Table sem5.dbo.BEHAVIOR_REPORT
Keeps the administrator-defined filters for the Application Control log

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
BEHAVIORFILTER_IDX char 32
USER_ID char 32 ('')
FILTERNAME nvarchar 510 ('')
STARTDATEFROM datetime 16,3 ('19700101') Filter start date
STARTDATETO datetime 16,3 ('19700101') Filter end date
RELATIVEDATETYPE int 4 ((0)) 0 = past week
1 = past month
2 = past three months
3 = past year
4 = past 24 hours
5 = current month
BEHAVIORTYPE tinyint 1 ((0)) 1 = Application type, 2 = Device Control type
SEVERITY int 4  √  (NULL) 1 = Critical
5 = Major
9 = Minor
13 = Information
EVENTTYPE int 4  √  (NULL) For Application Control
501 = Application Control Driver
502 = Application Control Rules
999 = Tamper Protection
ACTION tinyint 1  √  (NULL) 0 = Allow
1 = Block
2 = Ask
3 = Continue
4 = Terminate
SERVERGROUPLIST nvarchar 510 ('') Comma-separated, wild-carded domain names by which to filter
CLIENTGROUPLIST nvarchar 510 ('') Comma-separated, wild-carded group names by which to filter
PARENTSERVERLIST nvarchar 510 ('') Comma-separated, wild-carded server names by which to filter
COMPUTERLIST nvarchar 1024 ('') Comma-separated, wild-carded computer names by which to filter
SITELIST nvarchar 510 ('') Comma-separated, wild-carded site names by which to filter
CALLERPROCESSLIST nvarchar 510 ('') Comma-separated, wild-carded process names by which to filter
IPADDRESSLIST nvarchar 510 ('') Comma-separated, wild-carded IP by which to filter
USERLIST nvarchar 510 ('') Comma-separated, wild-carded user names by which to filter
TEST_MODE tinyint 1  √  (NULL) 1 = Yes, 0 = No
SORTORDER varchar 32 ('EVENT_TIME') Table column to sort by
SORTDIR varchar 5 ('DESC') DESC = descending order, ASC = Ascending order
LIMITROWS int 4 ((20)) Number of rows to show for pagination
USERELATIVE char 2 ('on') Use relative dates ('on') or absolute dates
REPORT_IDX int 4 ('0') Not used
REPORTINPUTS nvarchar 128 ('') Special parameters if report needs them
USN bigint 8 ((1)) A USN-based serial number; this ID is not unique.
TIME_STAMP bigint 8 ((0)) The time when the event is logged into system (GMT), which is server side time
DELETED tinyint 1 ((0)) Deleted flag; 0 = Not deleted, 1 = Deleted
FILE_UPDOWN tinyint 1 ((0)) Greater than or less than. Used for filtering in association with FILE_SIZE in this table.
0 = don't filter with this
1 = greater than
2 = less than
FILE_SIZE tinyint 1 ((0)) Size of the file in MB associated with the application control violation (used for filtering)

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
USER_ID + FILTERNAME + BEHAVIORTYPE Primary key Asc/Asc/Asc PK_BEHAVIORREPORT