Table sem5.dbo.NOTIFICATION
Keeps the notification events

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
NOTAG_IDX char 32
TYPE varchar 30 ('') VO = Risk outbreak
SO = Outbreak on single computers
VM = Outbreak by number of computers
1V = Single risk event
NV = New risk detected
ID = Virus definitions out-of-date
AF = Authentication failure
AFS = Authentication failure on single server
SE = System event
CS = Client security alert
CSS = Client security alert on single computers
CSM = Client security alert by number of computers
LA = New learned application
CL = Client list changed
DF = Server health
UM = Unmanaged computers
NS = New software package
ED = Enforcer is down
WL = Forced or Commercial application detected
DD = Database down
LE = Paid license expiring
TLE = Trial license expiring
ODC = SEPM is overdeployed with the current license
OLE = Upgrade license expiring
SVA = Security virtual appliance offline
USER_ID char 32 ('') Admin GUID
TZ_OFFSET int 4 ((0)) Time zone when admin created the notification so that e-mailed reports can display dates in admin's local time zone.
SERVERGROUP nvarchar 510 ('%') Name of server group(s) to which this notification applies (Comma-separated list, wild-cards allowed)
CLIENTGROUP nvarchar 510 ('%') Name of client group(s) to which this notification applies (Comma-separated list, wild-cards allowed)
PARENTSERVER nvarchar 510 ('%') Name of parent server(s) to which this notification applies (Comma-separated list, wild-cards allowed)
COMPUTER nvarchar 510 ('%') Name of computer(s) to which this notification applies (Comma-separated list, wild-cards allowed)
VIRUS nvarchar 510 ('%') Name of virus(es) to which this notification applies (Comma-separated list, wild-cards allowed)
SOURCE varchar 255 ('%') Scan for which this notification applies (hard-coded English string used as key):
% = all
Scheduled Scan
Manual Scan
Real Time Scan
Heuristic Scan
Console
Definition downloader
System
Startup Scan
Idle Scan
Manual Quarantine
ACTACTION varchar 255 ('%') % = No filter (all)
1 = Quarantined
3 = Deleted
4 = Left alone
5 = Cleaned
6 = Cleaned or macros deleted
14 = Pending repair
15 = Partially repaired
16 = Process termination pending restart
17 = Excluded
19 = Cleaned by deletion
20 = Access denied
21 = Process terminated
22 = No repair available
23 = All actions failed
98 = Suspicious
HYPERLINK2 nvarchar 510 ('/reports/FullReport.php') Hyperlink used to generate report
NTIMES int 4 ((0)) Number of occurrences to trigger this notification
XMINUTES int 4 ((0)) Time window in which ntimes events must occur to trigger the notification
EMAIL nvarchar 510 ('') Comma-separated email list to send email when this notification is triggered
LASTRUN bigint 8 ((0)) Time stamp when this notification has last been analyzed
TRIGGERED bigint 8 ((0)) Time when alert was last triggered
LASTRUN_DATA varchar 50 ('') Any extra data needed to give details in notification e-mail
CATEGORY varchar 10 ('>= -1') Virus category for which this notification applies:
>= -1 is no filter (all)
>= 1 filters for Category 1 (Very Low) and above
>= 2 filters for Category 2 (Low) and above
>= 3 filters for Category 3 (Moderate) and above
>= 4 filters for Category 4 (Severe) and above
>= 5 filters for Category 5 (Very Severe)
= -1 filters for unknown
USN bigint 8 ((1)) A USN-based serial number; this ID is not unique.
TIME_STAMP bigint 8 ((0)) The time when the event is logged into system (GMT), which is server side time
DELETED tinyint 1 ((0)) Deleted row; 0 = Not Deleted, 1 = Deleted
SYSTEM_EVENT int 4 ((0)) Which buckets of system events
SECURITY_EVENT int 4 ((0)) Which buckets of security events
DAMPER int 4 ((0)) Minimum quiet time between alerts in minutes; 0 means autodamper which is 60 minutes
BATCH_FILE_NAME nvarchar 128 ('') Batch file or executable to be executed when the notification is triggered
NAME nvarchar 510 ('') Name of notification configuration
IS_MAIL_TO_SYS_ADMIN tinyint 1 ('1') Flag for mailing to System Administrator
CLIENTPACKAGE_TYPE int 4 ('0') Client package type
TZ_NAME varchar 255 ('') Time zone when admin created the notification so that e-mailed reports can display dates in admin's local time zone.
CLIENT_TRIGGERED bigint 8 ((0)) Time when notification condition was last triggered. As of version 12.1.2, this column is used instead of TRIGGERED.

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
NOTAG_IDX Primary key Asc PK_NOTIFICATION