Novell Doc: Sentinel 6.1 Reference Guide

8.1.1 ACTVY_PARM_RPT_V

Column Name	Datatype	Comment
ACTVY_PARM_ID	uniqueidentifier	Activity parameter identifier
ACTVY_ID	uniqueidentifier	Activity identifier
PARM_NAME	varchar/nvarchar(255)	Activity Parameter name
PARM_TYP_CD	varchar/nvarchar(1)	Activity parameter type code
DATA_TYP	varchar/nvarchar(50)	Activity parameter data type
DATA_SUBTYP	varchar/nvarchar(50)	Activity parameter data subtype
RQRD_F	Bit	Required flag
PARM_DESC	varchar/nvarchar(255)	Activity parameter description
PARM_VAL	varchar/nvarchar(1000)	Activity parameter value
FORMATTER	varchar/nvarchar(255)	Activity parameter formatter
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.2 ACTVY_REF_PARM_VAL_RPT_V

Column Name	Datatype	Comment
ACTVY_ID	uniqueidentifier	Activity identifier
SEQ_NUM	int	Sequence number
ACTVY_PARM_ID	uniqueidentifier	Activity parameter identifier
PARM_VAL	varchar/nvarchar(1000)	Activity parameter value
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.3 ACTVY_REF_RPT_V

Column Name	Datatype	Comment
ACTVY_ID	uniqueidentifier	Activity identifier
SEQ_NUM	int	Sequence number
REFD_ACTVY_ID	uniqueidentifier	Referenced activity identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.4 ACTVY_RPT_V

Column Name	Datatype	Comment
ACTVY_ID	uniqueidentifier	Activity identifier
ACTVY_NAME	varchar/nvarchar(255)	Activity name
ACTVY_TYP_CD	varchar/nvarchar(1)	Activity type code
ACCESS_LVL	varchar/nvarchar(50)	Access level
EXEC_LOC	varchar/nvarchar(50)	Execution location
ACTVY_DESC	varchar/nvarchar(255)	Activity description
PROCESSOR	varchar/nvarchar(255)	Processor
INPUT_FORMATTER	varchar/nvarchar(255)	Input formatter
OUTPUT_FORMATTER	varchar/nvarchar(255)	Output formatter
APP_NAME	varchar/nvarchar(25)	Application name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.5 ADV_NXS_FEED_V

This view contains information about the Advisor feed files that are processed on a regular schedule.

Column Name	Datatype	Comment
FILE_NAME	varchar (256)	The filename of the Advisor feed file.
HASH_VALUE	varchar (256)	The hash value of the Advisor feed file.
RECORDS_INSERTED	numeric	The number of records inserted into the database.
RECORDS_UPDATED	numeric	The number of records updated into the database.
PROCESSING_START_TIME	datetime	Time stamp indicating when the processing of the feed files started.
PROCESSING_END_TIME	datetime	Time stamp indicating when the processing of the feed files ended.
GENERATION	datetime	Time stamp indicating when the feed file was generated.
DATE_CREATED	datetime	Time stamp indicating when the feed file information was entered in the Sentinel database.
DATE_MODIFIED	datetime	Time stamp indicating when the feed file information was modified in the Sentinel database.
CREATED_BY	int	ID of the user who entered the feed file information in the Sentinel database.
MODIFIED_BY	int	ID of the user who modified the feed file information in the Sentinel database.

8.1.6 ADV_NXS_PRODUCTS_V

This view contains information about all the products that are supported by Novell® for Advisor, which include the Intrusion Detection System (IDS), Vulnerablility Scanners, and Knowledge Base (OSVDB, CVE, and Bugtraq).

Column Name	Datatype	Comment
PRODUCT_ID	numeric	The unique ID of the product.
PRODUCT_NAME	varchar (256)	Name of the product. For example, Cisco Secure IDS, Enterasys Dragon Network Sensor, or McAfee IntruShield.
INTERNAL_NAME	varchar (256)	Short name of the product that is used in generating the exploitdetection.csv file. This name is used by Collectors for exploit detection. For example, if the product name is Cisco Secure IDS, the internal name is Secure.
IS_ATTACK	bit	This value is 1 if the product is IDS. Otherwise, this value is 0.
IS_VULN	bit	This value is 1 if the product is Vulnerability Scanner. Otherwise, this value is 0.
IS_KB	bit	This value is 1 if the product is Knowledge Base. Otherwise, this value is 0.
IS_ACTIVE	bit	This value is 1 if the product is selected for exploit detection in the Advisor window of Sentinel Control Center. If the value is 0, attacks from this product are not populated in the exploitdetection.csv file.
IS_POPULATE_ATTACK_NAME	bit	This value is 1 by default. If the value is 0, the attack name is not populated in the exploitDetection.csv file.
IS_POPULATE_ATTACK_CODE	bit	This value is 1 by default. If the value is 0, the attack code is not populated in the exploitDetection.csv file.
DATE_CREATED	datetime	Time stamp indicating when the product information was entered in the Sentinel database.
DATE_MODIFIED	datetime	Time stamp indicating when the product information was modified in the Sentinel database.
CREATED_BY	int	ID of the user who entered the product information in the Sentinel database.
MODIFIED_BY	int	ID of the user who modified the product information in the Sentinel database.

8.1.7 ADV_NXS_SIGNATURES_V

This view contains the information about the list of signatures for each product that is supported by Novell for Advisor.

Column Name	Datatype	Comment
PRODUCT_ID	numeric	The unique ID of the product.
SIGNATURE_ID	varchar (256)	The unique ID of the signature.
SIGNATURE_NAME	varchar (256)	Name of the signature.
PUBLISHED	datetime	Time stamp indicating when the signature was published for the product by the vendor.
INSERTED	datetime	Time stamp indicating when the signature information was entered in the vendor database.
UPDATED	datetime	Time stamp indicating when the signature information was updated in the vendor database.
DATE_CREATED	datetime	Time stamp indicating when the signature information was entered in the Sentinel database.
DATE_MODIFIED	datetime	Time stamp indicating when the signature information was modified in the Sentinel database.
CREATED_BY	int	ID of the user who entered the signature information in the Sentinel database.
MODIFIED_BY	int	ID of the user who modified the signature information in the Sentinel database.

8.1.8 ADV_NXS_MAPPINGS_V

This view contains the mapping information for the products supported by Novell for Advisor. It provides information about the type of mapping between each product including the IDS product signatures, Vulnerability product signatures, and Knowledge Base product signatures.

Column Name	Datatype	Comment
SOURCE_PRODUCT_ID	numeric	The unique ID of the source product.
SOURCE_SIGNATURE_ID	varchar (256)	The unique ID of the source signature.
TARGET_PRODUCT_ID	numeric	The unique ID of the target product.
TARGET_SIGNATURE_ID	varchar (256)	The unique ID of the target signature.
MAPPING_DIRECT	bit	This value is 1 if the mapping is direct.
MAPPING_INDIRECT	bit	This value is 1 if the mapping is indirect.
MAPPING_NGRAM	bit	This value is 1 if the mapping is n-gram.
INSERTED	datetime	Time stamp indicating when the mapping information was entered in the vendor database.
UPADATED	datetime	Time stamp indicating when the mapping was updated in the vendor database.
IS_DELETED	bit	This value is 1 if the mapping is marked as invalid.
DELETED	datetime	Time stamp indicating when the mapping was marked as invalid.
DATE_CREATED	datetime	Time stamp indicating when the mapping information was entered in the Sentinel database.
DATE_MODIFIED	datetime	Time stamp indicating when the mapping information was modified in the Sentinel database.
CREATED_BY	int	ID of the user who entered the mapping information in the Sentinel database.
MODIFIED_BY	int	ID of the user who modified the mapping information in the Sentinel database.

8.1.9 ADV_OSVDB_DETAILS_V

This view contains information about the known vulnerablities from the OSVDB for the products supported by Novell for Advisor. It also stores the classifications to which the vulnerability applies.

Column Name	Datatype	Comment
OSVDB_ID	int	The unique ID of the vulnerability in the OSVDB.
OSVDB_TITLE	varchar (256)	The normalized name of the vulnerability.
DESCRIPTION	text	A brief description of the vulnerability.
URGENCY	int	Indicates the urgency of the vulnerability. The rating is 1- 10. The higher the number, the more urgent the vulnerability.
SEVERITY	int	Indicates the severity of the vulnerability. The rating is 1- 10. The higher the number, the more urgent the vulnerability.
ATTACK_TYPE_AUTH_MANAGE	bit	This value is 1 if the attack type is authentication management. For example, brute force attack, default password, and cookie poisoning.
ATTACK_TYPE_CRYPT	bit	This value is 1 if the attack type is cryptographic. For example, weak encryption (implementation or algorithm), no encryption (plaintext), and sniffing.
ATTACK_TYPE_DOS	bit	This value is 1 if the attack type is denial of service. For example, saturation flood, crash, lock up, and forced reboot.
ATTACK_TYPE_HIJACK	bit	This value is 1 if the attack type is hijack. For example, man-in-the-middle attacks, IP spoofing, session timeout or take-over, and session replay.
ATTACK_TYPE_INFO_DISCLOSE	bit	This value is 1 if the attack type is information disclosure. For example, comments, passwords, fingerprinting, and system information.
ATTACK_TYPE_INFRASTRUCT	bit	This value is 1 if the attack type is infrastructure. For example, DNS poisoning and route manipulation.
ATTACK_TYPE_INPUT_MANIP	bit	This value is 1 if the attack type is input manipulation. For example, XSS, SQL injection, file retrieval, directory traversal, overflows, and URL encoding.
ATTACK_TYPE_MISS_CONFIG	bit	This value is 1 if the attack type is misconfiguration. For example, default files, debugging enabled, and directory indexing.
ATTACK_TYPE_RACE	bit	This value is 1 if the attack type is race condition. For example, symlink.
ATTACK_TYPE_OTHER	bit	This value is 1 if the attack type does not fall under any of the above attack types.
ATTACK_TYPE_UNKNOWN	bit	This value is 1 if the attack type is unknown.
IMPACT_CONFIDENTIAL	bit	This value is 1 if the impact of the attack(s) is loss of confidential information. For example, passwords, server information, environment variables, confirmation of file existence, path disclosure, file content access, and SQL injection.
IMPACT_INTEGRITY	bit	This value is 1 if the impact of the attack(s) is loss of integrity, which results in data modifications by unauthorized persons. For example, unauthorized file modification, deletion, or creation, remote file inclusion, and arbitrary command execution.
IMPACT_AVAILABLE	bit	This value is 1 if the impact of the attack is loss of availability of a service or information.
IMPACT_UNKNOWN	bit	TrThis value is 1 if the impact of the attack is unknown.
EXPLOIT_AVAILABLE	bit	This value is 1 if an exploit is available for the vulnerability.
EXPLOIT_UNAVAILABLE	bit	This value is 1 if an exploit is not available for the vulnerability.
EXPLOIT_RUMORED	bit	This value is 1 if an exploit is rumored to exist for the vulnerability.
EXPLOIT_UNKNOWN	bit	This value is 1 if an exploit is unknown for the vulnerability.
VULN_VERIFIED	bit	This value is 1 if the existence of the vulnerability has been verified.
VULN_MYTH_FAKE	bit	This value is 1 if the vulnerability is a myth or a false alarm.
VULN_BEST_PRAC	bit	This value is 1 if the vulnerability is a result of not following the best practices in the configuration or usage of the vulnerable system or software.
VULN_CONCERN	bit	This value is 1 if the vulnerability requires additional concern for remediation.
VULN_WEB_CHECK	bit	This value is 1 if the vulnerability is a common problem in Web servers or Web applications.
ATTACK_SCENARIO	text	Description of how a vulnerability can be exploited.
SOLUTION_DESCRIPTION	text	Description of the solution that is used to fix the vulnerability.
FULL_DESCRIPTION	text	The complete description of the vulnerability.
LOCATION_PHYSICAL	bit	This value is 1 if the vulnerability can be exploited with only physical system access.
LOCATION_LOCAL	bit	This value is 1 if the vulnerability can be exploited on a local system.
LOCATION_REMOTE	bit	This value is 1 if the vulnerabilitycan be exploited on a remote system.
LOCATION_DIALUP	bit	This value is 1 if the vulnerability can be exploited using a dial-up connection.
LOCATION_UNKNOWN	bit	This value is 1 if the vulnerability is exploited in an unknown location.
PUBLISHED	datetime	Time stamp indicating when the vulnerability was published in the OSVDB.
INSERTED	datetime	Time stamp indicating when the vulnerability was inserted in the vendor database.
UPDATED	datetime	Time stamp indicating when the vulnerability was updated in the vendor database.
DATE_CREATED	datetime	Time stamp indicating when the vulnerability information was entered in the Sentinel database.
DATE_MODIFIED	datetime	Time stamp indicating when the vulnerability information was modified in the Sentinel database.
CREATED_BY	int	The ID of the user who entered the vulnerability information in the Sentinel database.
MODIFIED_BY	int	The ID of the user who modified the vulnerability information in the Sentinel database.

8.1.10 ADV_NXS_KB_PATCH_V

This view contains information about the patches that are required to remove the vulnerabilities.

Column Name	Datatype	Comment
ID	int	The unique ID for the row.
OSVDB_ID	int	The ID of the vulnerability in the OSVDB.
TYPE_NAME	varchar (128)	The type of the patch used to remove the vulnerability.
TYPE_ID	int	The unique ID of the patch.
REF_VALUE	text	The URL that has the patch information.
DATE_CREATED	datetime	Time stamp indicating when the patch information was entered in the Sentinel database.
DATE_MODIFIED	datetime	Time stamp indicating when the patch information was modified in the Sentinel database.
CREATED_BY	int	The ID of the user who entered the patch information in the Sentinel database.
MODIFIED_BY	int	The ID of the user who modified the patch information in the Sentinel database.

8.1.11 ADV_NXS_KB_PRODUCTSREF_V

This view contains the information about the products that are affected by the vulnerability.

Column Name	Datatype	Comment
ID	int	The unique ID for the row.
OSVDB_ID	int	The ID of the vulnerability in the OSVDB.
VENDOR_NAME	varchar (128)	Name of the vendor of the product that is affected by the vulnerability.
VERSION_NAME	varchar (128)	Version of the product that is affected by the vulnerability.
BASE_NAME	varchar (128)	Name of the product that is affected by the vulnerability.
TYPE_NAME	varchar (128)	Indicates whether the product is affected by the vulnerability or not.
DATE_CREATED	datetime	Time stamp indicating when the product information was entered in the Sentinel database.
DATE_MODIFIED	datetime	Time stamp indicating when the product information was modified in the Sentinel database.
CREATED_BY	int	The ID of the user who entered the product information in the Sentinel database.
MODIFIED_BY	int	The ID of the user who modified the product information in the Sentinel database.

8.1.12 ANNOTATIONS_RPT_V

View references ANNOTATIONS table that stores documentation or notes that can be associated with objects in the Sentinel system such as cases and incidents.

Column Name	Datatype	Comment
ANN_ID	int	Annotation identifier - sequence number.
TEXT	varchar/nvarchar(4000)	Documentation or notes.
ACTION	varchar/nvarchar(255)	Action
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
MODIFIED_BY	int	User who last modified object
CREATED_BY	int	User who created object

8.1.13 ASSET_CATEGORY_RPT_V

View references ASSET_CTGRY table that stores information about asset categories.

Column Name	Datatype	Comment
ASSET_CATEGORY_ID	bigint	Asset category identifier
ASSET_CATEGORY_NAME	varchar/nvarchar2(100)	Asset category name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	integer	User who created object
MODIFIED_BY	integer	User who last modified object

8.1.14 ASSET_HOSTNAME_RPT_V

View references ASSET_HOSTNAME table that stores information about alternate host names for assets.

Column Name	Datatype	Comment
ASSET_HOSTNAME_ID	uniqueidentifier	Asset alternate hostname identifier
PHYSICAL_ASSET_ID	uniqueidentifier	Physical asset identifier
HOST_NAME	varchar/nvarchar(255)	Host name
CUST_ID	bigint	Customer identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.15 ASSET_IP_RPT_V

View references ASSET_IP table that stores information about alternate IP addresses for assets.

Column Name	Datatype	Comment
ASSET_IP_ID	uniqueidentifier	Asset alternate IP identifier
PHYSICAL_ASSET_ID	uniqueidentifier	Physical asset identifier
IP_ADDRESS	int	Asset IP address
CUST_ID	bigint	Customer identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.16 ASSET_LOCATION_RPT_V

View references ASSET_LOC table that stores information about asset locations.

Column Name	Datatype	Comment
LOCATION_ID	bigint	Location identifier
CUST_ID	bigint	Customer identifier
BUILDING_NAME	varchar/nvarchar(255)	Building name
ADDRESS_LINE_1	varchar/nvarchar(255)	Address line 1
ADDRESS_LINE_2	varchar/nvarchar(255)	Address line 2
CITY	varchar/nvarchar(100)	City
STATE	varchar/nvarchar(100)	State
COUNTRY	varchar/nvarchar(100)	Country
ZIP_CODE	varchar/nvarchar(50)	Zip code
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.17 ASSET_RPT_V

View references ASSET table that stores information about the physical and soft assets.

Column Name	Datatype	Comment
ASSET_ID	uniqueidentifier	Asset identifier
CUST_ID	bigint	Customer identifier
ASSET_NAME	varchar/nvarchar(255)	Asset name
PHYSICAL_ASSET_ID	uniqueidentifier	Physical asset identifier
PRODUCT_ID	bigint	Product identifier
ASSET_CATEGORY_ID	bigint	Asset category identifier
ENVIRONMENT_IDENTITY_CD	bigint	Environment identify code
PHYSICAL_ASSET_IND	bit	Physical asset indicator
ASSET_VALUE_CODE	bigint	Asset value code
CRITICALITY_ID	bigint	Asset criticality code
SENSITIVITY_ID	bigint	Asset sensitivity code
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.18 ASSET_VALUE_RPT_V

View references ASSET_VAL_LKUP table that stores information about the asset value.

Column Name	Datatype	Comment
ASSET_VALUE_ID	bigint	Asset value code
ASSET_VALUE_NAME	varchar/nvarchar(50)	Asset value name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.19 ASSET_X_ENTITY_X_ROLE_RPT_V

View references ASSET_X_ENTITY_X_ROLE table that associates a person or an organization to an asset.

Column Name	Datatype	Comment
PERSON_ID	uniqueidentifier	Person identifier
ORGANIZATION_ID	uniqueidentifier	Organization identifier
ROLE_CODE	varchar/nvarchar(5)	Role code
ASSET_ID	uniqueidentifier	Asset identifier
ENTITY_TYPE_CODE	varchar/nvarchar(5)	Entity type code
PERSON_ROLE_SEQUENCE	int	Order of persons under a particular role
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.20 ASSOCIATIONS_RPT_V

View references ASSOCIATIONS table that associates users to incidents, incidents to annotations and so on.

Column Name	Datatype	Comment
TABLE1	varchar/nvarchar(64)	Table name 1. For example, incidents
ID1	int	ID1. For example, incident ID.
TABLE2	varchar/nvarchar(64)	Table name 2. For example, users.
ID2	int	ID2. For example, user ID.
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.21 ATTACHMENTS_RPT_V

View references ATTACHMENTS table that stores attachment data.

Column Name	Datatype	Comment
ATTACHMENT_ID	int	Attachment identifier
NAME	varchar/nvarchar(255)	Attachment name
SOURCE_REFERENCE	varchar/nvarchar(64)	Source reference
TYPE	varchar/nvarchar(32)	Attachment type
SUB_TYPE	varchar/nvarchar(32)	Attachment subtype
FILE_EXTENSION	varchar/nvarchar(32)	File extension
ATTACHMENT_DESCRIPTION	varchar/nvarchar(255)	Attachment description
DATA	ntext	Attachment data
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.22 AUDIT_RECORD_RPT_V

View reference AUDIT_RECORD table that stores Sentinel internal audit data.

Column Name	Datatype	Comment
AUDIT_ID	uniqueidentifier	Audit record identifier
AUDIT_TYPE	varchar/nvarchar(255)	Audit type
SRC	varchar/nvarchar(255)	Audit source
SENDER_HOSTNAME	varchar/nvarchar(255)	Sender hostname
SENDER_HOST_IP	varchar/nvarchar(255)	Sender host IP
SENDER_CONTAINER	varchar/nvarchar(255)	Sender container name
SENDER_ID	varchar/nvarchar(255)	Sender Identifier
CLIENT	varchar/nvarchar(255)	Client application that requested audit
EVT_NAME	varchar/nvarchar(255)	Event name
RES	varchar/nvarchar(255)	Event resource
SRES	varchar/nvarchar(255)	Event sub-resource
MSG	varchar/nvarchar(500)	A descriptive string which describes the event and some event details of what occurred
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified

8.1.23 CONFIGS_RPT_V

View references CONFIGS table that stores general configuration information of the application.

Column Name	Datatype	Comment
USR_ID	varchar/nvarchar(32)	User name.
APPLICATION	varchar/nvarchar(255)	Application identifier
UNIT	varchar/nvarchar(64)	Application unit
VALUE	varchar/nvarchar(255)	Text value if any
DATA	ntext	XML data
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.24 CONTACTS_RPT_V

View references CONTACTS table that stores contact information.

Column Name	Datatype	Comment
CNT_ID	int	Contact ID - Sequence number
FIRST_NAME	varchar/nvarchar(20)	Contact first name.
LAST_NAME	varchar/nvarchar(30)	Contact last name.
TITLE	varchar/nvarchar(128)	Contact title
DEPARTMENT	varchar/nvarchar(128)	Department
PHONE	varchar/nvarchar(64)	Contact phone
EMAIL	varchar/nvarchar(255)	Contact e-mail
PAGER	varchar/nvarchar(64)	Contact pager
CELL	varchar/nvarchar(64)	Contact cell phone
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.25 CORRELATED_EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New reports should use CORRELATED_EVENTS_RPT_V1 because this view does not include archived correlated events that have been imported back into the database.

8.1.26 CORRELATED_EVENTS_RPT_V1

View contains current and historical correlated events (correlated events imported from archives).

Column Name	Datatype	Comment
PARENT_EVT_ID	uniqueidentifier	Event Universal Unique Identifier (UUID) of parent event
CHILD_EVT_ID	uniqueidentifier	Event Universal Unique Identifier (UUID) of child event
PARENT_EVT_TIME	datetime	Parent event time
CHILD_EVT_TIME	datetime	Child event time
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.27 CRITICALITY_RPT_V

View references CRIT_LKUP table that contains information about asset criticality.

Column Name	Datatype	Comment
CRITICALITY_ID	bigint	Asset criticality code
CRITICALITY_NAME	varchar/nvarchar(50)	Asset criticality name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.28 CUST_HIERARCHY_V

View references CUST_HIERARCHY table that stores information about MSSP customer hierarchy.

Column Name	Datatype	Comment
CUST_HIERARCHY_ID	bigint	Customer hierarchy ID
CUST_NAME	varchar/nvarchar (255)	The name of the customer from which this data was captured. This can be used to generically classify data gathered from different domains to ensure that segregation of the data is maintained and IP/name spaces do not conflict
CUST_HIERARCHY_LVL1	varchar/nvarchar (255)	Customer hierarchy level 1
CUST_HIERARCHY_LVL2	varchar/nvarchar (255)	Customer hierarchy level 2
CUST_HIERARCHY_LVL3	varchar/nvarchar (255)	Customer hierarchy level 3
CUST_HIERARCHY_LVL4	varchar/nvarchar (255)	Customer hierarchy level 4
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.29 CUST_RPT_V

View references CUST table that stores customer information for MSSPs.

Column Name	Datatype	Comment
CUST_ID	bigint	Customer identifier
CUSTOMER_NAME	varchar/nvarchar(255)	Customer name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.30 ENTITY_TYPE_RPT_V

View references ENTITY_TYP table that stores information about entity types (person, organization).

Column Name	Datatype	Comment
ENTITY_TYPE_CODE	varchar/nvarchar(5)	Entity type code
ENTITY_TYPE_NAME	varchar/nvarchar(50)	Entity type name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.31 ENV_IDENTITY_RPT_V

View references ENV_IDENTITY_LKUP table that stores information about asset environment identity.

Column Name	Datatype	Comment
ENVIRONMENT_IDENTITY_ID	bigint	Environment identity code
ENV_IDENTITY_NAME	varchar/nvarchar(255)	Environment identity name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.32 ESEC_CONTENT_GRP_CONTENT_RPT_V

Column Name	Datatype	Comment
CONTENT_GRP_ID	uniqueidentifier	Content group identifier
CONTENT_ID	varchar/nvarchar(255)	Content identifier
CONTENT_TYP	varchar/nvarchar(100)	Content type
CONTENT_HASH	varchar/nvarchar(255)	Content hash
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.33 ESEC_CONTENT_GRP_RPT_V

Column Name	Datatype	Comment
CONTENT_GRP_ID	uniqueidentifier	Content group identifier
CONTENT_GRP_NAME	varchar/nvarchar(255)	Content group name
CONTENT_GRP_DESC	text	Content group description
CTRL_ID	uniqueidentifier	Control identifier
CONTENT_EXTERNAL_ID	varchar/nvarchar(255)	Content external identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.34 ESEC_CONTENT_PACK_RPT_V

Column Name	Datatype	Comment
CONTENT_PACK_ID	uniqueidentifier	Content pack identifier
CONTENT_PACK_DESC	text	Content pack description
CONTENT_PACK_NAME	varchar/nvarchar(255)	Content pack name
CONTENT_EXTERNAL_ID	varchar/nvarchar(255)	Content external identifier
DATE_MODIFIED	datetime	Date the entry was modified
DATE_CREATED	datetime	Date the entry was created
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.35 ESEC_CONTENT_RPT_V

Column Name	Datatype	Comment
CONTENT_ID	varchar/nvarchar(255)	Content identifier
CONTENT_NAME	varchar/nvarchar(255)	Content name
CONTENT_DESC	text	Content description
CONTENT_STATE	int	Content state
CONTENT_TYP	varchar/nvarchar(100)	Content type
CONTENT_CONTEXT	text	Content context
CONTENT_HASH	varchar/nvarchar(255)	Content hash
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
MODIFIED_BY	int	User who last modified object
CREATED_BY	int	User who created object

8.1.36 ESEC_CTRL_CTGRY_RPT_V

Column Name	Datatype	Comment
CTRL_CTGRY_ID	uniqueidentifier	Control category identifier
CTRL_CTGRY_DESC	text	Control category description
CTRL_CTGRY_NAME	varchar/nvarchar(255)	Control category name
CONTENT_PACK_ID	uniqueidentifier	Content pack identifier
CONTENT_EXTERNAL_ID	varchar/nvarchar(255)	Content external identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.37 ESEC_CTRL_RPT_V

Column Name	Datatype	Comment
CTRL_ID	uniqueidentifier	Control identifier
CTRL_NAME	varchar/nvarchar(255)	Control name
CTRL_DESC	text	Control description
CTRL_STATE	int	Control state
CTRL_NOTES	text	Control notes
CTRL_CTGRY_ID	uniqueidentifier	Control category identifier
CONTENT_EXTERNAL_ID	varchar/nvarchar(255)	Content external identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.38 ESEC_DISPLAY_RPT_V

View references ESEC_DISPLAY table that stores displayable properties of objects. Currently used in renaming meta-tags. Used with Event Configuration (Business Relevance).

Column Name	Datatype	Comment
DISPLAY_OBJECT	varchar/nvarchar(32)	The parent object of the property
TAG	varchar/nvarchar(32)	The native tag name of the property
LABEL	varchar/nvarchar(32)	The display string of tag.
POSITION	int	Position of tag within display.
WIDTH	int	The column width
ALIGNMENT	int	The horizontal alignment
FORMAT	int	The enumerated formatter for displaying the property
ENABLED	bit	Indicates if the tag is shown.
TYPE	int	Indicates datatype of tag. 1 = string 2 = ulong 3 = date 4 = uuid 5 = ipv4
DESCRIPTION	varchar/nvarchar(255)	Textual description of the tag
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
REF_CONFIG	varchar/nvarchar(4000)	Referential data configuration

8.1.39 ESEC_PORT_REFERENCE_RPT_V

View references ESEC_PORT_REFERENCE table that stores industry standard assigned port numbers.

Column Name	Datatype	Comment
PORT_NUMBER	int	Per http://www.iana.org/assignments/port-numbers, the numerical representation of the port. This port number is typically associated with the Transport Protocol level in the TCP/IP stack.
PROTOCOL_NUMBER	int	Per http://www.iana.org/assignments/protocol-numbers, the numerical identifiers used to represent protocols that are encapsulated in an IP packet.
PORT_KEYWORD	varchar/nvarchar(64)	Per http://www.iana.org/assignments/port-numbers, the keyword representation of the port.
PORT_DESCRIPTION	varchar/nvarchar(512)	Port description.
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.40 ESEC_PROTOCOL_REFERENCE_RPT_V

View references ESEC_PROTOCOL_REFERENCE table that stores industry standard assigned protocol numbers.

Column Name	Datatype	Comment
PROTOCOL_NUMBER	int	Per http://www.iana.org/assignments/protocol-numbers, the numerical identifiers used to represent protocols that are encapsulated in an IP packet.
PROTOCOL_KEYWORD	varchar/nvarchar(64)	Per http://www.iana.org/assignments/protocol-numbers, the keyword used to represent protocols that are encapsulated in an IP packet.
PROTOCOL_DESCRIPTION	varchar/nvarchar(512)	IP packet protocol description.
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.41 ESEC_SEQUENCE_RPT_V

View references ESEC_SEQUENCE table that’s used to generate primary key sequence numbers for Sentinel tables.

Column Name	Datatype	Comment
TABLE_NAME	varchar/nvarchar(32)	Name of the table.
COLUMN_NAME	varchar/nvarchar(255)	Name of the column
SEED	int	Current value of primary key field.
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.42 ESEC_UUID_UUID_ASSOC_RPT_V

Column Name	Datatype	Comment
OBJECT1	varchar/nvarchar(64)	Object 1
ID1	uniqueidentifier	UUID for object 1
OBJECT2	varchar/nvarchar(64)	Object 2
ID2	uniqueidentifier	UUID for object 2
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.43 EVENTS_ALL_RPT_V (legacy view)

This view is provided for backward compatibility. View contains current and historical events (events imported from archives).

8.1.44 EVENTS_ALL_RPT_V1 (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current events.

8.1.45 EVENTS_ALL_V (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2.

8.1.46 EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current and historical events.

8.1.47 EVENTS_RPT_V1 (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. View contains current events.

8.1.48 EVENTS_RPT_V2

This is the primary reporting view. View contains current event and historical events.

Column Name	Datatype	Comment
EVENT_ID	uniqueidentifier	An internal UUID generated to identify the specific event on this system
RESOURCE_NAME	varchar/nvarchar(255)	Resource name
SUB_RESOURCE	varchar/nvarchar(255)	Subresource name
SEVERITY	int	The normalized Sentinel event severity (0-5)
EVENT_PARSE_TIME	datetime	The absolute time, according to Sentinel, that this event occurred
EVENT_DATETIME	datetime	Event time
EVENT_DEVICE_TIME	datetime	A timestamp representation of the time the event occurred, according to the event source
SENTINEL_PROCESS_TIME	datetime	The time at which Sentinel processed the event
BEGIN_TIME	datetime	The time the event began to occur, if the event represents a lengthy transaction
END_TIME	datetime	The time the event completed, if the event represents a lengthy transaction
REPEAT_COUNT	int	The number of times the identical event occurred
DESTINATION_PORT_Int	int	Destination port (integer)
SOURCE_PORT_Int	int	Source port (integer)
BASE_MESSAGE	varchar/nvarchar(4000)	A descriptive string which describes the event and some event details of what occurred
EVENT_NAME	varchar/nvarchar(255)	A short, abstract description of the event, such as "User Logged In"
EVENT_TIME	varchar/nvarchar(255)	A string representation of the time, according to the event source, that the event occurred
AGENT_ID	bigint	Collector identifier
SOURCE_IP	int	Source IP address in numeric format
SOURCE_IP_DOTTED	varchar/nvarchar (16)	Source IP in dotted format
SOURCE_HOST_NAME	varchar/nvarchar(255)	Source host name
SOURCE_PORT	varchar/nvarchar(32)	Source port
DESTINATION_IP	int	Destination IP address in numeric format
DESTINATION_IP_DOTTED	varchar/nvarchar (16)	Destination IP in dotted format
DESTINATION_HOST_NAME	varchar/nvarchar(255)	Destination host name
DESTINATION_PORT	varchar/nvarchar(32)	Destination port
SOURCE_USER_NAME	varchar/nvarchar(255)	Source user name
DESTINATION_USER_NAME	varchar/nvarchar(255)	Destination user name
FILE_NAME	varchar/nvarchar(1000)	The name of the data object (file, database table, directory object, etc) that was affected by this event.
EXTENDED_INFO	varchar/nvarchar(1000)	A name-value pair field that holds extra information about the event, which does not fit into the existing event schema
CUSTOM_TAG_1	varchar/nvarchar(255)	Customer Tag 1
CUSTOM_TAG 2	varchar/nvarchar(255)	Customer Tag 2
CUSTOM_TAG 3	int	Customer Tag 3
RESERVED_TAG_1	varchar/nvarchar(255)	Reserved Tag 1 Reserved for future use by Sentinel. This field is used for Advisor information concerning attack descriptions.
RESERVED_TAG_2	varchar/nvarchar(255)	Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RESERVED_TAG_3	int	Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
Vulnerability_Rating	int	Vulnerability rating
Criticality_Rating	int	Criticality rating
RV01 - 10	int	Reserved Value 1 - 10 Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV11 - 20	DATETIME	Reserved Value 1 - 31 Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV21 - 25	uniqueidentifier	Reserved Value 21 - 25 Reserved for future use by Sentinel to store UUIDs. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV26 - 31	varchar/nvarchar(255)	Reserved Value 26 - 31 Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV33	varchar/nvarchar(255)	Reserved Value 33 Reserved for EventContex Use of this field for any other purpose might result in data being overwritten by future functionality.
RV34	varchar/nvarchar(255)	Reserved Value 34 Reserved for SourceThreatLevel Use of this field for any other purpose might result in data being overwritten by future functionality.
RV35	varchar/nvarchar(255)	Reserved Value 35 Reserved for SourceUserContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV36	varchar/nvarchar(255)	Reserved Value 36 Reserved for DataContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV37	varchar/nvarchar(255)	Reserved Value 37 Reserved for SourceFunction. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV38	varchar/nvarchar(255)	Reserved Value 38 Reserved for SourceOperationalContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV39	varchar/nvarchar(255)
RV40 - 43	varchar/nvarchar(255)	Reserved Value 40 - 43 The ID or code used by the vendor to reference that specific event type. Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV44	varchar/nvarchar(255)	Reserved Value 44 Reserved for DestinationThreatLevel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV45	varchar/nvarchar(255)	Reserved Value 45 Reserved for DestinationUserContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV46	varchar/nvarchar(255)	Reserved Value 46 Reserved for VirusStatus. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV47	varchar/nvarchar(255)	Reserved Value 47 Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV48	varchar/nvarchar(255)	Reserved Value 48 Reserved for DestinationOperationalContext. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV49	varchar/nvarchar(255)	Reserved Value 49 Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
RV50-53	varchar/nvarchar(255)
REFERENCE_ID 01 - 20	bigint	Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
CV01 - 10	int	Custom Value 1 - 10 Reserved for use by Customer, typically for association of Business relevant data
CV11 - 20	datetime	Custom Value 11 - 20 Reserved for use by Customer, typically for association of Business relevant data
CV21 - 100	varchar/nvarchar(255)	Custom Value 21 – 100 Reserved for use by Customer, typically for association of Business relevant data
CV30 - 34	varchar/nvarchar(4000)
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.49 EVENTS_RPT_V3

Column Name	Datatype	Comment
Event_ID	uniqueidentifier	An internal UUID generated to identify the specific event on this system
Sub_Resource_Name	varchar/nvarchar(255)	Subresource name
Severity	int	The normalized Sentinel event severity (0-5)
Event_Parse_Time	datetime	The absolute time when the event occurred according to Sentinel
Event_Device_Time	datetime	A timestamp representation of the time the event occurred, according to the event source
Device_Event_Time	datetime
Sentinel_Process_Time	datetime	The time at which Sentinel processed the event
Begin_Time	datetime	The time the event began to occur, if the event represents a lengthy transaction
End_Time	datetime	The time the event completed, if the event represents a lengthy transaction
Target_Service_Port	int	The numeric network port accessed on the target
Event_Time	varchar/nvarchar(255)	A string representation of the time the event occurred, according to the event source
Init_Asset_id	bigint	Initiator asset identifier
Target_Asset_id	bigint	Internal asset identifier of the target
Target_IP	int	The IPv4 address of the target system
Target_IP_Dotted	varchar/nvarchar (16)	Target IP address in dotted format
Target_Host_Name	varchar/nvarchar(255)	The unqualified hostname of the target system
Init_User_Name	varchar/nvarchar(255)	The account name of the initiating user
Target_User_Name	varchar/nvarchar(255)	The account name of the target user (DestinationUsername).
File_Name	varchar/nvarchar(1000)	The name of the data object (file, database table, directory object, etc) that was affected by this event
Extended_Info	varchar/nvarchar(1000)	A name-value pair field that holds extra information about the event, which does not fit into the existing event schema
Init_User_ Id	varchar/nvarchar(255)	The initiating source-specific identifier of the account as determined by the Collector based on raw device data
Init_User_Identity	uniqueidentifier	The internal UUID of the identity associated with the initiating account
Target_User_Id	varchar/nvarchar(255)	The source-specific identifier of the target account as determined by the Collector, based on raw device data
Target_User_Identity	uniqueidentifier	The internal UUID of the identity associated with the target account
Effective_User_Name	varchar/nvarchar(255)	The name of the account that is effectively being used
Effective_User_Sys_Id	varchar/nvarchar(255)	The source-specific identifier of the account that is effectively being used as determined by the Collector based on raw device data
Effective_User_Domain	varchar/nvarchar(255)	The domain (namespace) in which the effective user account exists
Target_Trust_Name	varchar/nvarchar(255)	The name of the trust (group, role, profile, etc) affected
Target_Trust_Sys_Id	varchar/nvarchar(255)	Target trust ID
Target_Trust_Domain	varchar/nvarchar(255)	The domain (namepsace) within which the target trust exists
Observer_Ip	int	The IP address of the observer (sensor) that detected the event
Reporter_Ip	int	The IP address of the reporter (the system that delivered the event to Sentinel)
Observer_Host_Domain	varchar/nvarchar(255)	The domain name that is mentioned in the fully qualified hostname of the observer (sensor)
Reporter_Host_Domain	varchar/nvarchar(255)	The domain name that is mentioned in the fully qualified hostname of the reporter
Observer_Asset_Id	varchar/nvarchar(255)	Internal asset identifier of the observer
Reporter_Asset_Id	varchar/nvarchar(255)	Internal asset identifier of the reporter
Init_Service_Comp	varchar/nvarchar(255)	The subcomponent of the initiating service that caused this event
Target_Service_Comp	varchar/nvarchar(255)	The subcomponent of the target service affected by this event
Custom_Tag_1	varchar/nvarchar(255)	Customer Tag 1
Custom_Tag_2	varchar/nvarchar(255)	Customer Tag 2
Custom_Tag_3	int	Customer Tag 3
Reserved_Tag_1	varchar/nvarchar(255)
Reserved_Tag_2	varchar/nvarchar(255)
Reserved_Tag_3	int
Vulnerability_Rating	int
Criticality_Rating	int
Date_Created	datetime	Date the entry was created
Date_Modified	datetime	Date the entry was modified
Created_By	int	User who created object
Modified_By	int	User who last modified object
RV01	int
Event_Metric	int	Event metric
Data_Tag_Id	int	Data tag ID
RV04-RV10	int
RV11-RV20	datetime
RV21-RV28	varchar/nvarchar(255)
Init_IP_Country	varchar/nvarchar(255)	The country where the IPv4 address of the initiating system is located
Target_IP_Country	varchar/nvarchar(255)	The country where the IPv4 address of the target system is located
RV31 RV33	varchar/nvarchar(255)
RV36 RV40
RV43
RV46
RV49
Init_Threat_Level	varchar/nvarchar(255)	Initiator threat level
Init_User_Domain	varchar/nvarchar(255)	The domain (namespace) in which the initiating account exists
Init_Function	varchar/nvarchar(255)	Initiator function
Init_Operational_Context	varchar/nvarchar(255)	Initiator operational context
Target_Host_Domain	varchar/nvarchar(255)	The domain name that is mentioned in the fully qualified hostname of the target system
Target_Threat_Level	varchar/nvarchar(255)	Target threat level
Target_User_Domain	varchar/nvarchar(255)	The domain (namespace) in which the target account exists
Target_Function	varchar/nvarchar(255)	The function of the target system (fileserver, webserver, etc)
Target_Operational_Context	varchar/nvarchar(255)	Target operational context
Taxonomy_id	bigint	Used to link to XDAS and legacy taxonomy tables
Reference_id_1	bigint
XDAS_Taxonomy_Id	bigint	XDAS Taxonomy identifier
Reference_id_2-Reference_id_20
CV01-CV10	int
CV11-CV20	datetime
CV21-CV29	varchar/nvarchar(255)
CV30-CV34	varchar/nvarchar(4000)
CV35-CV100	varchar/nvarchar(255)
Customer_Var_101-Customer_Var_110	int
Customer_Var_111-Customer_Var_120	datetime
Customer_Var_121-Customer_Var_130	uniqueidentifier
Customer_Var_131-Customer_Var_140	int
Customer_Var_141-Customer_Var_150	varchar/nvarchar(255)

8.1.50 EVT_AGENT_RPT_V

View references EVT_AGENT table that stores information about Collectors.

Column Name	Datatype	Comment
Agent_ID	bigint	Collector identifier
CUST_ID	bigint	Customer identifier
Agent	varchar/nvarchar(64)	Collector name
Port	varchar/nvarchar(64)	Collector port
Report_Name	varchar/nvarchar(255)	Reporter name
Product_Name	varchar/nvarchar(255)	The basic name of the product that the Collector processing this event is designed to handle
Sensor_Name	varchar/nvarchar(255)	Sensor name
Sensor_Type	varchar/nvarchar(5)	The type of sensor which produced the event: H - host-based N - network-based V - virus O - other Most event sources are type "N", the Correlation Engine is type "C", etc
Device_Category	varchar/nvarchar(255)	The category of the event source, from an enumerated list (OS, DB, etc)
Source_UUID	uniqueidentifier	Unique identifier of the Sentinel service that generated this event
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.51 EVT_AGENT_RPT_V3

Column Name	Datatype	Comment
Agent_ID	bigint	Collector identifier
Cust_ID	bigint	Customer identifier
Agent	varchar/nvarchar(64)	Collector
Port	varchar/nvarchar(64)	Port
Reporter_Host_Name	varchar/nvarchar(255)	The unqualified hostname of the reporter of the event (ReporterName)
Sensor_Type	varchar/nvarchar(5)	Sensor type: H - host-based N - network-based V - virus O - other
Device_Category	varchar/nvarchar(255)	The category of the event source, from an enumerated list (OS, DB, etc)
Source_UUID	uniqueidentifier	Unique identifier of the Sentinel service that generated this event
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.52 EVT_ASSET_RPT_V

View references EVT_ASSET table that stores asset information.

Column Name	Datatype	Comment
Event_Asset_ID	bigint	Event asset identifier
CUST_ID	bigint	Customer identifier
Asset_Name	varchar/nvarchar(255)	Asset name
Physical_Asset_Name	varchar/nvarchar(255)	Physical asset name
Reference_Asset_IDvarchar/nvarchar(100)	Reference asset identifier, links to source asset management system.	Reference_Asset_IDvarchar/nvarchar(100)
Mac_Address	varchar/nvarchar(100)	MAC address
Rack_Number	varchar/nvarchar(50)	Rack number
Room_Name	varchar/nvarchar(100)	Room name
Building_Name	varchar/nvarchar(255)	Building name
City	varchar/nvarchar(100)	City
State	varchar/nvarchar(100)	State
Country	varchar/nvarchar(100)	Country
Zip_Code	varchar/nvarchar(50)	Zip code
Asset_Category_Name	varchar/nvarchar(100)	Asset category name
Network_Identity_Name	varchar/nvarchar(255)	Asset network identity name
Environment_Identity_Name	varchar/nvarchar(255)	Environment name
Asset_Value_Name	varchar/nvarchar(50)	Asset value name
Criticality_Name	varchar/nvarchar(50)	Asset criticality name
Sensitivity_Name	varchar/nvarchar(50)	Asset sensitivity name
Contact_Name_1	varchar/nvarchar(255)	Name of contact person/organization 1
Contact_Name_2	varchar/nvarchar(255)	Name of contact person/organization 2
Organization_Name_1	varchar/nvarchar(100)	Asset owner organization level 1
Organization_Name_2	varchar/nvarchar(100)	Asset owner organization level 2
Organization_Name_3	varchar/nvarchar(100)	Asset owner organization level 3
Organization_Name_4	varchar/nvarchar(100)	Asset owner organization level 4
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.53 EVT_ASSET_RPT_V3

Asset_Department	varchar/nvarchar(100)	Asset department
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.54 EVT_DEST_EVT_NAME_SMRY_1_RPT_V

View summarizes event count by destination, taxonomy, event name, severity and event time.

Column Name	Datatype	Comment
Destination_IP	int	Destination IP address
Destination_Event_Asset_ID	bigint	Event asset identifier
Taxonomy_ID	bigint	Used to link to XDAS and legacy taxonomy tables
Event_Name_ID	bigint	Event name identifier
Severity	int	The normalized Sentinel event severity (0-5)
CUST_ID	bigint	Customer identifier
Event_Tme	datetime	A string representation of the time the event occurred, according to the event source
Event_Count	int	Event count
Date_Created	datetime	Date the entry was created
Date_Modified	datetime	Date the entry was modified
Created_By	int	User who created object
Modified_By	int	User who last modified object
Destination_Host_Name	varchar/nvarchar(255)	Destination host name

8.1.55 EVT_DEST_SMRY_1_RPT_V

View contains event destination summary information.

Column Name	Datatype	Comment
Destination_IP	int	Destination IP address
Destination_Event_Asset_ID	bigint	Event asset identifier
Destination_Port	varchar/nvarchar(32)	Destination port
Destination_User_ID	bigint	Destination user identifier
Taxonomy_ID	bigint	Used to link to XDAS and legacy taxonomy tables
Event_Name_ID	bigint	Event name identifier
Resource_ID	bigint	Resource identifier
Agent_ID	bigint	Collector identifier
Protocol_ID	bigint	Protocol identifier
Severity	int	The normalized Sentinel event severity (0-5)
CUST_ID	bigint	Customer identifier
Event_Time	datetime	A string representation of the time the event occurred, according to the event source
XDAS_Taxonomy_id	bigint	XDAS taxonomy identifier
Target_User_Identity	uniqueidentifier	The internal UUID of the identity associated with the target account
Event_Count	int	Event count
Date_Created	datetime	Date the entry was created
Date_Modified	datetime	Date the entry was modified
Created_By	int	User who created object
Modified_By	int	User who last modified object
Destination_Host_Name	varchar/nvarchar(255)	Destination host name

8.1.56 EVT_DEST_TXNMY_SMRY_1_RPT_V

View summarizes event count by destination, taxonomy, severity and event time.

Column Name	Datatype	Comment
Destination_IP	int	Destination IP address
Destination_Event_Asset_ID	bigint	Event asset identifier
Taxonomy_ID	bigint	Used to link to XDAS and legacy taxonomy tables
Severity	int	The normalized Sentinel event severity (0-5)
CUST_ID	bigint	Customer identifier
Event_Time	datetime	A string representation of the time the event occurred, according to the event source
XDAS_Taxonomy_id	bigint	XDAS taxonomy identifier
Event_Count	int	Event count
Date_Created	datetime	Date the entry was created
Date_Modified	datetime	Date the entry was modified
Created_By	int	User who created object
Modified_By	int	User who last modified object
Destination_Host_Name	varchar/nvarchar(255)	Destination host name

8.1.57 EVT_NAME_RPT_V

View references EVT_NAME table that stores event name information.

Column Name	Datatype	Comment
Event_Name_ID	bigint	Event name identifier
Event_Name	varchar/nvarchar(255)	A short, abstract description of the event, such as "User Logged In"
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.58 EVT_PORT_SMRY_1

Column Name	Datatype	Comment
DEST_PORT	varchar/nvarchar(32)	Destination port
SEV	int	Severity
CUST_ID	bigint	Customer identifier
EVT_TIME	datetime	A string representation of the time the event occurred, according to the event source
EVT_CNT	int	Event count
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.59 EVT_PORT_SMRY_1_RPT_V

View summarizes event count by destination port, severity and event time.

Column Name	Datatype	Comment
Destination_Port	varchar/nvarchar(32)	Destination port
Severity	int	The normalized Sentinel event severity (0-5)
Cust_ID	bigint	Customer identifier
Event_Time	datetime	A string representation of the time the event occurred, according to the event source
Event_Count	int	Event count
Date_Created	datetime	Date the entry was created
Date_Modified	datetime	Date the entry was modified
Created_By	int	User who created object
Modified_By	int	User who last modified object

8.1.60 EVT_PRTCL_RPT_V

View references EVT_PRTCL table that stores event protocol information.

Column Name	Datatype	Comment
Protocol_ID	bigint	Protocol identifier
Protocol_Name	varchar/nvarchar(255)	Protocol name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.61 EVT_RSRC_RPT_V

View references EVT_RSRC table that stores event resource information.

Column Name	Datatype	Comment
Resource_ID	bigint	Resource identifier
CUST_ID	bigint	Customer identifier
Resource_Name	varchar/nvarchar(255)	Resource name
Sub_Resource_Name	varchar/nvarchar(255)	Subresource name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.62 EVT_SEV_SMRY_1_RPT_V

View summarizes event count by severity and event time.

Column Name	Datatype	Comment
Severity	int	The normalized Sentinel event severity (0-5)
CUST_ID	bigint	Customer identifier
Event_Time	datetime	A string representation of the time the event occurred, according to the event source
Event_Count	int	Event count
Date_Created	datetime	Date the entry was created
Date_Modified	datetime	Date the entry was modified
Created_By	int	User who created object
Modified_By	int	User who last modified object

8.1.63 EVT_SRC_COLLECTOR_RPT_V

Column Name	Datatype	Comment
EVT_SRC_COLLECTOR_ID	uniqueidentifier	Event source collector identifier
SENTINEL_PLUGIN_ID	uniqueidentifier	Sentine plug-in identifier
EVT_SRC_MGR_ID	uniqueidentifier	Event source manager identifier
EVT_SRC_COLLECTOR_NAME	varchar/nvarchar(255)	Event source collector name
STATE_IND	bit	State indicator
EVT_SRC_COLLECTOR_PROPS	ntext	Event source collector prop
MAP_FILTER	ntext	Map filter
CREATED_BY	int	Date the entry was created
MODIFIED_BY	int	Date the entry was modified
DATE_CREATED	datetime	User who created object
DATE_MODIFIED	datetime	User who last modified object

8.1.64 EVT_SRC_GRP_RPT_V

Column Name	Datatype	Comment
EVT_SRC_GRP_ID	uniqueidentifier	Event source group identifier
EVT_SRC_COLLECTOR_ID	uniqueidentifier	Event source collector identifier
SENTINEL_PLUGIN_ID	uniqueidentifier	Sentinel plug-in identifier
EVT_SRC_SRVR_ID	uniqueidentifier	Event source server identifier
EVT_SRC_GRP_NAME	varchar/nvarchar(255)	Event source group name
STATE_IND	bit	State indicator
MAP_FILTER	ntext	Map filter
EVT_SRC_DEFAULT_CONFIG	ntext	Event source default configuration
CREATED_BY	int	Date the entry was created
MODIFIED_BY	int	Date the entry was modified
DATE_CREATED	datetime	User who created object
DATE_MODIFIED	datetime	User who last modified object

8.1.65 EVT_SRC_MGR_RPT_V

Column Name	Datatype	Comment
EVT_SRC_MGR_ID	uniqueidentifier	Event source manager identifier
SENTINEL_ID	uniqueidentifier	Sentinel identifier
SENTINEL_HOST_ID	uniqueidentifier	Sentinel host identifier
EVT_SRC_MGR_NAME	varchar/nvarchar(255)	Event source manager name
STATE_IND	bit	State indicator
EVT_SRC_MGR_CONFIG	ntext	Event source manager config
CREATED_BY	int	Date the entry was created
MODIFIED_BY	int	Date the entry was modified
DATE_CREATED	datetime	User who created object
DATE_MODIFIED	datetime	User who last modified object

8.1.66 EVT_SRC_OFFSET_RPT_V

Column Name	Datatype	Comment
EVT_SRC_ID	uniqueidentifier	Event source identifier
OFFSET_VAL	ntext	Offset value
OFFSET_TIMESTAMP	datetime	Offset timestamp
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified

8.1.67 EVT_SRC_RPT_V

Column Name	Datatype	Comment
EVT_SRC_ID	uniqueidentifier	Event source identifier
EVT_SRC_NAME	varchar/nvarchar(255)	Event source name
EVT_SRC_GRP_ID	uniqueidentifier	Event source group identifier
STATE_IND	bit	State indicator
MAP_FILTER	ntext	Map filter
EVT_SRC_CONFIG	ntext	Event source config
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified

8.1.68 EVT_SRC_SMRY_1_RPT_V

View contains event source and destination summary information.

Column Name	Datatype	Comment
Source_IP	int	Source IP address
Source_Event_Asset_ID	bigint	Event asset identifier
Source_Port	varchar/nvarchar(32)	Source port
Source_User_ID	bigint	User identifier
Taxonomy _ID	bigint	Used to link to XDAS and legacy taxonomy tables
Event_Name_ID	bigint	Event name identifier
Resource_ID	bigint	Resource identifier
Agent_ID	bigint	Collector identifier
Protocol _ID	bigint	Protocol identifier
Severity	int	The normalized Sentinel event severity (0-5)
CUST_ID	bigint	Customer identifier
Event_Time	datetime	A string representation of the time the event occurred, according to the event source
XDAS_Taxonomy_id	bigint	XDAS taxonomy id
Init_User_Identity	uniqueidentifier	The internal UUID of the identity that is associated with the initiating account
Event_Count	int	Event count
Date_Created	datetime	Date the entry was created
Date_Modified	datetime	Date the entry was modified
Created_By	int	User who created object
Modified_By	int	User who last modified object
Source_Host_Name	varchar/nvarchar(255)	Source host name

8.1.69 EVT_SRC_SRVR_RPT_V

Column Name	Datatype	Comment
EVT_SRC_SRVR_ID	uniqueidentifier	Event source server identifier
EVT_SRC_SRVR_NAME	varchar/nvarchar(255)	Event source server name
EVT_SRC_MGR_ID	uniqueidentifier	Event source manager identifier
SENTINEL_PLUGIN_ID	uniqueidentifier	Sentinel plugin identifier
STATE_IND	bit	State indicator
EVT_SRC_SRVR_CONFIG	ntext	Event source server configuration
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified

8.1.70 EVT_TXNMY_RPT_V

View references EVT_TXNMY table that stores event taxonomy information.

Column Name	Datatype	Comment
Taxonomy _ID	bigint	Used to link to XDAS and legacy taxonomy tables
Taxonomy _ Level _1	varchar/nvarchar(100)	Deprecated
Taxonomy _ Level _2	varchar/nvarchar(100)	Deprecated
Taxonomy _ Level _3	varchar/nvarchar(100)	Deprecated
Taxonomy _ Level _4	varchar/nvarchar(100)	Deprecated
Device_Category	varchar/nvarchar(255)
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.71 EVT_USR_RPT_V

View references EVT_USR table that stores event user information.

Column Name	Datatype	Comment
User_ID	bigint	User identifier
User_Name	varchar/nvarchar(255)	User name
User_Domain	varchar/nvarchar(255)
CUST_ID	bigint	Customer identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.72 EVT_XDAS_TXNMY_RPT_V

Column Name	Datatype	Comment
XDAS_TXNMY_NAME	varchar/nvarchar(255)	Human-readable XDAS event taxonomy string
XDAS_OUTCOME_NAME	varchar/nvarchar(255)	Human-readable XDAS outcome
Xdas_Registry	int	The XDAS Registry ID; refer to XDAS specifications
Xdas_Provider	int	The XDAS Provider ID; refer to XDAS specifications
Xdas_Class	int	The XDAS Event Class ID; refer to XDAS specifications
Xdas_Identifier	int	The XDAS Event Identifier; refer to XDAS specifications
Xdas_Outcome	int	The XDAS major outcome; success, failure, or denial
Xdas_Detail	int	The XDAS outcome detail; refer to XDAS specifications
Xdas_Taxonomy_Id	bigint	XDAS taxonomy identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.73 EXTERNAL_DATA_RPT_V

View references EXTERNAL_DATA table that stores external data.

Column Name	Datatype	Comment
EXTERNAL_DATA_ID	int	External data identifier
SOURCE_NAME	varchar/nvarchar(50)	Source name
SOURCE_DATA_ID	varchar/nvarchar(255)	Source data identifier
EXTERNAL_DATA	ntext	External data
EXTERNAL_DATA_TYPE	varchar/nvarchar(10)	External data type
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.74 HIST_CORRELATED_EVENTS

Column Name	Datatype	Comment
PARENT_EVT_ID	uniqueidentifier	Event Universal Unique Identifier (UUID) of parent event
CHILD_EVT_ID	uniqueidentifier	Event Universal Unique Identifier (UUID) of child event
PARENT_EVT_TIME	datetime	Parent event created time
CHILD_EVT_TIME	datetime	Child event created time
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.75 HIST_CORRELATED_EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New reports should use CORRELATED_EVENTS_RPT_V1.

8.1.76 HIST_EVENTS

Column Name	Datatype	Comment
EVT_ID	uniqueidentifier	Event Universal Unique Identifier (UUID)
EVT_TIME	datetime	A string representation of the time the event occurred, according to the event source
CUST_ID	bigint	Customer identifier
SRC_ASSET_ID	bigint	Source Asset ID
DEST_ASSET_ID	bigint	Destination Asset ID
TXNMY_ID	bigint	Used to link to XDAS and legacy taxonomy tables
PRTCL_ID	bigint	Protocol ID
AGENT_ID	bigint	Collector Identifier
ARCH_ID	bigint
DEVICE_EVT_TIME	datetime	Device Event Time
SENTINEL_PROCESS_TIME	datetime	The time at which Sentinel processed the event
BEGIN_TIME	datetime	The time the event began to occur, if the event represents a lengthy transaction
END_TIME	datetime	The time the event completed, if the event represents a lengthy transaction
REPEAT_CNT	int	The number of times the identical event occurred
DP_INT	int
SP_INT	int
RES	varchar/nvarchar(255)	Resolution
SRES	varchar/nvarchar(255)
SEV	int	Severity
EVT	varchar/nvarchar(255)	Events
ET	varchar/nvarchar(255)
SIP	int
SHN	varchar/nvarchar(255)
SP	varchar/nvarchar(32)
DIP	int
DHN	varchar/nvarchar(255)
DP	varchar/nvarchar(32)
SUN	varchar/nvarchar(255)
DUN	varchar/nvarchar(255)
FN	varchar/nvarchar(1000)
VULN	int	Vulnerability
CT1	varchar/nvarchar(255)
CT2	varchar/nvarchar(255)
CT3	int
RT1	varchar/nvarchar(255)
RT2	varchar/nvarchar(255)
RT3	int
CRIT	int
MSG	varchar/nvarchar(4000)	A descriptive string which describes the event and some event details of what occurred
EI	varchar/nvarchar(1000)
INIT_USR_SYS_ID	varchar/nvarchar(255)
INIT_USR_IDENTITY_GUID	uniqueidentifier
TRGT_USR_SYS_ID	varchar/nvarchar(255)
TRGT_USR_IDENTITY_GUID	uniqueidentifier
EFFECTIVE_USR_NAME	varchar/nvarchar(255)
EFFECTIVE_USR_SYS_ID	varchar/nvarchar(255)
EFFECTIVE_USR_DOMAIN	varchar/nvarchar(255)
TRGT_TRUST_NAME	varchar/nvarchar(255)
TRGT_TRUST_SYS_ID	varchar/nvarchar(255)
TRGT_TRUST_DOMAIN	varchar/nvarchar(255)
OBSRVR_IP	int
RPTR_IP	int
OBSRVR_HOST_DOMAIN	varchar/nvarchar(255)
RPTR_HOST_DOMAIN	varchar/nvarchar(255)
OBSRVR_ASSET_ID	varchar/nvarchar(255)
RPTR_ASSET_ID	varchar/nvarchar(255)
INIT_SRVC_COMP	varchar/nvarchar(255)
TARGET_SRVC_COMP	varchar/nvarchar(255)
EVT_GRP_ID	varchar/nvarchar(255)
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
RV01-RV10	int
RV11-RV20	datetime
RV21-RV25	uniqueidentifier
RV26-RV38 RV40-RV49	varchar/nvarchar(255)	The ID or code used by the vendor to reference that specific event type.
RV101-RV120	datetime
RV121-RV130	uniqueidentifier
RV131-RV140	int
RV141-RV150	varchar/nvarchar(255)
RID01-RID20	bigint
CV01-CV10	int
CV11-CV20	datetime
CV21-CV29 CV35-CV100	varchar/nvarchar(255)
CV30-CV34	varchar/nvarchar(4000)
CV101-CV110 CV131-CV140	int
CV111-CV120	datetime
CV121-CV130	uniqueidentifier
CV141-CV147	varchar/nvarchar(255)

8.1.77 HIST_EVENTS_RPT_V (legacy view)

This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2.

8.1.78 IMAGES_RPT_V

View references IMAGES table that stores system overview image information.

Column Name	Datatype	Comment
NAME	varchar/nvarchar(128)	Image name
TYPE	varchar/nvarchar(64)	Image type
DATA	ntext	Image data
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.79 INCIDENTS_ASSETS_RPT_V

View references INCIDENTS_ASSETS table that stores information about the assets that makeup incidents created in the Sentinel Console.

Column Name	Datatype	Comment
INC_ID	int	Incident identifier – sequence number
ASSET_ID	uniqueidentifier	Asset Universal Unique Identifier (UUID)
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.80 INCIDENTS_EVENTS_RPT_V

View references INCIDENTS_EVENTS table that stores information about the events that makeup incidents created in the Sentinel Console.

Column Name	Datatype	Comment
INC_ID	int	Incident identifier – sequence number
EVT_ID	uniqueidentifier	Event Universal Unique Identifier (UUID)
EVT_TIME	datetime	A string representation of the time the event occurred, according to the event source
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.81 INCIDENTS_RPT_V

View references INCIDENTS table that stores information describing the details of incidents created in the Sentinel Console.

Column Name	Datatype	Comment
INC_ID	int	Incident identifier – sequence number
NAME	varchar/nvarchar(255)	Incident name
INC_CAT	varchar/nvarchar(255)	Incident category
INC_DESC	varchar/nvarchar(4000)	Incident description
INC_PRIORITY	int	Incident priority
INC_RES	varchar/nvarchar(4000)	Incident resolution
SEVERITY	int	The normalized Sentinel event severity (0-5)
STT_ID	int	Incident State ID
SEVERITY_RATING	varchar/nvarchar(32)	Average of all the event severities that comprise an incident.
VULNERABILITY_RATING	varchar/nvarchar(32)	Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
CRITICALITY_RATING	varchar/nvarchar(32)	Reserved for future use by Sentinel. Use of this field for any other purpose might result in data being overwritten by future functionality.
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.82 INCIDENTS_VULN_RPT_V

View references INCIDENTS_VULN table that stores information about the vulnerabilities that makeup incidents created in the Sentinel Console.

Column Name	Datatype	Comment
INC_ID	int	Incident identifier – sequence number
VULN_ID	uniqueidentifier	Vulnerability Universal Unique Identifier (UUID)
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.83 L_STAT_RPT_V

View references L_STAT table that stores statistical information.

Column Name	Datatype	Comment
RES_NAME	varchar/nvarchar(32)	Resource name
STATS_NAME	varchar/nvarchar(32)	Statistic name
STATS_VALUE	varchar/nvarchar(32)	Value of the statistic
OPEN_TOT_SECS	numeric(18,0)	Number of seconds since 1970.

8.1.84 LOGS_RPT_V

View references LOGS_RPT table that stores logging information.

Column Name	Datatype	Comment
LOG_ID	int	Sequence number
TIME	datetime	Date of Log
MODULE	varchar/nvarchar(64)	Module log is for
TEXT	varchar/nvarchar(4000)	Log ntext

8.1.85 MSSP_ASSOCIATIONS_V

View references MSSP_ASSOCIATIONS table that associates an integer key in one table to a uuid in another table.

Column Name	Datatype	Comment
TABLE1	varchar/nvarchar (64)	Table name 1
ID1	bigint	ID1
TABLE2	varchar/nvarchar (64)	Table name 2
ID2	uniqueidentifier	ID2
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.86 NETWORK_IDENTITY_RPT_V

View references NETWORK_IDENTITY_LKUP table that stores asset network identity information.

Column Name	Datatype	Comment
NETWORK_IDENTITY_ID	bigint	Network identity code
NETWORK_IDENTITY_NAME	varchar/nvarchar(255)	Network identify name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.87 ORGANIZATION_RPT_V

View references ORGANIZATION table that stores organization (asset) information.

Column Name	Datatype	Comment
ORGANIZATION_ID	uniqueidentifier	Organization identifier
ORGANIZATION_NAME	varchar/nvarchar(100)	Organization name
CUST_ID	bigint	Customer identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.88 PERSON_RPT_V

View references PERSION table that stores personal (asset) information.

Column Name	Datatype	Comment
PERSON_ID	uniqueidentifier	Person identifier
FIRST_NAME	varchar/nvarchar(255)	First name
LAST_NAME	varchar/nvarchar(255)	Last name
CUST_ID	bigint	Customer identifier
PHONE_NUMBER	varchar/nvarchar(50)	Phone number
EMAIL_ADDRESS	varchar/nvarchar(255)	E-mail address
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.89 PHYSICAL_ASSET_RPT_V

View references PHYSICAL_ASSET table that stores physical asset information.

Column Name	Datatype	Comment
PHYSICAL_ASSET_ID	uniqueidentifier	Physical asset identifier
CUST_ID	bigint	Customer identifier
LOCATION_ID	bigint	Location identifier
HOST_NAME	varchar/nvarchar(255)	Host name
IP_ADDRESS	int	IP address
NETWORK_IDENTITY_ID	bigint	Network identity code
MAC_ADDRESS	varchar/nvarchar(100)	MAC address
RACK_NUMBER	varchar/nvarchar(50)	Rack number
ROOM_NAME	varchar/nvarchar(100)	Room name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.90 PRODUCT_RPT_V

View references PRDT table that stores asset product information.

Column Name	Datatype	Comment
PRODUCT _ID	bigint	Product identifier
PRODUCT _NAME	varchar/nvarchar(255)	Product name
PRODUCT _VERSION	varchar/nvarchar(100)	Product version
VENDOR _ID	bigint	Vendor identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.91 ROLE_RPT_V

View references ROLE_LKUP table that stores user role (asset) information.

Column Name	Datatype	Comment
ROLE_CODE	varchar/nvarchar(5)	Role code
ROLE_NAME	varchar/nvarchar(255)	Role name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.92 RPT_LABELS_RPT_V

This view contains localized report labels for reports in non-English languages.

Column Name	Datatype	Comment
RPT_NAME	varchar/nvarchar(100)	Report name
LABEL_1 – LABEL_35	varchar/nvarchar(2000)	Translated report labels

8.1.93 SENSITIVITY_RPT_V

View references SENSITIVITY_LKUP table that stores asset sensitivity information.

Column Name	Datatype	Comment
SENSITIVITY_ID	bigint	Asset sensitivity code
SENSITIVITY_NAME	varchar/nvarchar(50)	Asset sensitivity name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.94 SENTINEL_HOST_RPT_V

Column Name	Datatype	Comment
SENTINEL_HOST_ID	uniqueidentifier	Sentinel host identifier
SENTINEL_ID	uniqueidentifier	Sentinel identifier
SENTINEL_HOST_NAME	varchar/nvarchar(255)	Sentinel host name
HOST_NAME	varchar/nvarchar(255)	Host name
IP_ADDR	varchar/nvarchar(255)	IP address
HOST_OS	varchar/nvarchar(255)	Host operating system
HOST_OS_VERSION	varchar/nvarchar(255)	Host operating system version
MODIFIED_BY	int	User who last modified object
CREATED_BY	int	User who created object
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified

8.1.95 SENTINEL_PLUGIN_RPT_V

Column Name	Datatype	Comment
SENTINEL_PLUGIN_ID	uniqueidentifier	Sentinel plugin identifier
SENTINEL_PLUGIN_NAME	varchar/nvarchar(255)	Sentinel plugin name
SENTINEL_PLUGIN_TYPE	varchar/nvarchar(255)	Sentinel plugin type
FILE_NAME	varchar/nvarchar(512)	The name of the data object (file, database table, directory object, etc) that was affected by this event.
CONTENT_PKG	ntext	Content package
FILE_HASH	varchar/nvarchar(255)	File hash code
AUX_FILE_NAME	varchar/nvarchar(512)	Auxiliary file name
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified

8.1.96 SENTINEL_RPT_V

Column Name	Datatype	Comment
SENTINEL_ID	uniqueidentifier	Sentinel identifier
SENTINEL_NAME	varchar/nvarchar(255)	Sentinel name
ONLINE_IND	bit	Online indicator
STATE_IND	bit	State indicator
SENTINEL_CONFIG	ntext	Sentinel configuration
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified

8.1.97 STATES_RPT_V

View references STATES table that stores definitions of states defined by applications or context.

Column Name	Datatype	Comment
STT_ID	int	State ID – sequence number
CONTEXT	varchar/nvarchar(64)	Context of the state. That is case, incident, user.
NAME	varchar/nvarchar(64)	Name of the state.
TERMINAL_FLAG	varchar/nvarchar(1)	Indicates if state of incident is resolved.
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
MODIFIED_BY	int	User who last modified object
CREATED_BY	int	User who created object

8.1.98 UNASSIGNED_INCIDENTS_RPT_V

View references CASES and INCIDENTS tables to report on unassigned cases.

Name	Datatype	Comment
INC_ID	int	Incident identifier – sequence number
NAME	varchar/nvarchar(255)	Short, unique user name used as a login
SEVERITY	int	The normalized Sentinel event severity (0-5)
STT_ID	int	State ID. Status is either active or inactive.
SEVERITY_RATING	varchar/nvarchar(32)	Average of all the event severities that comprise an incident.
VULNERABILITY_RATING	varchar/nvarchar(32)	Vulnerability rating
CRITICALITY_RATING	varchar/nvarchar(32)	Criticality rating
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object
INC_DESC	varchar/nvarchar(4000)	Incident description
INC_CAT	varchar/nvarchar(255)	Incident category
INC_PRIORITY	int	Incident priority
INC_RES	varchar/nvarchar(4000)	Incident resolution

8.1.99 USERS_RPT_V

View references USERS table that lists all users of the application. The users will also be created as database users to accommodate 3rd party reporting tools.

Column Name	Datatype	Comment
USR_ID	int	User identifier – Sequence number
NAME	varchar/nvarchar(64)	Short, unique user name used as a login
CNT_ID	int	Contact ID – Sequence number
STT_ID	int	State ID. Status is either active or inactive.
DESCRIPTION	varchar/nvarchar(512)	Comments
PERMISSIONS	varchar/nvarchar(4000)	Permissions currently assigned to the Sentinel user
FILTER	varchar/nvarchar(128)	Current security filter assigned to the Sentinel user
UPPER_NAME	varchar/nvarchar(64)	User name in upper case
DOMAIN_AUTH_IND	bit	Domain authentication indication
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.100 USR_ACCOUNT_RPT_V

Column Name	Datatype	Comment
ACCOUNT_ID	bigint	Account identifier
USER_DOMAIN	varchar/nvarchar(255)	User domain
CUST_ID	bigint	Customer identifier
BEGIN_EFFECTIVE_DATE	datetime	Begin effective date
END_EFFECTIVE_DATE	datetime	End effective date
CURRENT_F	bit	Current flag
USER_STATUS	varchar/nvarchar(50)	User status
IDENTITY_GUID	uniqueidentifier	Identity identifier
SOURCE_USER_ID	varchar/nvarchar(100)	User ID on source system
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.101 USR_IDENTITY_EXT_ATTR_RPT_V

Column Name	Datatype	Comment
IDENTITY_GUID	uniqueidentifier	Identity identifier
ATTRIBUTE_NAME	varchar/nvarchar(255)	Attribute name
ATTRIBUTE_VALUE	varchar/nvarchar(1024)	Attribute value

8.1.102 USR_IDENTITY_RPT_V

Column Name	Datatype	Comment
IDENTITY_GUID	uniqueidentifier	Identity identifier
DN	varchar/nvarchar(255)	Distinguished name
CUST_ID	bigint	Customer identifier
SRC_IDENTITY_ID	varchar/nvarchar(100)	Source identity identifier
WFID	varchar/nvarchar(100)	Workforce identifier
FIRST_NAME	varchar/nvarchar(255)	First name
LAST_NAME	varchar/nvarchar(255)	Last name
FULL_NAME	varchar/nvarchar(255)	The full name of the identity associated with the initiating account
JOB_TITLE	varchar/nvarchar(255)	Job title
DEPARTMENT_NAME	varchar/nvarchar(100)	The department of the identity associated with the initiating account
OFFICE_LOC_CD	varchar/nvarchar(100)	Office location code
PRIMARY_EMAIL	varchar/nvarchar(255)	Primary e-mail address
PRIMARY_PHONE	varchar/nvarchar(100)	Primary phone number
VAULT_NAME	varchar/nvarchar(100)	Identity vault name
MGR_GUID	uniqueidentifier	Manager identity identifier
PHOTO	text	Photo
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.103 VENDOR_RPT_V

View references VNDR table that stores information about asset product vendors.

Column Name	Datatype	Comment
VENDOR_ID	bigint	Vendor identifier
VENDOR_NAME	varchar/nvarchar(255)	Vendor name
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.104 VULN_CALC_SEVERITY_RPT_V

View references VULN_RSRC and VULN to calculate eSecurity vulnerability severity rating base on current vulnerabilities.

Column Name	Datatype	Comment
RSRC_ID	uniqueidentifier
IP	varchar/nvarchar(32)	IP
HOST_NAME	varchar/nvarchar(255)	Host name
CRITICALITY	int	Asset criticality code
ASSIGNED_VULN_SEVERITY	int
VULN_COUNT	int	Vulnerability Count
CALC_SEVERITY	numeric(14,2)

8.1.105 VULN_CODE_RPT_V

View references VULN_CODE table that stores industry assigned vulnerability codes such as Mitre's CVEs and CANs.

Column Name	Datatype	Comment
VULN_CODE_ID	uniqueidentifier
VULN_ID	uniqueidentifier	Vulnerability identifier
VULN_CODE_TYPE	varchar/nvarchar(64)	Vulnerability code type
VULN_CODE_VALUE	varchar/nvarchar(255)	Vulnerability code value
URL	varchar/nvarchar(512)	Web URL
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.106 VULN_INFO_RPT_V

View references VULN_INFO table that stores additional information reported during a scan.

Column Name	Datatype	Comment
VULN_INFO_ID	uniqueidentifier
VULN_ID	uniqueidentifier	Vulnerability identifier
VULN_INFO_TYPE	varchar/nvarchar(36)
VULN_INFO_VALUE	varchar/nvarchar(2000)
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.107 VULN_RPT_V

View references VULN table that stores information of scanned system. Each scanner will have its own entry for each system.

Column Name	Datatype	Comment
VULN_ID	uniqueidentifier	Vulnerability identifier
RSRC_ID	uniqueidentifier	Resource identifier
PORT_NAME	varchar/nvarchar(64)	Port Name
PORT_NUMBER	int	Port Number
NETWORK_PROTOCOL	int	Network Protocol
APPLICATION_PROTOCOL	varchar/nvarchar(64)	Application Protocol
ASSIGNED_VULN_SEVERITY	int
COMPUTED_VULN_SEVERITY	int
VULN_DESCRIPTION	ntext
VULN_SOLUTION	ntext
VULN_SUMMARY	varchar/nvarchar(1000)
BEGIN_EFFECTIVE_DATE	datetime	Date from which the entry is valid
END_EFFECTIVE_DATE	datetime	Date until which the entry is valid
DETECTED_OS	varchar/nvarchar(64)
DETECTED_OS_VERSION	varchar/nvarchar(64)
SCANNED_APP	varchar/nvarchar(64)
SCANNED_APP_VERSION	varchar/nvarchar(64)
VULN_USER_NAME	varchar/nvarchar(64)
VULN_USER_DOMAIN	varchar/nvarchar(64)
VULN_TAXONOMY	varchar/nvarchar(1000)
SCANNER_CLASSIFICATION	varchar/nvarchar(255)
VULN_NAME	varchar/nvarchar(300)
VULN_MODULE	varchar/nvarchar(64)
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.108 VULN_RSRC_RPT_V

View references VULN_RSRC table that stores each resource scanned for a particular scan.

Column Name	Datatype	Comment
RSRC_ID	uniqueidentifier
SCANNER_ID	uniqueidentifier	Scanner identifier
IP	varchar/nvarchar(32)	IP Address
HOST_NAME	varchar/nvarchar(255)	Host name
LOCATION	varchar/nvarchar(128)	Location
DEPARTMENT	varchar/nvarchar(128)	Department
BUSINESS_SYSTEM	varchar/nvarchar(128)	Business System
OPERATIONAL_ENVIRONMENT	varchar/nvarchar(64)	Operational environment
CRITICALITY	int	Criticality
REGULATION	varchar/nvarchar(128)	Regulation
REGULATION_RATING	varchar/nvarchar(64)	Regulation rating
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.109 VULN_RSRC_SCAN_RPT_V

View references VULN_RSRC_SCAN table that stores each resource scanned for a particular scan.

Column Name	Datatype	Comment
RSRC_ID	uniqueidentifier
SCAN_ID	uniqueidentifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.110 VULN_SCAN_RPT_V

View references table that stores information pertaining to scans.

Column Name	Datatype	Comment
SCAN_ID	uniqueidentifier	Vulnerability scan identifier
SCANNER_ID	uniqueidentifier	Vulnerability scanner identifier
SCAN_TYPE	varchar/nvarchar(10)	Vulnerability scan type
SCAN_START_DATE	datetime	Scan start date
SCAN_END_DATE	datetime	Scan start date
CONSOLIDATION_SERVER	varchar/nvarchar(64)	Consolidation server
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.111 VULN_SCAN_VULN_RPT_V

View references VULN_SCAN_VULN table that stores vulnerabilities detected during scans.

Column Name	Datatype	Comment
SCAN_ID	uniqueidentifier
VULN_ID	uniqueidentifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.112 VULN_SCANNER_RPT_V

View references VULN_SCANNER table that stores information about vulnerability scanners.

Column Name	Datatype	Comment
SCANNER_ID	uniqueidentifier
PRODUCT_NAME	varchar/nvarchar(100)	The basic name of the product that the Collector processing this event is designed to handle
PRODUCT_VERSION	varchar/nvarchar(64)	Product Version
SCANNER_TYPE	varchar/nvarchar(64)	Vulnerability Scanner Type
VENDOR	varchar/nvarchar(100)	Vendor
SCANNER_INSTANCE	varchar/nvarchar(64)	Scanner Instance
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.113 WORKFLOW_DEF_RPT_V

Column Name	Datatype	Comment
PKG_NAME	varchar/nvarchar(255)	Package name
PKG_DATA	ntext	Package data
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1.114 WORKFLOW_INFO_RPT_V

Column Name	Datatype	Comment
INFO_ID	bigint	Info identifier
PROCESS_DEF_ID	varchar/nvarchar(100)	Process definition identifier
PROCESS_INSTANCE_ID	varchar/nvarchar(150)	Process instance identifier
DATE_CREATED	datetime	Date the entry was created
DATE_MODIFIED	datetime	Date the entry was modified
CREATED_BY	int	User who created object
MODIFIED_BY	int	User who last modified object

8.1 Views