Table sem5.dbo.HPP_ALERTS
Keeps Proactive Threat Protection (TruScan) event information

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
IDX char 32
SENSITIVITY int 4 ((0)) The engine sensitivity setting that produced the detection (0...100)
DETECTION_SCORE tinyint 1 ((0)) The score of the detection (0...100)
COH_ENGINE_VERSION varchar 64 ('') Version of the TruScan engine
DIS_SUBMIT tinyint 1 ((0)) Recommendation if this detection should be submitted to Symantec (0 = No, 1 = Yes)
WHITELIST_REASON int 4 ((0)) 0 = Not on the permitted application list
100 = Symantec permitted application list
101 = Administrator permitted application list
102 = User permitted application list
USN bigint 8 ((1)) A USN-based serial number; this ID is not unique.
TIME_STAMP bigint 8 ((0)) The time when the event is logged into system (GMT), which is server side time
DELETED tinyint 1 ((0)) Deleted row; 0 = Not Deleted, 1 = Deleted
DISPOSITION tinyint 1 ((127)) Where the value 127 for DISPOSITION means that there was no reputation data available for this detection.
CONFIDENCE int 4 ((0)) The Confidence level that produced the conviction.
>= 100: Extremely High [100..]
>= 65: High [65..99]
>= 25: Medium [25..64]
>= 10: Low [10..24]
>=1: Symantec knows very little about the file/unknown [1..9]
0 is not a valid value. We can say unknown also for 0.
Default is 0
PREVALENCE int 4 ((0)) The prevalence data for the application
0: Unknown.
1-50: Very low
51-100: Low
101-150: Moderate
151-200: High
201-255: Very high
> 255: Very high
Default is 0
URL nvarchar 512 ('') The URL determined from where the image was downloaded from.
Default is "".
This field belongs to creator for dropper application
The creator process of the dropper threat.
Default is "".
WEB_DOMAIN nvarchar 126 ('') Web domain
DOWNLOADER varchar 256 ('') The creator process of the dropper threat.
Default is "".
CIDS_ONOFF tinyint 1 ((127)) Enabled state of CIDS
0 = off
1 = on
2 = not installed
127 = unknown.
Default is 127
RISK_LEVEL tinyint 1 ((0)) The risk level (high, med, low) for the convicted threat.
0 -- Unknown
1 or 2 -- Low
3 -- Medium
4 -- High
Default is 0.
AGREEMENT_ACK varchar 256 ('') Agreement acknowledge

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
IDX Primary key Asc PK_HPP_ALERTS