPARTMENT | varchar2(128) | Department |
BUSINESS_SYSTEM | varchar2(128) | Business System |
OPERATIONAL_ENVIRONMENT | varchar2(64) | Operational environment |
CRITICALITY | number | Criticality |
REGULATION | varchar2(128) | Regulation |
REGULATION_RATING | varchar2(64) | Regulation rating |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
VULN_RSRC_SCAN_RPT_V
View references VULN_RSRC_SCAN table that stores each resource scanned for a particular scan.
Column Name | Datatype | Comment |
---|---|---|
RSRC_ID | varchar2(36) | Resource identifier |
SCAN_ID | varchar2(36) | Vulnerability scan identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
VULN_SCAN_RPT_V
View references table that stores information pertaining to scans.
Column Name | Datatype | Comment |
---|---|---|
SCAN_ID | varchar2(36) | Vulnerability scan identifier |
SCANNER_ID | varchar2(36) | Vulnerability scanner identifier |
SCAN_TYPE | varchar2(10) | Vulnerability scan type |
SCAN_START_DATE | date | Scan start date |
SCAN_END_DATE | date | Scan start date |
CONSOLIDATION_SERVER | varchar2(64) | Consolidation server |
LOAD_STATUS | varchar2(64) | |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
VULN_SCAN_VULN_RPT_V
View references VULN_SCAN_VULN table that stores vulnerabilities detected during scans.
Column Name | Datatype | Comment |
---|---|---|
SCAN_ID | varchar2(36) | Vulnerability scan identifier |
VULN_ID | varchar2(36) | Vulnerability identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
VULN_SCANNER_RPT_V
View references VULN_SCANNER table that stores information about vulnerability scanners.
Column Name | Datatype | Comment |
---|---|---|
SCANNER_ID | varchar2(36) | Vulnerability scanner identifier |
PRODUCT_NAME | varchar2(100) | Product Name |
PRODUCT_VERSION | varchar2(64) | Product Version |
SCANNER_TYPE | varchar2(64) | Vulnerability Scanner Type |
VENDOR | varchar2(100) | Vendor |
SCANNER_INSTANCE | varchar2(64) | Scanner Instance |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number | User who created object |
MODIFIED_BY | number | User who last modified object |
WORKFLOW_DEF_RPT_V
Column Name | Datatype | Comment |
---|---|---|
PKG_NAME | varchar2(255) | Package name |
PKG_DATA | clob | Package data |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
WORKFLOW_INFO_RPT_V
Column Name | Datatype | Comment |
---|---|---|
INFO_ID | number(38,0) | Info identifier |
PROCESS_DEF_ID | varchar2(100) | Process definition identifier |
PROCESS_INSTANCE_ID | varchar2(150) | Process instance identifier |
DATE_CREATED | date | Date the entry was created |
DATE_MODIFIED | date | Date the entry was modified |
CREATED_BY | number(38,0) | User who created object |
MODIFIED_BY | number(38,0) | User who last modified object |
Deprecated Views
The following legacy views are no longer created in the Sentinel 6 database:
- ADV_ALERT_CVE_RPT_V
- ADV_ALERT_PRODUCT_RPT_V
- ADV_ALERT_RPT_V
- ADV_ATTACK_ALERT_RPT_V
- ADV_ATTACK_CVE_RPT_V
- ADV_CREDIBILITY_RPT_V
- ADV_SEVERITY_RPT_V
- ADV_SUBALERT_RPT_V
- ADV_URGENCY_RPT_V
PostgreSQL Views
Lucene Views
- Return to Develop to Sentinel.