Table sem5.dbo.THREATREPORT
Keeps the administrator-defined filters for the Risk and TruScan logs

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
THREATFILTER_IDX char 32
USER_ID char 32 ('')
FILTERNAME nvarchar 510 ('')
STARTDATEFROM datetime 16,3 ('19700101') Starting date
STARTDATETO datetime 16,3 ('19700101') Ending date
RELATIVEDATETYPE int 4 ('0') 0 = past week
1 = past month
2 = past three months
3 = past year
4 = past 24 hours
5 = current month
FILTER_TYPE tinyint 1 ((0)) 1 = Risk , 2 = Proactive Threat Protection
PRODUCT varchar 32 ('generic') Not used
EVENTTYPE varchar 32 ('') Possibilities here are in the ALERTMSG table
ACTUALACTION varchar 32 ('') Possibilities here are in the ACTUALACTION table
SOURCE varchar 255 ('') Hard-coded English lookup key:
Scheduled Scan
Manual Scan
Real Time Scan
Heuristic Scan
Console
Definition downloader
System
Startup Scan
Idle Scan
Manual Quarantine
SORTORDER varchar 32 ('ALERTDATETIME') Which column to use for the log view sort
SORTDIR varchar 5 ('DESC') Either 'asc' or 'desc'
TIMEBASE varchar 32 ('') Deprecated
TREATCOMPRESSED varchar 32 ('') Deprecated
SERVERGROUPLIST nvarchar 510 ('%') Comma-separated, wild-carded list of domains by which to filter
SERVERGROUPINCLUDE int 4 ('0') Whether to include (1) or exclude (0) the domains in the list. (Always set to 1 in SAV 11.0.)
CLIENTGROUPLIST nvarchar 510 ('%') Comma-separated, wild-carded list of client groups by which to filter
CLIENTGROUPINCLUDE int 4 ('0') Whether to include (1) or exclude (0) the client groups in the list. (Always set to 1 in SAV 11.0.)
PARENTSERVERLIST nvarchar 510 ('%') Comma-separated, wild-carded list of SEPM servers by which to filter
PARENTSERVERINCLUDE int 4 ('0') Whether to include (1) or exclude (0) the servers in the list. (Always set to 1 in SAV 11.0.)
COMPUTERLIST nvarchar 1024 ('%') Comma-separated, wild-carded list of computers by which to filter
COMPUTERINCLUDE int 4 ('0') Whether to include (1) or exclude (0) the computers in the list. (Always set to 1 in SAV 11.0.)
IPADDRESSLIST nvarchar 510 ('%') Comma-separated, wild-carded list of IP addresses by which to filter
IPADDRESSINCLUDE int 4 ('0') Whether to include (1) or exclude (0) the IP addresses in the list. (Always set to 1 in SAV 11.0.)
CLIENTUSERLIST nvarchar 510 ('%') Comma-separated, wild-carded list of users by which to filter
CLIENTUSERINCLUDE int 4 ('0') Whether to include (1) or exclude (0) the users in the list. (Always set to 1 in SAV 11.0.)
HPP_APP_LIST nvarchar 510 ('%') Comma-separated, wild-carded list of heuristic risks by which to filter
THREATLIST nvarchar 510 ('%') Comma-separated, wild-carded list of risks by which to filter
THREATINCLUDE int 4 ('0') Whether to include (1) or exclude (0) the risks in the list. (Always set to 1 in SAV 11.0.)
THREATTYPELIST varchar 255 ('%') Possibilities here are in the VIRUSCATEGORY table--no longer a list but a single item.
THREATTYPEINCLUDE int 4 ('0') Whether to include (1) or exclude (0) the risk types in the list (Always set to 1 in SAV 11.0.)
THREATCATEGORY varchar 255 ('') = -1 (Unknown)
>= 1 (Very low risk)
>= 2 (Low risk)
>= 3 (Moderate risk)
>= 4 (Severe risk)
>= 5 (Very severe risk)
LIMITROWS int 4 ('20') Number of rows to use for pagination
USERELATIVE char 2 ('on') Use relative dates ('on') or absolute dates
REPORT_IDX int 4 ('0') Not used
REPORTINPUTS nvarchar 510 ('') Special parameters if report needs them
FROMUSERLIST nvarchar 510 ('%') Deprecated
FROMUSERINCLUDE int 4 ((0)) Deprecated
USN bigint 8 ((1)) A USN-based serial number; this ID is not unique.
TIME_STAMP bigint 8 ((0)) The time when the event is logged into system (GMT), which is server side time
DELETED tinyint 1 ((0)) Deleted row: 0 = Not deleted, 1 = Deleted
FULL_CHARTS varchar 255 ('') Admin-specified list of charts to include in the Antivirus Comprehensive report
R_OS_TYPE int 4  √  ((-1)) Operating System type running on the client computer:
RISK_LEVEL varchar 32 ('') SONAR log filter field for Risk level. One of the following:
All (>= -1)
Unknown (= 0)
Low (>= 1)
Medium (= 3)
High (= 4)
WEB_DOMAIN nvarchar 126 ('%') Risk report filter for Web domain name
WEB_DOMAIN_INCLUDE int 4 ((0)) Whether the Web domain filter is in use or not for this particular saved filter. This is not currently used.

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
USER_ID + FILTERNAME + FILTER_TYPE Primary key Asc/Asc/Asc PK_THREATREPORT