SchemaSpy Analysis of sem5.dbo - ColumnsSymantec Endpoint Protection Manager Database Schema | Generated by SchemaSpy |
Generated by SchemaSpy on Mon Oct 29 12:07 PDT 2012 |
| |||||
|
sem5.dbo contains 2718 columns - click on heading to sort:
Table | Column | Type | Size | Nulls | Auto | Default | Comments |
---|---|---|---|---|---|---|---|
OAUTH_CLIENT_DETAILS | ACCESS_TOKEN_VALIDITY | int | 4 | √ | null | ||
NOTIFICATIONALERTS | ACKNOWLEDGED | int | 4 | ((0)) | Flag whether the alert has been acknowledged | ||
NOTIFICATIONALERTS | ACKNOWLEDGED_TIME | datetime | 16,3 | ('19700101') | Time when notification was acknowledged | ||
NOTIFICATIONALERTS | ACKNOWLEDGED_USERID | char | 32 | ('') | GUID of user who acknowledged this notification | ||
NOTIFICATION | ACTACTION | varchar | 255 | ('%') | % = No filter (all) 1 = Quarantined 3 = Deleted 4 = Left alone 5 = Cleaned 6 = Cleaned or macros deleted 14 = Pending repair 15 = Partially repaired 16 = Process termination pending restart 17 = Excluded 19 = Cleaned by deletion 20 = Access denied 21 = Process terminated 22 = No repair available 23 = All actions failed 98 = Suspicious |
||
AGENT_BEHAVIOR_LOG_1 | ACTION | int | 4 | √ | null | What we did: 0 = allow 1 = block 2 = ask 3 = continue 4 = terminate |
|
AGENT_BEHAVIOR_LOG_2 | ACTION | int | 4 | √ | null | What we did: 0 = allow 1 = block 2 = ask 3 = continue 4 = terminate |
|
BEHAVIOR_REPORT | ACTION | tinyint | 1 | √ | (NULL) | 0 = Allow 1 = Block 2 = Ask 3 = Continue 4 = Terminate |
|
COMPLIANCE_REPORT | ACTION | varchar | 32 | ('') | For Enforcer Client: Authenticated, Disconnected, Passed, Rejected, Failed | ||
ENFORCER_CLIENT_LOG_1 | ACTION | varchar | 256 | √ | null | Enforcer's action on this client (hard-coded English string used as lookup) Authenticated = Agent's UID is correct Rejected = Agent's UID is wrong or there's no agent running Disconnected = Agent disconnects from Enforcer or Enforcer service stops Passed = Agent has passed Host Integrity check Failed = Agent has failed Host Integrity check |
|
ENFORCER_CLIENT_LOG_2 | ACTION | varchar | 256 | √ | null | Enforcer's action on this client (hard-coded English string used as lookup) Authenticated = Agent's UID is correct Rejected = Agent's UID is wrong or there's no agent running Disconnected = Agent disconnects from Enforcer or Enforcer service stops Passed = Agent has passed Host Integrity check Failed = Agent has failed Host Integrity check |
|
SEM_COMPLIANCE_CRITERIA | ACTION | varchar | 64 | ('') | hard-coded English key - one of: check remediation |
||
SEM_COMPLIANCE_CRITERIA_2 | ACTION | varchar | 64 | ('') | |||
V_AGENT_BEHAVIOR_LOG | ACTION | int | 4 | √ | null | ||
V_ENFORCER_CLIENT_LOG | ACTION | varchar | 256 | √ | null | ||
ANOMALYDETECTION | ACTION_OPERAND | nvarchar | 1024 | ('') | File or registry key on which this action took place | ||
ANOMALYREMEDIATION | ACTION_OPERAND | nvarchar | 1024 | ('') | File or registry key on which this action took place. | ||
ANOMALYDETECTION | ACTION_OPERAND_HASH | char | 32 | √ | null | Hash value for the column ACTION_OPERAND | |
ANOMALYREMEDIATION | ACTION_OPERAND_HASH | char | 32 | √ | null | Hash value for the column ACTION_OPERAND | |
AGENT_BEHAVIOR_LOG_1 | ACTION_TYPE | smallint | 2 | √ | null | Violation type that triggered the SymProtect event. Valid values are between 0 to 58 both inclusive. |
|
AGENT_BEHAVIOR_LOG_2 | ACTION_TYPE | smallint | 2 | √ | null | Violation type that triggered the SymProtect event. Valid values are 0 to 58 inclusive. |
|
V_AGENT_BEHAVIOR_LOG | ACTION_TYPE | smallint | 2 | √ | null | ||
ACTUALACTION | ACTUALACTION | varchar | 255 | ('') | A hard-coded English string used for the following lookups: -1 = Action invalid 1 = Quarantined 2 = Renamed 3 = Deleted 4 = Left alone 5 = Cleaned 6 = Cleaned or macros deleted 7 = Saved 9 = Moved back 10 = Renamed back 11 = Undone 12 = Bad 13 = Backed up 14 = Pending repair 15 = Partially repaired 16 = Process termination pending restart 17 = Excluded 18 = Restart processing 19 = Cleaned by deletion 20 = Access denied 21 = Process terminated 22 = No repair available 23 = All actions failed 98 = Suspicious 99 = Details pending 110 = Detected by using the commercial application list 111 = Forced detection by using the file name 1000 = Forced detection by using the file hash 500 = Not applicable |
||
ALERTFILTER | ACTUALACTION | varchar | 255 | ('') | Not used | ||
THREATREPORT | ACTUALACTION | varchar | 32 | ('') | Possibilities here are in the ACTUALACTION table | ||
ACTUALACTION | ACTUALACTION_IDX | int | 4 | ||||
ALERTS | ACTUALACTION_IDX | int | 4 | ((0)) | Pointer to table 'actualaction'; this is the action taken on the risk | ||
V_ALERTS | ACTUALACTION_IDX | int | 4 | ||||
SERVER_POLICY_LOG_1 | ADMIN_ID | char | 32 | GUID of the administrator who is modifying the policy | |||
SERVER_POLICY_LOG_2 | ADMIN_ID | char | 32 | GUID of the administrator who is modifying the policy | |||
V_SERVER_POLICY_LOG | ADMIN_ID | char | 32 | ||||
SERVER_ADMIN_LOG_1 | ADMIN_NAME | nvarchar | 500 | Administrator name | |||
SERVER_ADMIN_LOG_2 | ADMIN_NAME | nvarchar | 500 | Administrator name | |||
V_SERVER_ADMIN_LOG | ADMIN_NAME | nvarchar | 500 | ||||
ADMIN_GROUP_REFRESH_INFO | ADMINCONTEXT_ID | char | 32 | ||||
AGENT_BEHAVIOR_LOG_1 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_BEHAVIOR_LOG_2 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_PACKET_LOG_1 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_PACKET_LOG_2 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_SECURITY_LOG_1 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_SECURITY_LOG_2 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_SYSTEM_LOG_1 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_SYSTEM_LOG_2 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_TRAFFIC_LOG_1 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
AGENT_TRAFFIC_LOG_2 | AGENT_ID | char | 32 | √ | null | GUID of the agent | |
COMPUTER_APPLICATION | AGENT_ID | char | 32 | GUID of the agent | |||
LAN_DEVICE_DETECTED | AGENT_ID | char | 32 | GUID of the agent | |||
LEGACY_AGENT | AGENT_ID | char | 32 | GUID in the SEM_AGENT tablet | |||
SCFINVENTORY | AGENT_ID | char | 32 | ||||
SEM_AGENT | AGENT_ID | char | 32 | ||||
SEM_CONTENT | AGENT_ID | char | 32 | GUID of the agent | |||
SERVER_CLIENT_LOG_1 | AGENT_ID | char | 32 | GUID of the agent | |||
SERVER_CLIENT_LOG_2 | AGENT_ID | char | 32 | GUID of the agent | |||
V_AGENT_BEHAVIOR_LOG | AGENT_ID | char | 32 | √ | null | ||
V_AGENT_PACKET_LOG | AGENT_ID | char | 32 | √ | null | ||
V_AGENT_SECURITY_LOG | AGENT_ID | char | 32 | √ | null | ||
V_AGENT_SYSTEM_LOG | AGENT_ID | char | 32 | √ | null | ||
V_AGENT_TRAFFIC_LOG | AGENT_ID | char | 32 | √ | null | ||
V_LAN_DEVICE_DETECTED | AGENT_ID | char | 32 | ||||
V_SECURITY_VIEW | AGENT_ID | char | 32 | √ | null | ||
V_SEM_CONTENT | AGENT_ID | char | 32 | ||||
V_SERVER_CLIENT_LOG | AGENT_ID | char | 32 | ||||
AGENT_SECURITY_LOG_1 | AGENT_SECURITY_LOG_IDX | char | 32 | √ | null | Log index unique ID | |
AGENT_SECURITY_LOG_2 | AGENT_SECURITY_LOG_IDX | char | 32 | √ | null | Log index unique ID | |
SEM_COMPLIANCE_CRITERIA | AGENT_SECURITY_LOG_IDX | char | 32 | Foreign key to V_AGENT_SECURITY.AGENT_SECURITY_LOG_IDX | |||
SEM_COMPLIANCE_CRITERIA_2 | AGENT_SECURITY_LOG_IDX | char | 32 | ||||
V_AGENT_SECURITY_LOG | AGENT_SECURITY_LOG_IDX | char | 32 | √ | null | ||
SEM_AGENT | AGENT_TYPE | varchar | 64 | √ | null | Type of the agent installed: 105 = Symantec Endpoint Protection 151 = Symantec Network Access Control |
|
SEM_SVA | AGENT_TYPE | varchar | 64 | √ | null | ||
AGENT_SECURITY_LOG_1 | AGENT_VERSION | nvarchar | 128 | √ | null | Agent version number of client | |
AGENT_SECURITY_LOG_2 | AGENT_VERSION | nvarchar | 128 | √ | null | Agent version number of client | |
SEM_AGENT | AGENT_VERSION | nvarchar | 128 | √ | null | Version of agent software | |
V_AGENT_SECURITY_LOG | AGENT_VERSION | nvarchar | 128 | √ | null | ||
AGENTSTATUS | AGENTNAME | varchar | 255 | ('') | Name associated with this agent (for LogSender agents: Server Group name; for LogSenderSAVSMTP agents: mail gateway host name; for ClientInventory agents: name of Parent Server; else: blank) | ||
AGENTCONFIG | AGENTTYPE | varchar | 20 | ('') | 1 = LogSender 2 = ClientInventory 3 = LogReaderInventory 4 = LogReaderEvents 5 = NotificationAgent 6 = HistoryAgent 7 = VirusCategory 8 = DBmaint 9 = Backup 10 = DiskFull |
||
AGENTSTATUS | AGENTTYPE | varchar | 255 | ('') | Type of Agent: SAV 10.x LogSender ClientInventory SAV 11.x AgentSweepingTask (Database maintenance) TopThreatsTask (Gathers top and latest threats information) VirusCatTask (Gathers virus properties) ThreatCatTask (Gathers risk properties) |
||
HPP_ALERTS | AGREEMENT_ACK | varchar | 256 | ('') | Agreement acknowledge | ||
AGENT_BEHAVIOR_LOG_1 | ALERT | int | 4 | √ | null | Indicates whether this event will be counted during alert notification processing at the server. It is true if the event is logged by Tamper Protection. It is false otherwise. (True =1, False = 0) | |
AGENT_BEHAVIOR_LOG_2 | ALERT | int | 4 | √ | null | Indicates whether this event will be counted during alert notification processing at the server. It is true if the event is logged by Tamper Protection. It is false otherwise. (True =1, False = 0) | |
AGENT_PACKET_LOG_1 | ALERT | int | 4 | √ | null | It reflects the alert attribute in profile action. It is true if action::alert is true. (Yes = 1, no = 0) | |
AGENT_PACKET_LOG_2 | ALERT | int | 4 | √ | null | It reflects the alert attribute in profile action. It is true if action::alert is true. (Yes = 1, no = 0) | |
AGENT_SECURITY_LOG_1 | ALERT | tinyint | 1 | √ | null | It reflects the alert attribute in profile action. It is true if action::alert is true. (Yes = 1, No = 0) | |
AGENT_SECURITY_LOG_2 | ALERT | tinyint | 1 | √ | null | It reflects the alert attribute in profile action. It is true if action::alert is true. (Yes = 1, No = 0) | |
AGENT_TRAFFIC_LOG_1 | ALERT | tinyint | 1 | √ | null | It reflects the alert attribute in profile action. It is true if action::alert is true. (Yes = 1, No = 0) | |
AGENT_TRAFFIC_LOG_2 | ALERT | tinyint | 1 | √ | null | It reflects the alert attribute in profile action. It is true if action::alert is true. (Yes = 1, No = 0) | |
ALERTMSG | ALERT | varchar | 128 | ('') | This is a hard-coded English string used as a look-up corresponding to an event ID from sender agent as follows: 1 = Virus found 2 = Security risk found 3 is not used 4 is not used 5 = Commercial application detected 6 = Forced proactive threat detected 7 = Proactive detection now permitted 8 = Potential risk found 9 = Risk sample submitted to Symantec |
||
ENFORCER_TRAFFIC_LOG_1 | ALERT | tinyint | 1 | It reflects the alert attribute in profile action. It is true if action::alert is true. | |||
ENFORCER_TRAFFIC_LOG_2 | ALERT | tinyint | 1 | It reflects the alert attribute in profile action. It is true if action::alert is true. | |||
LAN_DEVICE_DETECTED | ALERT | tinyint | 1 | √ | null | It reflects the alert attribute in profile action. It is true if action::alert is true. | |
V_AGENT_BEHAVIOR_LOG | ALERT | int | 4 | √ | null | ||
V_AGENT_PACKET_LOG | ALERT | int | 4 | √ | null | ||
V_AGENT_SECURITY_LOG | ALERT | tinyint | 1 | √ | null | ||
V_AGENT_TRAFFIC_LOG | ALERT | tinyint | 1 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | ALERT | tinyint | 1 | ||||
V_LAN_DEVICE_DETECTED | ALERT | tinyint | 1 | √ | null | ||
V_SECURITY_VIEW | ALERT | int | 4 | √ | null | ||
ANOMALYDETECTIONS | ALERT_EVENT_IDX | char | 32 | Foreign key to ALERTS.IDX | |||
ANOMALYREMEDIATIONS | ALERT_EVENT_IDX | char | 32 | Foreign key to ALERTS.IDX | |||
ALERTMSG | ALERT_IDX | int | 4 | ||||
ALERTS | ALERT_IDX | int | 4 | ((0)) | Pointer to table ALERTMSG | ||
V_ALERTS | ALERT_IDX | int | 4 | ||||
ALERTS | ALERTDATETIME | datetime | 16,3 | ('19700101') | Time of event occurrences | ||
NOTIFICATIONALERTS | ALERTDATETIME | datetime | 16,3 | ('19700101') | Time stamp when the alert was generated | ||
V_ALERTS | ALERTDATETIME | datetime | 16,3 | ||||
ALERTS | ALERTENDDATETIME | datetime | 16,3 | ('19700101') | Time at which event ended. This is the end of the aggregated event time. | ||
V_ALERTS | ALERTENDDATETIME | datetime | 16,3 | ||||
ALERTFILTER | ALERTFILTER_IDX | char | 32 | ||||
ALERTS | ALERTINSERTTIME | datetime | 16,3 | ('19700101') | Time at which event was inserted in to the database | ||
V_ALERTS | ALERTINSERTTIME | datetime | 16,3 | ||||
ANOMALYDETECTION | ANOMALY_DETECTION_IDX | char | 32 | ||||
ANOMALYDETECTIONS | ANOMALY_DETECTION_IDX | char | 32 | Pointer to table 'anomalydetection' | |||
ANOMALYDETECTION | ANOMALY_DETECTION_OPERATION_ID | int | 4 | ((0)) | Pointer to table 'Anomalydetectionoperation' | ||
ANOMALYDETECTION | ANOMALY_DETECTION_TYPE_ID | int | 4 | ((0)) | Pointer to table 'Anomalydetectiontype' | ||
ANOMALYREMEDIATION | ANOMALY_REMEDIATION_IDX | char | 32 | ||||
ANOMALYREMEDIATIONS | ANOMALY_REMEDIATION_IDX | char | 32 | Pointer to table 'anomalyremediation' | |||
ANOMALYREMEDIATION | ANOMALY_REMEDIATION_OPERATION_ID | int | 4 | ((0)) | Pointer to table 'anomalyremediationoperation' | ||
ANOMALYREMEDIATION | ANOMALY_REMEDIATION_TYPE_ID | int | 4 | ((0)) | Pointer to table 'anomalyremediationtype' | ||
SEM_AGENT | AP_ONOFF | tinyint | 1 | ((127)) | AutoProtect status: 1 = on 2 = Not installed 0 = off 127 = Not reporting |
||
SEM_APPLICATION | APP_DESCRIPTION | nvarchar | 2048 | √ | null | Description of the learned application | |
COMPUTER_APPLICATION | APP_HASH | char | 32 | Hash value of the learned application record | |||
HPP_APPLICATION | APP_HASH | varchar | 64 | HASH for this application | |||
SEM_APPLICATION | APP_HASH | char | 32 | Checksum of the learned application. Including name, path, file checksum, file size and so on. | |||
HPP_APPLICATION | APP_IDX | char | 32 | ||||
AGENT_PACKET_LOG_1 | APP_NAME | nvarchar | 512 | √ | null | The full path name of the application involved. It may be empty if an unknown application is involved or if no application is involved. For example, the ping of death DoS attack does not have an AppName because it attacks the operating system. | |
AGENT_PACKET_LOG_2 | APP_NAME | nvarchar | 512 | √ | null | The full path name of the application involved. It may be empty if an unknown application is involved or if no application is involved. For example, the ping of death DoS attack does not have an AppName because it attacks the operating system. | |
AGENT_SECURITY_LOG_1 | APP_NAME | nvarchar | 512 | √ | null | The full path of application involved. It may be empty if unknown application is involved with that or no application involved. For example, the ping of death DoS attacking does not have AppName because it attacks OS itself. | |
AGENT_SECURITY_LOG_2 | APP_NAME | nvarchar | 512 | √ | null | The full path of application involved. It may be empty if unknown application is involved with that or no application involved. For example, the ping of death DoS attacking does not have AppName because it attacks OS itself. | |
AGENT_TRAFFIC_LOG_1 | APP_NAME | nvarchar | 512 | √ | null | The full path of application involved. It may be empty if an unknown application is involved or if no application is involved. For example, the ping of death DoS attack does not have AppName because it attacks the operating system itself. | |
AGENT_TRAFFIC_LOG_2 | APP_NAME | nvarchar | 512 | √ | null | The full path of application involved. It may be empty if an unknown application is involved or if no application is involved. For example, the ping of death DoS attack does not have AppName because it attacks the operating system itself. | |
HPP_APPLICATION | APP_NAME | nvarchar | 520 | ('') | Application name | ||
OAUTH_CLIENT_DETAILS | APP_NAME | nvarchar | 400 | √ | null | ||
V_AGENT_PACKET_LOG | APP_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_SECURITY_LOG | APP_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_TRAFFIC_LOG | APP_NAME | nvarchar | 512 | √ | null | ||
HPP_APPLICATION | APP_TYPE | int | 4 | ((-1)) | Application type: 0 = Trojan worm 1 = Trojan worm 2 = Key logger 100 = Remote control |
||
HPP_APPLICATION | APP_VERSION | nvarchar | 512 | ('') | Application version | ||
SEM_APPLICATION | APPLICATION_NAME | nvarchar | 520 | ('') | Name of the learned application | ||
SEM_APPLICATION | APPLICATION_PATH | nvarchar | 520 | √ | null | Path of the learned application | |
SEM_AGENT | ATTRIBUTE_EXTENSION | nvarchar | 4000 | √ | null | Not used | |
AUDIT_REPORT | AUDITFILTER_IDX | char | 32 | ||||
OAUTH_ACCESS_TOKEN | AUTHENTICATION | image | 2147483647 | √ | null | ||
OAUTH_REFRESH_TOKEN | AUTHENTICATION | image | 2147483647 | √ | null | ||
OAUTH_ACCESS_TOKEN | AUTHENTICATION_ID | varchar | 80 | √ | null | ||
OAUTH_CLIENT_DETAILS | AUTHORITIES | varchar | 200 | √ | null | ||
OAUTH_CLIENT_DETAILS | AUTHORIZED_GRANT_TYPES | varchar | 80 | √ | null | ||
ADMINUSER | AUTOREFRESH | int | 4 | ((0)) | User-defined auto refresh value for all logs (events.php, alerts.php) | ||
ALERTS | AV_PRODUCT | varchar | 256 | √ | (NULL) | AV product name | |
V_ALERTS | AV_PRODUCT | varchar | 256 | √ | null | ||
ALERTS | AV_PRODUCT_VERSION | varchar | 64 | √ | (NULL) | AV product version | |
V_ALERTS | AV_PRODUCT_VERSION | varchar | 64 | √ | null | ||
INVENTORYREPORT | AVENGINE_ONOFF | tinyint | 1 | √ | ((127)) | Antivirus Engine Status: 0 = filter for off, 127 = No filter (all) |
|
SEM_AGENT | AVENGINE_ONOFF | tinyint | 1 | ((127)) | RTVScan status: 1 = on 2 = Not installed 0 = off 127 = Not reporting |
||
SEM_AGENT | BASH_STATUS | tinyint | 1 | ((0)) | SONAR status: 0 = off 1= on 2 = not installed 3 = off by policy 4 = malfunction It was meant to be for more granular op-state, but currently, it is the same as PTP_ONOFF.< /internalUse> |
||
NOTIFICATION | BATCH_FILE_NAME | nvarchar | 128 | ('') | Batch file or executable to be executed when the notification is triggered | ||
AGENT_BEHAVIOR_LOG_1 | BEGIN_TIME | bigint | 8 | √ | null | The begin time of security issue | |
AGENT_BEHAVIOR_LOG_2 | BEGIN_TIME | bigint | 8 | √ | null | The begin time of security issue | |
AGENT_SECURITY_LOG_1 | BEGIN_TIME | bigint | 8 | √ | null | The begin time of security issue | |
AGENT_SECURITY_LOG_2 | BEGIN_TIME | bigint | 8 | √ | null | The begin time of security issue | |
AGENT_TRAFFIC_LOG_1 | BEGIN_TIME | bigint | 8 | √ | null | The begin time of security issue | |
AGENT_TRAFFIC_LOG_2 | BEGIN_TIME | bigint | 8 | √ | null | The begin time of security issue | |
COMMAND | BEGIN_TIME | bigint | 8 | ((0)) | Time that the command launched at the client in GMT | ||
ENFORCER_TRAFFIC_LOG_1 | BEGIN_TIME | bigint | 8 | √ | null | The begin time of Enforcer event | |
ENFORCER_TRAFFIC_LOG_2 | BEGIN_TIME | bigint | 8 | √ | null | The begin time of Enforcer event | |
V_AGENT_BEHAVIOR_LOG | BEGIN_TIME | bigint | 8 | √ | null | ||
V_AGENT_SECURITY_LOG | BEGIN_TIME | bigint | 8 | √ | null | ||
V_AGENT_TRAFFIC_LOG | BEGIN_TIME | bigint | 8 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | BEGIN_TIME | bigint | 8 | √ | null | ||
BEHAVIOR_REPORT | BEHAVIORFILTER_IDX | char | 32 | ||||
BEHAVIOR_REPORT | BEHAVIORTYPE | tinyint | 1 | ((0)) | 1 = Application type, 2 = Device Control type | ||
HYPERVISOR_PATTERN | BIOS_MANUFACTURER_PREFIX | varchar | 128 | √ | null | ||
HYPERVISOR_PATTERN | BIOS_SERIALNUMBER_PREFIX | varchar | 128 | √ | null | ||
SEM_COMPUTER | BIOS_VERSION | varchar | 128 | √ | null | BIOS version | |
SEM_SVA_COMPUTER | BIOS_VERSION | varchar | 128 | √ | null | ||
V_SEM_COMPUTER | BIOS_VERSION | varchar | 128 | √ | null | ||
AGENT_PACKET_LOG_1 | BLOCKED | tinyint | 1 | Specify if the traffic was blocked (Yes = 1, no = 0) | |||
AGENT_PACKET_LOG_2 | BLOCKED | tinyint | 1 | Specify if the traffic was blocked (Yes = 1, no = 0) | |||
AGENT_TRAFFIC_LOG_1 | BLOCKED | tinyint | 1 | Specify if the traffic was blocked. (Yes = 1, No = 0) | |||
AGENT_TRAFFIC_LOG_2 | BLOCKED | tinyint | 1 | Specify if the traffic was blocked. (Yes = 1, No = 0) | |||
COMPLIANCE_REPORT | BLOCKED | tinyint | 1 | √ | (NULL) | 0 = Blocked, 1 = Not Blocked | |
ENFORCER_TRAFFIC_LOG_1 | BLOCKED | tinyint | 1 | Specify if the traffic was blocked. (0 = blocked, 1 = Not blocked ** note the difference in values between this and the AGENT_TRAFFIC_LOG_x tables) | |||
ENFORCER_TRAFFIC_LOG_2 | BLOCKED | tinyint | 1 | Specify if the traffic was blocked. (0 = blocked, 1 = Not blocked ** note the difference in values between this and the AGENT_TRAFFIC_LOG_x tables) | |||
FIREWALL_REPORT | BLOCKED | int | 4 | √ | (NULL) | 1 = Blocked, 0 = Not blocked | |
V_AGENT_PACKET_LOG | BLOCKED | tinyint | 1 | ||||
V_AGENT_TRAFFIC_LOG | BLOCKED | tinyint | 1 | ||||
V_ENFORCER_TRAFFIC_LOG | BLOCKED | tinyint | 1 | ||||
AGENT_BEHAVIOR_LOG_1 | CALLER_PROCESS_ID | bigint | 8 | √ | null | ID of the Process that triggers the logging | |
AGENT_BEHAVIOR_LOG_2 | CALLER_PROCESS_ID | bigint | 8 | √ | null | ID of the Process that triggers the logging | |
V_AGENT_BEHAVIOR_LOG | CALLER_PROCESS_ID | bigint | 8 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | CALLER_PROCESS_NAME | nvarchar | 512 | √ | null | The full path name of the application involved. It may be empty if the application is unknown, or if OS itself is involved, or if no application is involved. Also, it may be empty if profile says"don't log application name in raw traffic log". | |
AGENT_BEHAVIOR_LOG_2 | CALLER_PROCESS_NAME | nvarchar | 512 | √ | null | The full path name of the application involved. It may be empty if the application is unknown, or if OS itself is involved, or if no application is involved. Also, it may be empty if profile says"don't log application name in raw traffic log". | |
V_AGENT_BEHAVIOR_LOG | CALLER_PROCESS_NAME | nvarchar | 512 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | CALLER_RETURN_ADDRESS | bigint | 8 | √ | null | Return address of the caller. This field allows our software to detect the calling module that makes the API call. | |
AGENT_BEHAVIOR_LOG_2 | CALLER_RETURN_ADDRESS | bigint | 8 | √ | null | Return address of the caller. This field allows our software to detect the calling module that makes the API call. | |
V_AGENT_BEHAVIOR_LOG | CALLER_RETURN_ADDRESS | bigint | 8 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | CALLER_RETURN_MODULE_NAME | nvarchar | 512 | √ | null | Module name of caller. See "CallerReturnAddress" for more information. | |
AGENT_BEHAVIOR_LOG_2 | CALLER_RETURN_MODULE_NAME | nvarchar | 512 | √ | null | Module name of caller. See CallerReturnAddress for more information. | |
V_AGENT_BEHAVIOR_LOG | CALLER_RETURN_MODULE_NAME | nvarchar | 512 | √ | null | ||
BEHAVIOR_REPORT | CALLERPROCESSLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded process names by which to filter | ||
AGENT_SYSTEM_LOG_1 | CATEGORY | int | 4 | √ | null | It is not used now. | |
AGENT_SYSTEM_LOG_2 | CATEGORY | int | 4 | √ | null | It is not used now. | |
NOTIFICATION | CATEGORY | varchar | 10 | ('>= -1') | Virus category for which this notification applies: >= -1 is no filter (all) >= 1 filters for Category 1 (Very Low) and above >= 2 filters for Category 2 (Low) and above >= 3 filters for Category 3 (Moderate) and above >= 4 filters for Category 4 (Severe) and above >= 5 filters for Category 5 (Very Severe) = -1 filters for unknown |
||
V_AGENT_SYSTEM_LOG | CATEGORY | int | 4 | √ | null | ||
V_VIRUS | CATEGORY | int | 4 | ||||
VIRUS | CATEGORY | int | 4 | ((-1)) | Current category (as downloaded from Symantec's web site). Values are 1 through 5 where 1 is very low and 5 is very severe. -1 means unknown or not applicable. This rating is only applicable to viral threats. | ||
VIRUSCATEGORY | CATEGORY_DESC | nvarchar | 510 | ('') | Category description, Category_Desc (English string key used for lookup) 0 = Viral 1 = Non-Viral malicious 2 = Malicious 3 = Heuristic /* 4 = Security risk */ 5 = Hack tool 6 = Spyware 7 = Trackware 8 = Dialer 9 = Remote access 10 = Adware 11 = Jokeware 12 = Client compliancy 13 = Generic load point 14 = ApplicationHeuristic 15 = Cookie |
||
LICENSE | CHAINID | char | 32 | foreign key to LICENSE_CHAIN table | |||
BASIC_METADATA | CHECKSUM | char | 32 | Checksum of XML content | |||
BINARY_FILE | CHECKSUM | char | 32 | √ | null | Checksum of XML content | |
LICENSE_CHAIN | CHECKSUM | char | 32 | foreign key to LICENSE_CHAIN table | |||
LOCAL_METADATA | CHECKSUM | char | 32 | √ | null | Checksum of XML content | |
REPORTS | CHECKSUM | char | 32 | Checksum of XML content | |||
SEM_APPLICATION | CHECKSUM | char | 32 | File checksum of the application binary | |||
SYSTEM_STATE | CHECKSUM | char | 32 | Checksum of XML content | |||
INVENTORYREPORT | CIDS_BROWSER_FF_ONOFF | tinyint | 1 | ((127)) | See SEM_AGENT.CIDS_BROWSER_FF_ONOFF. Included again in this table because it represents a filter option. | ||
SEM_AGENT | CIDS_BROWSER_FF_ONOFF | tinyint | 1 | ((127)) | FireFox browser protection status (0-4 enumeration) | ||
INVENTORYREPORT | CIDS_BROWSER_IE_ONOFF | tinyint | 1 | ((127)) | See SEM_AGENT.CIDS_BROWSER_IE_ONOFF. Included again in this table because it represents a filter option. | ||
SEM_AGENT | CIDS_BROWSER_IE_ONOFF | tinyint | 1 | ((127)) | Internet Explorer browser protection status (0-4 enumeration) | ||
SEM_AGENT | CIDS_DEFSET_VERSION | varchar | 20 | √ | null | IDS definition version, this is not used in queries. The definition will be in SEM_CONTENT/PATTERN tables. | |
SEM_AGENT | CIDS_DRV_MULF_CODE | tinyint | 1 | ((0)) | IDS error code if its op-state = 4 : Possible values enum NetworkProtectionErrors { eIPSOk = 0, eIPSGeneralError, eDriverNotLoaded, eAutoblockFailure, eIDSEngineManagerFailure, eSignatureManagerFailure, eNetworkExclisionManagerFailure, eNetworkInfoManagerFailure, eUDPTrafficManagerFailure, eSymEfaManagerFailure, eProcessTrackerFailure, eSettingsManagerFailure, eWFPHookManagerFailure, eLastNetworkProtectionError = 0xffffffff }; |
||
SEM_AGENT | CIDS_DRV_ONOFF | tinyint | 1 | ((127)) | Network intrusion prevention status: 0 = off 1 = on 2 = not installed 3 = off by admin policy 127 = unknown. Default is 127 |
||
SEM_AGENT | CIDS_ENGINE_VERSION | varchar | 20 | √ | null | IDS engine version | |
HPP_ALERTS | CIDS_ONOFF | tinyint | 1 | ((127)) | Enabled state of CIDS 0 = off 1 = on 2 = not installed 127 = unknown. Default is 127 |
||
INVENTORYREPORT | CIDS_ONOFF | tinyint | 1 | ((127)) | Network intrusion prevention status: 0 = off 1 = on 2 = not installed 3 = off by admin policy 127 = unknown. Default is 127 |
||
AGENT_SECURITY_LOG_1 | CIDS_SIGN_ID | bigint | 8 | ((0)) | Signature ID | ||
AGENT_SECURITY_LOG_2 | CIDS_SIGN_ID | bigint | 8 | ((0)) | Signature ID | ||
V_AGENT_SECURITY_LOG | CIDS_SIGN_ID | bigint | 8 | ||||
AGENT_SECURITY_LOG_1 | CIDS_SIGN_SUB_ID | bigint | 8 | ((0)) | Signature sub ID | ||
AGENT_SECURITY_LOG_2 | CIDS_SIGN_SUB_ID | bigint | 8 | ((0)) | Signature sub ID | ||
V_AGENT_SECURITY_LOG | CIDS_SIGN_SUB_ID | bigint | 8 | ||||
SEM_AGENT | CIDS_SILENT_MODE | tinyint | 1 | ((0)) | Is the IDS driver installed as an internal component for another protection technology, 0 = no, 1 = yes | ||
SEM_SVA | CLIENT_COUNT | int | 4 | ((0)) | |||
ENFORCER_CLIENT_LOG_1 | CLIENT_ID | char | 32 | √ | null | Not used (logged as '') | |
ENFORCER_CLIENT_LOG_2 | CLIENT_ID | char | 32 | √ | null | Not used (logged as '') | |
ENFORCER_TRAFFIC_LOG_1 | CLIENT_ID | char | 32 | √ | null | Not used (logged as '') | |
ENFORCER_TRAFFIC_LOG_2 | CLIENT_ID | char | 32 | √ | null | Not used (logged as '') | |
LEGACY_AGENT | CLIENT_ID | char | 32 | GUID in the SEM_CLIENT tablet | |||
OAUTH_ACCESS_TOKEN | CLIENT_ID | varchar | 80 | √ | null | ||
OAUTH_CLIENT_DETAILS | CLIENT_ID | varchar | 80 | ||||
OAUTH_REFRESH_TOKEN | CLIENT_ID | varchar | 80 | √ | null | ||
SEM_CLIENT | CLIENT_ID | char | 32 | ||||
SEM_SVA_CLIENT | CLIENT_ID | char | 32 | ||||
SERVER_ADMIN_LOG_1 | CLIENT_ID | char | 32 | √ | null | GUID of the client to which the log belongs | |
SERVER_ADMIN_LOG_2 | CLIENT_ID | char | 32 | √ | null | GUID of the client to which the log belongs | |
SERVER_CLIENT_LOG_1 | CLIENT_ID | char | 32 | √ | null | GUID of the client to which the log belongs | |
SERVER_CLIENT_LOG_2 | CLIENT_ID | char | 32 | √ | null | GUID of the client to which the log belongs | |
V_CLIENT_CHANGE_LOG | CLIENT_ID | char | 32 | ||||
V_ENFORCER_CLIENT_LOG | CLIENT_ID | char | 32 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | CLIENT_ID | char | 32 | √ | null | ||
V_SERVER_ADMIN_LOG | CLIENT_ID | char | 32 | √ | null | ||
V_SERVER_CLIENT_LOG | CLIENT_ID | char | 32 | √ | null | ||
PATTERN | CLIENT_MONIKER | varchar | 40 | ('') | Moniker for this content | ||
SEM_CONTENT | CLIENT_MONIKER | varchar | 40 | ('') | |||
V_SEM_CONTENT | CLIENT_MONIKER | varchar | 40 | ||||
LICENSE_CHAIN | CLIENT_PRODUCT_TYPE | tinyint | 1 | ((0)) | This holds value for SEP, SNAC SEP=0 SNAC=1 |
||
OAUTH_CLIENT_DETAILS | CLIENT_SECRET | varchar | 80 | √ | null | ||
NOTIFICATION | CLIENT_TRIGGERED | bigint | 8 | ((0)) | Time when notification condition was last triggered. As of version 12.1.2, this column is used instead of TRIGGERED. | ||
ALERTFILTER | CLIENTGROUP | nvarchar | 510 | ('') | Not used | ||
NOTIFICATION | CLIENTGROUP | nvarchar | 510 | ('%') | Name of client group(s) to which this notification applies (Comma-separated list, wild-cards allowed) | ||
ALERTS | CLIENTGROUP_IDX | char | 32 | ('') | Pointer to table 'identity_map'; this is the SEPM group GUID | ||
SCANS | CLIENTGROUP_IDX | char | 32 | ('') | Pointer to table IDENTITY_MAP (group GUID) | ||
V_ALERTS | CLIENTGROUP_IDX | char | 32 | ||||
THREATREPORT | CLIENTGROUPINCLUDE | int | 4 | ('0') | Whether to include (1) or exclude (0) the client groups in the list. (Always set to 1 in SAV 11.0.) | ||
BEHAVIOR_REPORT | CLIENTGROUPLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded group names by which to filter | ||
COMPLIANCE_REPORT | CLIENTGROUPLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded group names by which to filter | ||
FIREWALL_REPORT | CLIENTGROUPLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded group names by which to filter | ||
INVENTORYREPORT | CLIENTGROUPLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of group names by which to filter | ||
SCANREPORT | CLIENTGROUPLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of client groups by which to filter | ||
SYSTEM_REPORT | CLIENTGROUPLIST | nvarchar | 510 | ('') | Comma separated, wild-card group names by which to filter | ||
THREATREPORT | CLIENTGROUPLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of client groups by which to filter | ||
NOTIFICATION | CLIENTPACKAGE_TYPE | int | 4 | ('0') | Client package type | ||
INVENTORYREPORT | CLIENTTYPE | varchar | 32 | ('') | Not used | ||
SCANS | CLIENTUSER1 | nvarchar | 128 | ('') | User who was logged in when scan started | ||
SCANS | CLIENTUSER2 | nvarchar | 128 | ('') | User who was logged in when scan ended | ||
THREATREPORT | CLIENTUSERINCLUDE | int | 4 | ('0') | Whether to include (1) or exclude (0) the users in the list. (Always set to 1 in SAV 11.0.) | ||
THREATREPORT | CLIENTUSERLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of users by which to filter | ||
HPP_ALERTS | COH_ENGINE_VERSION | varchar | 64 | ('') | Version of the TruScan engine | ||
SEM_JOB | COMMAND_DESC | nvarchar | 700 | √ | null | Detail description of the command | |
COMMAND | COMMAND_ID | char | 32 | ||||
SCANS | COMMAND_ID | varchar | 32 | √ | (NULL) | Pointer to table SEM_JOB; command ID that kicked off this scan (if any) | |
SEM_JOB | COMMAND_ID | char | 32 | ||||
SEM_JOB | COMMAND_NAME | varchar | 64 | Hard-coded English string that indicates which command was launched. This is the same string as what is placed in the XML for pre-defined name. Update_Now = Update Content ScanNow_Full = Full Scan ScanNow_Quick = Active Scan ScanNow_Custom = Custom Scan Update_ScanNow_Full = Update Content and Scan Full Update_ScanNow_Quick = Update Content and Scan Quick Update_ScanNow_Custom = Update Content and Scan Custom CancelScan = Cancel Scan Reboot = Restart ApOn = Turn Auto-Protect On ApOff = Turn Auto-Protect Off FwOn = Turn Firewall On FwOff = Turn Firewall Off DeleteQuarantine = Delete from Quarantine |
|||
COMMAND_REPORT | COMMANDFILTER_IDX | char | 32 | ||||
HPP_APPLICATION | COMPANY_NAME | nvarchar | 520 | ('') | Company name | ||
SEM_APPLICATION | COMPANY_NAME | nvarchar | 520 | √ | null | Company name | |
COMPLIANCE_REPORT | COMPLIANCE_TYPE | tinyint | 1 | ((0)) | 1 = Enforcer Server 2 = Enforcer Client 3 = Enforcer Traffic 4 = Host Compliance 5 = Attack (Firewall logs) 6 = Device Control |
||
COMPLIANCE_REPORT | COMPLIANCEFILTER_IDX | char | 32 | ||||
ALERTFILTER | COMPUTER | nvarchar | 510 | ('') | Not used | ||
NOTIFICATION | COMPUTER | nvarchar | 510 | ('%') | Name of computer(s) to which this notification applies (Comma-separated list, wild-cards allowed) | ||
SEM_COMPUTER | COMPUTER_DESCRIPTION | nvarchar | 512 | √ | null | Domain name of the computer | |
SEM_SVA_COMPUTER | COMPUTER_DESCRIPTION | nvarchar | 512 | √ | null | ||
V_SEM_COMPUTER | COMPUTER_DESCRIPTION | nvarchar | 512 | √ | null | ||
SEM_CLIENT | COMPUTER_DOMAIN_NAME | nvarchar | 512 | √ | null | Computer description | |
SEM_COMPUTER | COMPUTER_DOMAIN_NAME | nvarchar | 512 | √ | null | Computer description | |
SEM_SVA_CLIENT | COMPUTER_DOMAIN_NAME | nvarchar | 512 | √ | null | ||
SEM_SVA_COMPUTER | COMPUTER_DOMAIN_NAME | nvarchar | 512 | √ | null | ||
V_CLIENT_CHANGE_LOG | COMPUTER_DOMAIN_NAME | nvarchar | 512 | √ | null | ||
V_SEM_COMPUTER | COMPUTER_DOMAIN_NAME | nvarchar | 512 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | COMPUTER_ID | char | 32 | GUID of the client computer associated with the agent log | |||
AGENT_BEHAVIOR_LOG_2 | COMPUTER_ID | char | 32 | GUID of the client computer associated with the agent log | |||
AGENT_PACKET_LOG_1 | COMPUTER_ID | char | 32 | GUID of the client computer associated with the agent packet log | |||
AGENT_PACKET_LOG_2 | COMPUTER_ID | char | 32 | GUID of the client computer associated with the agent packet log | |||
AGENT_SECURITY_LOG_1 | COMPUTER_ID | char | 32 | GUID of the client computer associated with the agent security log | |||
AGENT_SECURITY_LOG_2 | COMPUTER_ID | char | 32 | GUID of the client computer associated with the agent security log | |||
AGENT_SYSTEM_LOG_1 | COMPUTER_ID | char | 32 | GUID of the client computer that is associated with the agent system log | |||
AGENT_SYSTEM_LOG_2 | COMPUTER_ID | char | 32 | GUID of the client computer that is associated with the agent system log | |||
AGENT_TRAFFIC_LOG_1 | COMPUTER_ID | char | 32 | GUID of the client computer that is associated with the agent traffic log | |||
AGENT_TRAFFIC_LOG_2 | COMPUTER_ID | char | 32 | GUID of the client computer that is associated with the agent traffic log | |||
COMPUTER_APPLICATION | COMPUTER_ID | char | 32 | GUID of the computer | |||
GUP_LIST | COMPUTER_ID | char | 32 | Referencing Computer_ID in SEM_COMPUTER table | |||
LAN_DEVICE_DETECTED | COMPUTER_ID | char | 32 | B1011 | |||
LEGACY_AGENT | COMPUTER_ID | char | 32 | GUID in the SEM_COMPUTER tablet | |||
SEM_AGENT | COMPUTER_ID | char | 32 | √ | null | GUID of the register computer | |
SEM_CLIENT | COMPUTER_ID | char | 32 | √ | null | GUID of the register computer | |
SEM_COMPUTER | COMPUTER_ID | char | 32 | ||||
SEM_SVA | COMPUTER_ID | char | 32 | √ | null | ||
SEM_SVA_CLIENT | COMPUTER_ID | char | 32 | √ | null | ||
SEM_SVA_COMPUTER | COMPUTER_ID | char | 32 | ||||
V_AGENT_BEHAVIOR_LOG | COMPUTER_ID | char | 32 | ||||
V_AGENT_PACKET_LOG | COMPUTER_ID | char | 32 | ||||
V_AGENT_SECURITY_LOG | COMPUTER_ID | char | 32 | ||||
V_AGENT_SYSTEM_LOG | COMPUTER_ID | char | 32 | ||||
V_AGENT_TRAFFIC_LOG | COMPUTER_ID | char | 32 | ||||
V_CLIENT_CHANGE_LOG | COMPUTER_ID | char | 32 | √ | null | ||
V_LAN_DEVICE_DETECTED | COMPUTER_ID | char | 32 | ||||
V_SECURITY_VIEW | COMPUTER_ID | char | 32 | ||||
V_SEM_COMPUTER | COMPUTER_ID | char | 32 | ||||
ALERTS | COMPUTER_IDX | char | 32 | ('') | Foreign key to SEM_COMPUTER.COMPUTER_ID | ||
INVENTORYCURRENTRISK1 | COMPUTER_IDX | char | 32 | ||||
SCANS | COMPUTER_IDX | char | 32 | ('') | Foreign key to SEM_COMPUTER.COMPUTER_ID | ||
V_ALERTS | COMPUTER_IDX | char | 32 | ||||
SEM_CLIENT | COMPUTER_NAME | nvarchar | 128 | √ | null | Computer name | |
SEM_COMPUTER | COMPUTER_NAME | nvarchar | 128 | √ | null | Computer name | |
SEM_SVA_CLIENT | COMPUTER_NAME | nvarchar | 128 | √ | null | ||
SEM_SVA_COMPUTER | COMPUTER_NAME | nvarchar | 128 | √ | null | ||
V_CLIENT_CHANGE_LOG | COMPUTER_NAME | nvarchar | 128 | √ | null | ||
V_SEM_COMPUTER | COMPUTER_NAME | nvarchar | 128 | √ | null | ||
THREATREPORT | COMPUTERINCLUDE | int | 4 | ('0') | Whether to include (1) or exclude (0) the computers in the list. (Always set to 1 in SAV 11.0.) | ||
BEHAVIOR_REPORT | COMPUTERLIST | nvarchar | 1024 | ('') | Comma-separated, wild-carded computer names by which to filter | ||
COMMAND_REPORT | COMPUTERLIST | nvarchar | 1024 | ('') | Command separated, wild-carded list of computer names to filter | ||
COMPLIANCE_REPORT | COMPUTERLIST | nvarchar | 1024 | ('') | Comma separate, wild-carded computer names by which to filter | ||
FIREWALL_REPORT | COMPUTERLIST | nvarchar | 1024 | ('') | Comma-separated, wild-carded computer names by which to filter | ||
INVENTORYREPORT | COMPUTERLIST | nvarchar | 1024 | ('%') | Comma-separated, wild-carded list of computer names by which to filter | ||
SCANREPORT | COMPUTERLIST | nvarchar | 1024 | ('%') | Comma-separated, wild-carded list of computers by which to filter | ||
SYSTEM_REPORT | COMPUTERLIST | nvarchar | 1024 | ('') | Comma-separated, wild-card computer names by which to filter | ||
THREATREPORT | COMPUTERLIST | nvarchar | 1024 | ('%') | Comma-separated, wild-carded list of computers by which to filter | ||
HPP_ALERTS | CONFIDENCE | int | 4 | ((0)) | The Confidence level that produced the conviction. >= 100: Extremely High [100..] >= 65: High [65..99] >= 25: Medium [25..64] >= 10: Low [10..24] >=1: Symantec knows very little about the file/unknown [1..9] 0 is not a valid value. We can say unknown also for 0. Default is 0 |
||
BASIC_METADATA | CONTENT | image | 2147483647 | XML content of the schema object | |||
BINARY_FILE | CONTENT | image | 2147483647 | √ | null | XML content of the schema object | |
LOCAL_METADATA | CONTENT | image | 2147483647 | √ | null | XML content of the schema object | |
NOTIFICATIONHISTORY | CONTENT | image | 2147483647 | ||||
REPORTS | CONTENT | image | 2147483647 | XML content of the schema object | |||
SYSTEM_STATE | CONTENT | image | 2147483647 | XML content of the schema object | |||
SEM_AGENT | CONTENT_UPDATE | tinyint | 1 | ((1)) | Accepts content update: 1 = Yes, 0 = no | ||
SEM_JOB | CREATE_TIME | bigint | 8 | When the command was issued at the console by the administrator | |||
OAUTH_CLIENT_DETAILS | CREATED_BY | varchar | 80 | √ | null | ||
OAUTH_ACCESS_TOKEN | CREATION_DATE | datetime | 16,3 | ||||
OAUTH_CLIENT_DETAILS | CREATION_DATE | datetime | 16,3 | ||||
OAUTH_REFRESH_TOKEN | CREATION_DATE | datetime | 16,3 | ||||
SEM_AGENT | CREATION_TIME | bigint | 8 | √ | null | Create time of the agent | |
SEM_CLIENT | CREATION_TIME | bigint | 8 | √ | null | Create time of the client | |
SEM_SVA | CREATION_TIME | bigint | 8 | √ | null | ||
SEM_SVA_CLIENT | CREATION_TIME | bigint | 8 | √ | null | ||
SEM_CLIENT | CREATOR | tinyint | 1 | √ | null | ||
SEM_SVA_CLIENT | CREATOR | tinyint | 1 | √ | null | ||
COMPUTER_APPLICATION | CREATOR_SHA2 | char | 64 | √ | null | SHA2 of process that dropped the file | |
SEM_COMPLIANCE_CRITERIA | CRITERIA | varchar | 256 | ('') | hard-coded English key - one of: as_is_installed as_is_running as_signature_ok av_is_installed av_is_running av_signature_ok file_age_ok file_date_ok file_size_ok file_version_ok file_download file_exists file_checksum_ok file_execute fw_is_installed fw_is_running patch_is_installed reg_value_incr reg_key_exists reg_value_ok reg_value_exists reg_value_set timestamp_ok msg_dlg_ok os_ok os_lang_ok process_is_running. means either user app or service file_delete service_pack_ok hi_setup remediation (provides have overall status of remediation) unknown. fallback at the server if criteria is null or blank |
||
SEM_COMPLIANCE_CRITERIA_2 | CRITERIA | varchar | 256 | ('') | |||
SEM_COMPLIANCE_CRITERIA | CRITERIA_IDX | char | 32 | ||||
SEM_COMPLIANCE_CRITERIA_2 | CRITERIA_IDX | char | 32 | ||||
SEM_AGENT | CURRENT_CLIENT_ID | char | 32 | √ | null | Client that logs on this agent. | |
SEM_SVA | CURRENT_CLIENT_ID | char | 32 | √ | null | ||
SEM_COMPUTER | CURRENT_LOGIN_DOMAIN | nvarchar | 512 | √ | null | Windows domain | |
V_SEM_COMPUTER | CURRENT_LOGIN_DOMAIN | nvarchar | 512 | √ | null | ||
SEM_COMPUTER | CURRENT_LOGIN_USER | nvarchar | 512 | √ | null | Logged in user | |
V_SEM_COMPUTER | CURRENT_LOGIN_USER | nvarchar | 512 | √ | null | ||
LOG_CONFIG | CURRENT_ROWS | int | 4 | Current log count in the log table | |||
LOG_CONFIG | CURRENT_TABLE | varchar | 60 | Current log table name | |||
INVENTORYREPORT | DA_ONOFF | tinyint | 1 | ((127)) | Download advisor status Enabled state of DA 0 = off 1 = on 2 = not installed 3 = off by admin policy 127 = unknown. |
||
SEM_AGENT | DA_ONOFF | tinyint | 1 | ((127)) | Download advisor operational state Enabled state of DA 0 = off 1 = on 2 = not installed 3 = off by admin policy 127 = unknown. Default is 127 |
||
NOTIFICATION | DAMPER | int | 4 | ((0)) | Minimum quiet time between alerts in minutes; 0 means autodamper which is 60 minutes | ||
VERSION | DBSCHEMA | int | 4 | Schema version | |||
INVENTORYCURRENTRISK1 | DEFDATE | int | 4 | ((0)) | AV definition date used during last scan | ||
ALERTFILTER | DELETED | tinyint | 1 | ((0)) | Deleted row: 0 = not deleted, 1 = deleted | ||
ALERTS | DELETED | tinyint | 1 | ((0)) | Deleted row: 0 = not deleted, 1 = deleted | ||
ANOMALYDETECTION | DELETED | tinyint | 1 | ((0)) | Deleted row: 0 = not deleted, 1 = deleted | ||
ANOMALYDETECTIONS | DELETED | tinyint | 1 | ((0)) | Deleted row: 0 = not deleted, 1 = deleted | ||
ANOMALYREMEDIATION | DELETED | tinyint | 1 | ((0)) | Deleted row: 0 = not deleted, 1 = deleted | ||
ANOMALYREMEDIATIONS | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not deleted, 1 = deleted | ||
AUDIT_REPORT | DELETED | tinyint | 1 | ((0)) | Deleted flag; 0 = Not deleted, 1 = Deleted | ||
BASIC_METADATA | DELETED | tinyint | 1 | Deleted flag; 0 = Not deleted, 1 = Deleted | |||
BEHAVIOR_REPORT | DELETED | tinyint | 1 | ((0)) | Deleted flag; 0 = Not deleted, 1 = Deleted | ||
BINARY_FILE | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
COMMAND | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
COMMAND_REPORT | DELETED | tinyint | 1 | ((0)) | Deleted rows; 0 = not deleted, 1 = deleted | ||
COMPLIANCE_REPORT | DELETED | tinyint | 1 | ((0)) | Deleted entry; 0 = Not deleted, 1 = Deleted | ||
COMPUTER_APPLICATION | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
FIREWALL_REPORT | DELETED | tinyint | 1 | ((0)) | Delete row; 0 = Not deleted, 1 = Deleted | ||
GROUP_LAN_SENSOR | DELETED | tinyint | 1 | ||||
GUIPARMS | DELETED | tinyint | 1 | ((0)) | Delete row; 0 = Not deleted, 1 = Deleted | ||
GUP_LIST | DELETED | tinyint | 1 | Delete row; 0 = Not deleted, 1 = Deleted | |||
HISTORYCONFIG | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not Deleted, 1 = Deleted | ||
HOMEPAGECONFIG | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not Deleted, 1 = Deleted | ||
HPP_ALERTS | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not Deleted, 1 = Deleted | ||
HPP_APPLICATION | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not Deleted, 1 = Deleted | ||
IDENTITY_MAP | DELETED | tinyint | 1 | √ | null | Deleted row; 0 = Not Deleted, 1 = Deleted | |
INVENTORYCURRENTRISK1 | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not Deleted, 1 = Deleted | ||
INVENTORYREPORT | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not Deleted, 1 = Deleted | ||
LAN_DEVICE_DETECTED | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
LAN_DEVICE_EXCLUDED | DELETED | tinyint | 1 | The deleted flag of the schema object: 0 = Deleted 1 = Not Deleted |
|||
LEGACY_AGENT | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
LICENSE | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
LICENSE_CHAIN | DELETED | tinyint | 1 | ((0)) | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
||
LOCAL_METADATA | DELETED | tinyint | 1 | The deleted flag of the schema object: 0 = Deleted 1 = Not Deleted |
|||
NOTIFICATION | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not Deleted, 1 = Deleted | ||
NOTIFICATIONALERTS | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not deleted, 1 = deleted | ||
NOTIFICATIONHISTORY | DELETED | tinyint | 1 | ((0)) | |||
PATTERN | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not deleted, 1 = Deleted | ||
REPORTS | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
SCANREPORT | DELETED | tinyint | 1 | ((0)) | |||
SCANS | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not deleted, 1 = Deleted | ||
SCFINVENTORY | DELETED | tinyint | 1 | ((0)) | Deleted row; 0 = Not deleted, 1 = Deleted | ||
SEM_AGENT | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
SEM_APPLICATION | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
SEM_CLIENT | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
SEM_COMPLIANCE_CRITERIA | DELETED | tinyint | 1 | ((0)) | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
||
SEM_COMPLIANCE_CRITERIA_2 | DELETED | tinyint | 1 | ((0)) | |||
SEM_COMPUTER | DELETED | tinyint | 1 | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
|||
SEM_CONTENT | DELETED | tinyint | 1 | ((0)) | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
||
SEM_JOB | DELETED | tinyint | 1 | Deleted row: 1 = Deleted 0 = Not Deleted |
|||
SEM_OS_INFO | DELETED | tinyint | 1 | ((0)) | The deleted flag of the schema object: 1 = Deleted 0 = Not Deleted |
||
SEM_SVA | DELETED | tinyint | 1 | ||||
SEM_SVA_CLIENT | DELETED | tinyint | 1 | ||||
SEM_SVA_COMPUTER | DELETED | tinyint | 1 | ||||
SYSTEM_REPORT | DELETED | tinyint | 1 | ((0)) | The deleted flag of the schema object: 0 = Deleted 1 = Not Deleted |
||
SYSTEM_STATE | DELETED | tinyint | 1 | tinyint, NOT NULL | |||
THREATREPORT | DELETED | tinyint | 1 | ((0)) | Deleted row: 0 = Not deleted, 1 = Deleted | ||
V_ALERTS | DELETED | tinyint | 1 | ||||
V_CLIENT_CHANGE_LOG | DELETED | tinyint | 1 | ||||
V_DOMAINS | DELETED | tinyint | 1 | √ | null | ||
V_GROUPS | DELETED | tinyint | 1 | √ | null | ||
V_IPS | DELETED | tinyint | 1 | ||||
V_LAN_DEVICE_DETECTED | DELETED | tinyint | 1 | ||||
V_LAN_DEVICE_EXCLUDED | DELETED | tinyint | 1 | ||||
V_MR_CLEAN | DELETED | tinyint | 1 | ||||
V_SEM_COMPUTER | DELETED | tinyint | 1 | ||||
V_SEM_CONTENT | DELETED | tinyint | 1 | ||||
V_SERVERS | DELETED | tinyint | 1 | √ | null | ||
V_SONAR | DELETED | tinyint | 1 | ||||
V_VIRUS | DELETED | tinyint | 1 | ||||
VIRUS | DELETED | tinyint | 1 | ((0)) | Deleted row: 0 = Not deleted, 1 = deleted | ||
VIRUSCATEGORY | DELETED | tinyint | 1 | ((0)) | Deleted row: 0 = Not deleted, 1 = deleted | ||
SEM_AGENT | DEPARTMENT | nvarchar | 256 | √ | null | Employee department | |
V_VIRUS | DEPENDENCY | int | 4 | ||||
VIRUS | DEPENDENCY | int | 4 | ((-1)) | Number of dependent components that risk installs. 0 = No rating, 1, 2 = Low, 3 = Medium, 4 >= High, -1 means not applicable. This rating is only applicable to non-viral threats. | ||
SEM_AGENT | DEPLOY_MSG | nvarchar | 8000 | √ | null | This is a free form detailed message sent by the client to elaborate on the deployment status. | |
SEM_AGENT | DEPLOY_PRE_VER | varchar | 64 | √ | null | The agent version prior to a deployment action. | |
SEM_AGENT | DEPLOY_RUNNING_VER | varchar | 64 | √ | null | The current agent version | |
INVENTORYREPORT | DEPLOY_STATUS | tinyint | 1 | ((0)) | See SEM_AGENT.DEPLOY_STATUS. Included again in this table because it represents a filter option. | ||
SEM_AGENT | DEPLOY_STATUS | int | 4 | ((0)) | This is an integer sent by the client to represent the current deployment status. It can be generated by the client itself or by the installer. 302448896=Symantec Endpoint Protection Manager indicated an upgrade package for the client 302448897=The client decided to accept the upgrade package 302448898=The client decided to reject the upgrade package 302449152=The client has requested package information for the upgrade 302449153=The client has received package information for the upgrade 302449408=The client hasn't allowed the download of the upgrade package to start 302449409=The client has successfully downloaded and verified the upgrade package 302449664=The client failed to apply the upgrade package 302449665=The client failed to patch the delta 302449666=The client failed to launch the upgrade installer 302449667=The client successfully launched the final upgrade installer 302449920=The client is requesting the full version of the upgrade package due to the delta's failure 302456832=Install successful. 302460928=Install repair successful. 302465024=Uninstall successful. 302469120=Install failed, rolled back. 302469121=Install failed, insufficient disk space. 302469122=Install failed, launch condition. 302469123=Install failed, consumer product found. 302469124=Restart pending 302456833=Files copied. 302469125=Install failed, legacy enterprise edition found. 302469126=Install failed, non-elevated privileges. 302469127=Install failed, incompatible operating system. |
||
SEM_AGENT | DEPLOY_TARGET_VER | varchar | 64 | √ | null | The agent version the deployment action is trying to move to. | |
SEM_AGENT | DEPLOY_TIMESTAMP | bigint | 8 | ((0)) | The time of the deployment action. | ||
AGENT_BEHAVIOR_LOG_1 | DESCRIPTION | nvarchar | 512 | √ | null | What behavior was blocked | |
AGENT_BEHAVIOR_LOG_2 | DESCRIPTION | nvarchar | 512 | √ | null | What behavior was blocked | |
ALERTS | DESCRIPTION | nvarchar | 510 | ('') | |||
BASIC_METADATA | DESCRIPTION | nvarchar | 4096 | √ | null | Object description | |
HISTORYCONFIG | DESCRIPTION | nvarchar | 510 | ('') | Admin-provided description for this report | ||
SEM_CLIENT | DESCRIPTION | nvarchar | 512 | √ | null | Domain name of the computer | |
SEM_COMPLIANCE_CRITERIA | DESCRIPTION | nvarchar | 512 | ('') | Additional compliance check details. Either exception text or one of: Checksum_blank = fingerprint value is empty Failed_to_get_modification_date = failed to get modification date NAN = not a number Cannot_parse_URL = cannot parse URL URL_not_accessible_or_failed_to_create_destination_file = URL not accessible or failed to create destination file Download_exceeded_limit = download exceeded limit Destination = destination file access violation By_User = action initiated by user Access_denied_by_server = access denied by server Download_file = download file not found Process_time_out = process timed out Failed_to_detect_OS_type = failed to detect OS type Application_name_is_empty = application name is empty Probably_software_is_not_installed = probably software is not installed Signature_age_in_seconds_failed = could not compute signature age Failed_to_parse_URL = failed to parse URL Missing_or_no_version_info = missing or no version information After_script_file_running = after script file run OS_ignore = operating system check was ignored Save_failed = save failed No_previous_time = no previous time OK_or_YES = user response was OK or Yes Cancel_or_NO = user response was Cancel or No Fail_to_get_current_OS_language_version = could not retrieve current operating system language |
||
SEM_COMPLIANCE_CRITERIA_2 | DESCRIPTION | nvarchar | 512 | ('') | |||
SEM_SVA_CLIENT | DESCRIPTION | nvarchar | 512 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | DESCRIPTION | nvarchar | 512 | √ | null | ||
V_ALERTS | DESCRIPTION | nvarchar | 510 | ||||
COMPUTER_APPLICATION | DETECTION | tinyint | 1 | ((0)) | was this involved in a detection on this machine? | ||
ANOMALYDETECTIONOPERATION | DETECTION_OPERATION_DESC | varchar | 255 | ('') | Detection_Operation_ID, Detection_Operation_Desc (hard-coded English string used for lookup) 0 = Unknown 1 = Scan 2 = Present 3 = Not Present 4 = Equal 5 = Not Equal 6 = Equal (Case-insensitive) 7 = Not Equal (Case-insensitive) 8 = Scan Memory |
||
ANOMALYDETECTIONOPERATION | DETECTION_OPERATION_ID | int | 4 | ||||
HPP_ALERTS | DETECTION_SCORE | tinyint | 1 | ((0)) | The score of the detection (0...100) | ||
HPP_APPLICATION | DETECTION_TYPE | tinyint | 1 | ((0)) | Detection type: 0 = heuristic 1 = commercial application |
||
V_VIRUS | DETECTION_TYPE | int | 4 | ||||
VIRUS | DETECTION_TYPE | int | 4 | ((-1)) | Detection type | ||
ANOMALYDETECTIONTYPE | DETECTION_TYPE_DESC | varchar | 255 | ('') | Detection_Type_ID, Detection_Type_Desc (a hard-coded English string used for lookup) 1000 = Registry 1001 = File 1002 = Process 1003 = Batch File 1004 = INI File 1005 = Service 1006 = Infected File 1007 = COM Object 1008 = Hosts File Entry 1009 = Directory 1010 = Layered Service Provider |
||
ANOMALYDETECTIONTYPE | DETECTION_TYPE_ID | int | 4 | ||||
LAN_DEVICE_DETECTED | DEVICE_DETECTED_TIME | bigint | 8 | √ | null | GUID of the domain | |
V_LAN_DEVICE_DETECTED | DEVICE_DETECTED_TIME | bigint | 8 | √ | null | ||
SEM_COMPUTER | DHCP_SERVER | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | DHCP_SERVER | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | DHCP_SERVER | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | DHCP_SERVER_TEXT | varchar | 123 | √ | null | ||
FIREWALL_REPORT | DIRECTION | int | 4 | √ | (NULL) | 1 = Inbound, 2 = Outbound, 0 = Unknown | |
HPP_ALERTS | DIS_SUBMIT | tinyint | 1 | ((0)) | Recommendation if this detection should be submitted to Symantec (0 = No, 1 = Yes) | ||
BASIC_METADATA | DISABLED | tinyint | 1 | √ | null | Indicate the policy is disabled or not | |
HISTORYCONFIG | DISABLED | tinyint | 1 | ((0)) | Scheduled report disabled: 0 = No, 1 = Yes | ||
V_VIRUS | DISCOVERED | datetime | 16,3 | ||||
VIRUS | DISCOVERED | datetime | 16,3 | ('19700101') | When threat was first discovered by Symantec (as downloaded from Symantec's web site) | ||
SEM_COMPUTER | DISK_DRIVE | varchar | 3 | √ | null | Drive letter referred to by DISK_TOTAL | |
SEM_SVA_COMPUTER | DISK_DRIVE | varchar | 3 | √ | null | ||
V_SEM_COMPUTER | DISK_DRIVE | varchar | 3 | √ | null | ||
SEM_COMPUTER | DISK_TOTAL | bigint | 8 | √ | null | Total disk space | |
SEM_SVA_COMPUTER | DISK_TOTAL | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | DISK_TOTAL | bigint | 8 | √ | null | ||
HPP_ALERTS | DISPOSITION | tinyint | 1 | ((127)) | Where the value 127 for DISPOSITION means that there was no reputation data available for this detection. | ||
SEM_COMPUTER | DNS_SERVER1 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | DNS_SERVER1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | DNS_SERVER1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | DNS_SERVER1_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | DNS_SERVER2 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | DNS_SERVER2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | DNS_SERVER2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | DNS_SERVER2_TEXT | varchar | 123 | √ | null | ||
ADMINUSER | DOMAIN_ID | char | 32 | ('') | GUID representing currently logged in domain. | ||
AGENT_BEHAVIOR_LOG_1 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_BEHAVIOR_LOG_2 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_PACKET_LOG_1 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_PACKET_LOG_2 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_SECURITY_LOG_1 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_SECURITY_LOG_2 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_SYSTEM_LOG_1 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_SYSTEM_LOG_2 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_TRAFFIC_LOG_1 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
AGENT_TRAFFIC_LOG_2 | DOMAIN_ID | char | 32 | GUID of the domain to which the log belongs | |||
BASIC_METADATA | DOMAIN_ID | char | 32 | √ | null | GUID of the domain that the object belong to. SemRootConfig and SemSite do not have DOMAIN_ID |
|
BINARY_FILE | DOMAIN_ID | char | 32 | √ | null | GUID of the domain to which the binary file belongs | |
COMMAND | DOMAIN_ID | char | 32 | The domain ID currently being administered when the command is created | |||
COMPUTER_APPLICATION | DOMAIN_ID | char | 32 | GUID of the domain to which the client computer belongs | |||
ENFORCER_CLIENT_LOG_1 | DOMAIN_ID | char | 32 | Not used (logged as '00000000000000000000000000000000') | |||
ENFORCER_CLIENT_LOG_2 | DOMAIN_ID | char | 32 | Not used (logged as '00000000000000000000000000000000') | |||
ENFORCER_TRAFFIC_LOG_1 | DOMAIN_ID | char | 32 | Not used (logged as '00000000000000000000000000000000') | |||
ENFORCER_TRAFFIC_LOG_2 | DOMAIN_ID | char | 32 | Not used (logged as '00000000000000000000000000000000') | |||
GROUP_HI_STATUS | DOMAIN_ID | char | 32 | The domain name that the group belongs to. | |||
IDENTITY_MAP | DOMAIN_ID | char | 32 | √ | null | GUID of the domain | |
REPORTS | DOMAIN_ID | char | 32 | √ | null | GUID of the domain to which the report belongs The reports for system administrator do not have DOMAIN_ID |
|
SEM_AGENT | DOMAIN_ID | char | 32 | √ | null | GUID of the domain | |
SEM_APPLICATION | DOMAIN_ID | char | 32 | ||||
SEM_CLIENT | DOMAIN_ID | char | 32 | √ | null | GUID of the domain | |
SEM_COMPUTER | DOMAIN_ID | char | 32 | √ | null | GUID of the domain | |
SEM_SVA | DOMAIN_ID | char | 32 | √ | null | ||
SEM_SVA_CLIENT | DOMAIN_ID | char | 32 | √ | null | ||
SEM_SVA_COMPUTER | DOMAIN_ID | char | 32 | √ | null | ||
SERVER_ADMIN_LOG_1 | DOMAIN_ID | char | 32 | √ | null | GUID of the domain to which the log belongs | |
SERVER_ADMIN_LOG_2 | DOMAIN_ID | char | 32 | √ | null | GUID of the domain to which the log belongs | |
SERVER_CLIENT_LOG_1 | DOMAIN_ID | char | 32 | √ | null | GUID of the domain to which the log belongs | |
SERVER_CLIENT_LOG_2 | DOMAIN_ID | char | 32 | √ | null | GUID of the domain to which the log belongs | |
SERVER_POLICY_LOG_1 | DOMAIN_ID | char | 32 | √ | null | GUID of the domain which was administered | |
SERVER_POLICY_LOG_2 | DOMAIN_ID | char | 32 | √ | null | GUID of the domain which was administered | |
SERVER_SYSTEM_LOG_1 | DOMAIN_ID | char | 32 | √ | null | Not used, logged as '' | |
SERVER_SYSTEM_LOG_2 | DOMAIN_ID | char | 32 | √ | null | Not used, logged as '' | |
SYSTEM_STATE | DOMAIN_ID | char | 32 | √ | null | GUID of the domain that the state object | |
V_AGENT_BEHAVIOR_LOG | DOMAIN_ID | char | 32 | ||||
V_AGENT_PACKET_LOG | DOMAIN_ID | char | 32 | ||||
V_AGENT_SECURITY_LOG | DOMAIN_ID | char | 32 | ||||
V_AGENT_SYSTEM_LOG | DOMAIN_ID | char | 32 | ||||
V_AGENT_TRAFFIC_LOG | DOMAIN_ID | char | 32 | ||||
V_CLIENT_CHANGE_LOG | DOMAIN_ID | char | 32 | √ | null | ||
V_DOMAINS | DOMAIN_ID | char | 32 | √ | null | ||
V_ENFORCER_CLIENT_LOG | DOMAIN_ID | char | 32 | ||||
V_ENFORCER_TRAFFIC_LOG | DOMAIN_ID | char | 32 | ||||
V_GROUPS | DOMAIN_ID | char | 32 | √ | null | ||
V_SECURITY_VIEW | DOMAIN_ID | char | 32 | ||||
V_SEM_COMPUTER | DOMAIN_ID | char | 32 | √ | null | ||
V_SERVER_ADMIN_LOG | DOMAIN_ID | char | 32 | √ | null | ||
V_SERVER_CLIENT_LOG | DOMAIN_ID | char | 32 | √ | null | ||
V_SERVER_POLICY_LOG | DOMAIN_ID | char | 32 | √ | null | ||
V_SERVER_SYSTEM_LOG | DOMAIN_ID | char | 32 | √ | null | ||
V_SERVERS | DOMAIN_ID | char | 32 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | DOMAIN_NAME | nvarchar | 512 | √ | null | Login (Windows) domain name | |
AGENT_BEHAVIOR_LOG_2 | DOMAIN_NAME | nvarchar | 512 | √ | null | Login (Windows) domain name | |
AGENT_SECURITY_LOG_1 | DOMAIN_NAME | nvarchar | 512 | √ | null | Login domain name | |
AGENT_SECURITY_LOG_2 | DOMAIN_NAME | nvarchar | 512 | √ | null | Login domain name | |
AGENT_TRAFFIC_LOG_1 | DOMAIN_NAME | nvarchar | 512 | √ | null | Login domain name | |
AGENT_TRAFFIC_LOG_2 | DOMAIN_NAME | nvarchar | 512 | √ | null | Login domain name | |
SERVER_CLIENT_LOG_1 | DOMAIN_NAME | nvarchar | 512 | √ | null | Domain name of the client | |
SERVER_CLIENT_LOG_2 | DOMAIN_NAME | nvarchar | 512 | √ | null | Domain name of the client | |
V_AGENT_BEHAVIOR_LOG | DOMAIN_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_SECURITY_LOG | DOMAIN_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_TRAFFIC_LOG | DOMAIN_NAME | nvarchar | 512 | √ | null | ||
V_SERVER_CLIENT_LOG | DOMAIN_NAME | nvarchar | 512 | √ | null | ||
COMPUTER_APPLICATION | DOWNLOAD_URL | varchar | 512 | √ | null | source URL of the first drop on this machine | |
HPP_ALERTS | DOWNLOADER | varchar | 256 | ('') | The creator process of the dropper threat. Default is "". |
||
SCANREPORT | DURATION | int | 4 | ('0') | Length of the scan | ||
SCANS | DURATION | int | 4 | ((0)) | Length of the scan in seconds | ||
VIRUS | DYNACAT | int | 4 | √ | (NULL) | Sub category ID for the risk threat. Links to VIRUSCATEGORY table. | |
VIRUSCATEGORY | DYNACAT | int | 4 | Sub-category ID | |||
V_VIRUS | DYNAUBER | int | 4 | √ | null | ||
VIRUS | DYNAUBER | int | 4 | √ | (NULL) | Uber category for the risk threat. Links to VIRUSCATEGORY table. | |
VIRUSCATEGORY | DYNAUBER | int | 4 | Uber category ID | |||
INVENTORYREPORT | ELAM_ONOFF | tinyint | 1 | ((127)) | Early Launch Anti-Malware status: 0 = off 1 = on 2 = not installed 3 = off by admin policy 127 = unknown. Default is 127 |
||
SEM_AGENT | ELAM_ONOFF | tinyint | 1 | ((127)) | |||
AGENTCONFIG | varchar | 255 | ('') | Comma-separated list of e-mail addresses to receive a warning mail if agent is considered inactive | |||
HISTORYCONFIG | nvarchar | 510 | ('') | Comma-separated list of emails to send the report to | |||
NOTIFICATION | nvarchar | 510 | ('') | Comma-separated email list to send email when this notification is triggered | |||
SEM_AGENT | nvarchar | 258 | √ | null | Employee email | ||
SEM_AGENT | EMPLOYEE_NUMBER | varchar | 32 | √ | null | Employee number | |
SEM_AGENT | EMPLOYMENT_STATUS | varchar | 16 | √ | null | Employee status | |
AGENTCONFIG | ENABLED | varchar | 10 | ('') | Is "on" if status checking for this agent type is enabled, if status checking is not enabled, then it is blank. | ||
OAUTH_CLIENT_DETAILS | ENABLED | tinyint | 1 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | ENCODED_API_NAME | nvarchar | 512 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | ENCODED_API_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | ENCODED_API_NAME | nvarchar | 512 | √ | null | ||
LICENSE | END_DATE | bigint | 8 | License end date time, read from license file | |||
AGENT_BEHAVIOR_LOG_1 | END_TIME | bigint | 8 | √ | null | The end time of security issue. End time is an optional field because the exact end time of traffic may not be detected, for example with UDP traffic. If end time is not detected, it is set to equal begin time. | |
AGENT_BEHAVIOR_LOG_2 | END_TIME | bigint | 8 | √ | null | The end time of security issue. End time is an optional field because we may fail to detect the exact end time of traffic, like UDP. in those cases, the end time is equal to begin time. | |
AGENT_SECURITY_LOG_1 | END_TIME | bigint | 8 | √ | null | The end time of security issue. End time is an optional field because we may fail to detect the exact end time of traffic, like UDP. In those cases, the end time is equal to begin time. | |
AGENT_SECURITY_LOG_2 | END_TIME | bigint | 8 | √ | null | The end time of security issue. End time is an optional field because we may fail to detect the exact end time of traffic, like UDP. In those cases, the end time is equal to begin time. | |
AGENT_TRAFFIC_LOG_1 | END_TIME | bigint | 8 | √ | null | The end time of security issue. End time is an optional field because we may fail to detect the exact end time of traffic, like UDP. In those cases, the end time is equal to begin time. | |
AGENT_TRAFFIC_LOG_2 | END_TIME | bigint | 8 | √ | null | The end time of security issue. End time is an optional field because we may fail to detect the exact end time of traffic, like UDP. In those cases, the end time is equal to begin time. | |
ENFORCER_TRAFFIC_LOG_1 | END_TIME | bigint | 8 | √ | null | The end time of Enforcer event | |
ENFORCER_TRAFFIC_LOG_2 | END_TIME | bigint | 8 | √ | null | The end time of Enforcer event | |
V_AGENT_BEHAVIOR_LOG | END_TIME | bigint | 8 | √ | null | ||
V_AGENT_SECURITY_LOG | END_TIME | bigint | 8 | √ | null | ||
V_AGENT_TRAFFIC_LOG | END_TIME | bigint | 8 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | END_TIME | bigint | 8 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | ENFORCER_ID | char | 32 | GUID of the Enforcer | |||
ENFORCER_CLIENT_LOG_2 | ENFORCER_ID | char | 32 | GUID of the Enforcer | |||
ENFORCER_SYSTEM_LOG_1 | ENFORCER_ID | char | 32 | GUID of the Enforcer | |||
ENFORCER_SYSTEM_LOG_2 | ENFORCER_ID | char | 32 | GUID of the Enforcer | |||
ENFORCER_TRAFFIC_LOG_1 | ENFORCER_ID | char | 32 | GUID of the Enforcer | |||
ENFORCER_TRAFFIC_LOG_2 | ENFORCER_ID | char | 32 | GUID of the Enforcer | |||
SERVER_ENFORCER_LOG_1 | ENFORCER_ID | char | 32 | GUID of the Enforcer | |||
SERVER_ENFORCER_LOG_2 | ENFORCER_ID | char | 32 | GUID of the Enforcer | |||
V_ENFORCER_CLIENT_LOG | ENFORCER_ID | char | 32 | ||||
V_ENFORCER_SYSTEM_LOG | ENFORCER_ID | char | 32 | ||||
V_ENFORCER_TRAFFIC_LOG | ENFORCER_ID | char | 32 | ||||
V_SERVER_ENFORCER_LOG | ENFORCER_ID | char | 32 | ||||
COMPLIANCE_REPORT | ENFORCER_TYPE | tinyint | 1 | √ | (NULL) | For Enforcer Client: 0 = Gateway Enforcer, 1 = LAN Enforcer, 2 = DHCP Enforcer, 3 = Integrated Enforcer, 4 = NAP Enforcer, 5 = PeerToPeer Enforcer | |
ENFORCER_CLIENT_LOG_1 | ENFORCER_TYPE | tinyint | 1 | 0 = Gateway Enforcer 1 = LAN Enforcer 2 = DHCP Enforcer 3 = Integrated Enforcer 4 = NAP Enforcer 5 = PeerToPeer Enforcer |
|||
ENFORCER_CLIENT_LOG_2 | ENFORCER_TYPE | tinyint | 1 | 0 = Gateway Enforcer 1 = LAN Enforcer 2 = DHCP Enforcer 3 = Integrated Enforcer 4 = NAP Enforcer 5 = PeerToPeer Enforcer |
|||
ENFORCER_SYSTEM_LOG_1 | ENFORCER_TYPE | tinyint | 1 | 0 = Gateway Enforcer 1 = LAN Enforcer 2 = DHCP Enforcer 3 = Integrated Enforcer 4 = NAP Enforcer 5 = PeerToPeer Enforcer |
|||
ENFORCER_SYSTEM_LOG_2 | ENFORCER_TYPE | tinyint | 1 | 0 = Gateway Enforcer 1 = LAN Enforcer 2 = DHCP Enforcer 3 = Integrated Enforcer 4 = NAP Enforcer 5 = PeerToPeer Enforcer |
|||
ENFORCER_TRAFFIC_LOG_1 | ENFORCER_TYPE | tinyint | 1 | 0 = Gateway Enforcer 1 = LAN Enforcer 2 = DHCP Enforcer 3 = Integrated Enforcer 4 = NAP Enforcer 5 = PeerToPeer Enforcer |
|||
ENFORCER_TRAFFIC_LOG_2 | ENFORCER_TYPE | tinyint | 1 | 0 = Gateway Enforcer 1 = LAN Enforcer 2 = DHCP Enforcer 3 = Integrated Enforcer 4 = NAP Enforcer 5 = PeerToPeer Enforcer |
|||
SYSTEM_REPORT | ENFORCER_TYPE | int | 4 | √ | (NULL) | 0 = Gateway Enforcer 1 = LAN Enforcer 2 = DHCP Enforcer 3 = Integrated Enforcer 4 = NAP Enforcer 5 = PeerToPeer Enforcer |
|
V_ENFORCER_CLIENT_LOG | ENFORCER_TYPE | tinyint | 1 | ||||
V_ENFORCER_SYSTEM_LOG | ENFORCER_TYPE | tinyint | 1 | ||||
V_ENFORCER_TRAFFIC_LOG | ENFORCER_TYPE | tinyint | 1 | ||||
COMPLIANCE_REPORT | ENFORCERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded Enforcer names by which to filter | ||
SYSTEM_REPORT | ENFORCERLIST | nvarchar | 510 | ('') | Comma separated Enforcer names by which to filter | ||
SEM_COMPLIANCE_CRITERIA | ERROR | varchar | 128 | ('') | One of: unknown = unknown product_unknown = product unknown file_notfound = file not found filename_invalid = invalid file name parameter_invalid = invalid condition parameter parameter_undefined = condition parameter was not specified in the policy bad_url = URL format is invalid filedownload_op_err = URL not accessible or failed to create destination file time_out = action timed out connection_lost = connection was lost access_violation = access violation on file access_denied = access denied remediation_abort = user aborted remediation remediation_postpone = user postponed remediation createdir_failed = directory creation failed system_err = system error runas_noprivilege = a required privilege is not held by the client internal_err = internal error os_unknown = failed to detect operating system type |
||
SEM_COMPLIANCE_CRITERIA_2 | ERROR | varchar | 128 | ('') | |||
SERVER_ADMIN_LOG_1 | ERROR_CODE | int | 4 | √ | null | ErrorCode can unique identify the error in source code (Only used when an exception is related to this event). ** See worksheet ERROR_CODE and MSG_ID values. ** | |
SERVER_ADMIN_LOG_2 | ERROR_CODE | int | 4 | √ | null | ErrorCode can unique identify the error in source code (Only used when an exception is related to this event). ** See worksheet ERROR_CODE and MSG_ID values. ** | |
SERVER_SYSTEM_LOG_1 | ERROR_CODE | int | 4 | √ | null | ErrorCode can unique identify the error in source code (Only used when an exception is related to this event). ** See ERROR_CODE and MSG_ID worksheet ** | |
SERVER_SYSTEM_LOG_2 | ERROR_CODE | int | 4 | √ | null | ErrorCode can unique identify the error in source code (Only used when an exception is related to this event). ** See ERROR_CODE and MSG_ID worksheet ** | |
V_SERVER_ADMIN_LOG | ERROR_CODE | int | 4 | √ | null | ||
V_SERVER_SYSTEM_LOG | ERROR_CODE | int | 4 | √ | null | ||
COMMAND | ESTIMATED_DURATION | int | 4 | ((0)) | Agent estimation of command duration in minutes. 0 = no estimate or negligible time. | ||
AGENT_PACKET_LOG_1 | EVENT_DATA | varbinary | 2000 | √ | null | Additional data in binary format. This field is optional. | |
AGENT_PACKET_LOG_2 | EVENT_DATA | varbinary | 2000 | √ | null | Additional data in binary format. This field is optional. | |
AGENT_SECURITY_LOG_1 | EVENT_DATA | varbinary | 3000 | √ | null | Additional data in binary format. This field is optional. | |
AGENT_SECURITY_LOG_2 | EVENT_DATA | varbinary | 3000 | √ | null | Additional data in binary format. This field is optional. | |
AGENT_SYSTEM_LOG_1 | EVENT_DATA | varbinary | 2000 | √ | null | Additional data in binary format. This field is optional. | |
AGENT_SYSTEM_LOG_2 | EVENT_DATA | varbinary | 2000 | √ | null | Additional data in binary format. This field is optional. | |
SERVER_POLICY_LOG_1 | EVENT_DATA | varbinary | 2000 | √ | null | Additional data in binary format. This field is optional. | |
SERVER_POLICY_LOG_2 | EVENT_DATA | varbinary | 2000 | √ | null | Additional data in binary format. This field is optional. | |
V_AGENT_PACKET_LOG | EVENT_DATA | varbinary | 2000 | √ | null | ||
V_AGENT_SECURITY_LOG | EVENT_DATA | varbinary | 3000 | √ | null | ||
V_AGENT_SYSTEM_LOG | EVENT_DATA | varbinary | 2000 | √ | null | ||
V_SERVER_POLICY_LOG | EVENT_DATA | varbinary | 2000 | √ | null | ||
HISTORY | EVENT_DATETIME | bigint | 8 | ((0)) | Snapshot time in GMT | ||
AGENT_SECURITY_LOG_1 | EVENT_DESC | nvarchar | 4000 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
AGENT_SECURITY_LOG_2 | EVENT_DESC | nvarchar | 4000 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
AGENT_SYSTEM_LOG_1 | EVENT_DESC | nvarchar | 2048 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
AGENT_SYSTEM_LOG_2 | EVENT_DESC | nvarchar | 2048 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
ENFORCER_CLIENT_LOG_1 | EVENT_DESC | nvarchar | 512 | √ | null | Description of the event. Usually, first line of the description is treated as the summary. | |
ENFORCER_CLIENT_LOG_2 | EVENT_DESC | nvarchar | 512 | √ | null | Description of the event. Usually, first line of the description is treated as the summary. | |
ENFORCER_SYSTEM_LOG_1 | EVENT_DESC | nvarchar | 512 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
ENFORCER_SYSTEM_LOG_2 | EVENT_DESC | nvarchar | 512 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
SERVER_ADMIN_LOG_1 | EVENT_DESC | nvarchar | 512 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
SERVER_ADMIN_LOG_2 | EVENT_DESC | nvarchar | 512 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
SERVER_POLICY_LOG_1 | EVENT_DESC | nvarchar | 512 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
SERVER_POLICY_LOG_2 | EVENT_DESC | nvarchar | 512 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
SERVER_SYSTEM_LOG_1 | EVENT_DESC | nvarchar | 4000 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
SERVER_SYSTEM_LOG_2 | EVENT_DESC | nvarchar | 4000 | √ | null | Description of the event. Usually, the first line of the description is treated as the summary. | |
SYSTEM_REPORT | EVENT_DESC | nvarchar | 510 | ('') | |||
V_AGENT_SECURITY_LOG | EVENT_DESC | nvarchar | 4000 | √ | null | ||
V_AGENT_SYSTEM_LOG | EVENT_DESC | nvarchar | 2048 | √ | null | ||
V_ENFORCER_CLIENT_LOG | EVENT_DESC | nvarchar | 512 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | EVENT_DESC | nvarchar | 512 | √ | null | ||
V_SERVER_ADMIN_LOG | EVENT_DESC | nvarchar | 512 | √ | null | ||
V_SERVER_POLICY_LOG | EVENT_DESC | nvarchar | 512 | √ | null | ||
V_SERVER_SYSTEM_LOG | EVENT_DESC | nvarchar | 4000 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | EVENT_ID | int | 4 | An event ID from send agent: 501 = Application Control Driver 502 = Application Control Rules 999 = Tamper Protection |
|||
AGENT_BEHAVIOR_LOG_2 | EVENT_ID | int | 4 | An event ID from send agent: 501 = Application Control Driver 502 = Application Control Rules 999 = Tamper Protection |
|||
AGENT_PACKET_LOG_1 | EVENT_ID | int | 4 | An event ID from send agent: 401 = Raw Ethernet |
|||
AGENT_PACKET_LOG_2 | EVENT_ID | int | 4 | An event ID from send agent: 401 = Raw Ethernet |
|||
AGENT_SECURITY_LOG_1 | EVENT_ID | int | 4 | Compliance events: 209 = Host Integrity failed 210 = Host Integrity passed 221 = Host Integrity failed but reported as PASS 237 = Host Integrity custom log entry Firewall and IPS events: 207 = Active Response 211 = Active Response Disengaged 219 = Active Response Cancelled 205 = Executable file changed 216 = Executable file change detected 217 = Executable file change accepted 218 = Executable file change denied 220 = Application Hijacking 201 = Invalid traffic by rule 202 = Port Scan 203 = Denial of Service 204 = Trojan 206 = Intrusion Prevention System (Intrusion Detected 208 = MAC Spoofing 249 = Browser Protection event Application and Device control: 238 = Device control disabled device 239 = Buffer Overflow Event 240 = Software protection has thrown an exception |
|||
AGENT_SECURITY_LOG_2 | EVENT_ID | int | 4 | Compliance events: 209 = Host Integrity failed (TSLOG_SEC_NO_AV) 210 = Host Integrity passed (TSLOG_SEC_AV) 221 = Host Integrity failed but reported as PASS 237 = Host Integrity custom log entry Firewall and IPS events: 207 = Active Response 211 = Active Response Disengaged 219 = Active Response Cancelled 205 = Executable file changed 216 = Executable file change detected 217 = Executable file change accepted 218 = Executable file change denied 220 = Application Hijacking 201 = Invalid traffic by rule 202 = Port Scan 203 = Denial of Service 204 = Trojan 206 = Intrusion Prevention System (Intrusion Detected, TSLOG_SEC_INTRUSION_DETECTED) 208 = MAC Spoofing 249 = Browser Protection event Application and Device control: 238 = Device control disabled device 239 = Buffer Overflow Event 240 = Software protection has thrown an exception |
|||
AGENT_SYSTEM_LOG_1 | EVENT_ID | int | 4 | An event ID from send agent AGENT_SYSTEM_INSTALL_EVENT_TYPES = Installation events: possible values are 0x12070001 = Internal error 0x12070101 = Install complete 0x12070102 = Restart recommended 0x12070103 = Restart required 0x12070104 = Installation failed 0x12070105 = Uninstallation complete 0x12070106 = Uninstallation failed 0x12071037 = Symantec AntiVirus installed 0x12071038 = Symantec Firewall installed 0x12071039 = Uninstall 0x1207103A = Uninstall rolled-back AGENT_SYSTEM_SERVICE_EVENT_TYPES = Service events: possible values are 0x12070201 = Service starting 0x12070202 = Service started 0x12070203 = Service start failure 0x12070204 = Service stopped,0x12070205=Service stop failure 0x1207021A = Attempt to stop service AGENT_SYSTEM_CONFIG_EVENT_TYPES = Configuration events: possible values are 0x12070206 = Config import complete 0x12070207 = Config import error 0x12070208 = Config export complete 0x12070209 = Config export error AGENT_SYSTEM_HI_EVENT_TYPES = Host Integrity events: possible values are 0x12070210 = Host Integrity disabled 0x12070211 = Host Integrity enabled 0x12070220 = NAP integration enabled AGENT_SYSTEM_IMPORT_EVENT_TYPES = Import events: possible values are 0x12070214 = Successfully imported advanced rule 0x12070215 = Failed to import advanced rule 0x12070216 = Successfully exported advanced rule 0x12070217 = Failed to export advanced rule AGENT_SYSTEM_CLIENT_EVENT_TYPES = Client events: possible values are 0x12070218 = Client Engine enabled 0x12070219 = Client Engine disabled 0x12071046 = Proactive Threat Scanning is not supported on this platform 0x12071047 = Proactive Threat Scanning Load Error AGENT_SYSTEM_SERVER_EVENT_TYPES = Server events: possible values are 0x12070301 = Server connected 0x12070302 = No server response 0x12070303 = Server connection failed 0x12070304 = Server disconnected 0x120B0001 = Cannot reach server 0x120B0002 = Reconnected server AGENT_SYSTEM_PROFILE_EVENT_TYPES = Policy events: possible values are 0x12070306 = New policy received 0x12070307 = New policy applied 0x12070308 = New policy failed 0x12070309 = Cannot download policy 0x120B0005 = Cannot download policy 0x1207030A = Have latest policy 0x120B0004 = Have latest policy AGENT_SYSTEM_AV_EVENT_TYPES = Antivirus engine events: possible values are 0x12071006 = Scan Omission 0x1207100B = Virus Behavior Detected 0x1207100C = Configuration Changed 0x12071010 = Definition File Download 0x12071012 = Sent To Quarantine Server 0x12071013 = Delivered To Symantec 0x12071014 = Security Response Backup 0x12071015 = Scan Aborted 0x12071016 = Symantec AntiVirus Auto-Protect Load Error 0x12071017 = Symantec AntiVirus Auto-Protect Enabled 0x12071018 = Symantec AntiVirus Auto-Protect Disabled 0x1207101A = Scan Delayed 0x1207101B = Scan Re-started 0x12071027 = Symantec AntiVirus is using old virus definitions 0x12071041 = Scan suspended 0x12071042 = Scan Resumed 0x12071043 = Scan Duration Too Short 0x12071045 = Scan Enhancements Failed AGENT_SYSTEM_LICENSE_EVENT_TYPES = License events: possible values are 0x1207101E = License Warning 0x1207101F = License Error 0x12071020 = License in Grace Period 0x12071023 = License Installed 0x12071025 = License Up-to-date AGENT_SYSTEM_SECURITY_EVENT_TYPES = Security events: possible values are 0x1207102B = Computer not compliant with security policy 0x1207102C = Computer compliant with security policy 0x1207102D = Tamper Attempt AGENT_SYSTEM_OTHER_EVENT_TYPES = Other events: possible values are 0x1207020A = Email post OK 0x1207020B = Email post failure 0x1207020C = Update complete 0x1207020D = Update failure 0x1207020E = Manual location change 0x1207020F = Location changed 0x12070212 = Old Rasdll detected 0x12070213 = Autoupdate postponed 0x12070305 = Mode changed 0x1207030B = Cannot apply HI script 0x12070500 = System message from device control 0x12070600 = System message from anti-buffer overflow driver 0x12071021 = Access Denied Warning 0x12071022 = Log Forwarding Error 0x12071044 = Client moved |
|||
AGENT_SYSTEM_LOG_2 | EVENT_ID | int | 4 | An event ID from send agent AGENT_SYSTEM_INSTALL_EVENT_TYPES = Installation events: possible values are 0x12070001 = Internal error 0x12070101 = Install complete 0x12070102 = Restart recommended 0x12070103 = Restart required 0x12070104 = Installation failed 0x12070105 = Uninstallation complete 0x12070106 = Uninstallation failed 0x12071037 = Symantec AntiVirus installed 0x12071038 = Symantec Firewall installed 0x12071039 = Uninstall 0x1207103A = Uninstall rolled-back AGENT_SYSTEM_SERVICE_EVENT_TYPES = Service events: possible values are 0x12070201 = Service starting 0x12070202 = Service started 0x12070203 = Service start failure 0x12070204 = Service stopped,0x12070205=Service stop failure 0x1207021A = Attempt to stop service AGENT_SYSTEM_CONFIG_EVENT_TYPES = Configuration events: possible values are 0x12070206 = Config import complete 0x12070207 = Config import error 0x12070208 = Config export complete 0x12070209 = Config export error AGENT_SYSTEM_HI_EVENT_TYPES = Host Integrity events: possible values are 0x12070210 = Host Integrity disabled 0x12070211 = Host Integrity enabled 0x12070220 = NAP integration enabled AGENT_SYSTEM_IMPORT_EVENT_TYPES = Import events: possible values are 0x12070214 = Successfully imported advanced rule 0x12070215 = Failed to import advanced rule 0x12070216 = Successfully exported advanced rule 0x12070217 = Failed to export advanced rule AGENT_SYSTEM_CLIENT_EVENT_TYPES = Client events: possible values are 0x12070218 = Client Engine enabled 0x12070219 = Client Engine disabled 0x12071046 = Proactive Threat Scanning is not supported on this platform 0x12071047 = Proactive Threat Scanning Load Error AGENT_SYSTEM_SERVER_EVENT_TYPES = Server events: possible values are 0x12070301 = Server connected 0x12070302 = No server response 0x12070303 = Server connection failed 0x12070304 = Server disconnected 0x120B0001 = Cannot reach server 0x120B0002 = Reconnected server AGENT_SYSTEM_PROFILE_EVENT_TYPES = Policy events: possible values are 0x12070306 = New policy received 0x12070307 = New policy applied 0x12070308 = New policy failed 0x12070309 = Cannot download policy 0x120B0005 = Cannot download policy 0x1207030A = Have latest policy 0x120B0004 = Have latest policy AGENT_SYSTEM_AV_EVENT_TYPES = Antivirus engine events: possible values are 0x12071006 = Scan Omission 0x1207100B = Virus Behavior Detected 0x1207100C = Configuration Changed 0x12071010 = Definition File Download 0x12071012 = Sent To Quarantine Server 0x12071013 = Delivered To Symantec 0x12071014 = Security Response Backup 0x12071015 = Scan Aborted 0x12071016 = Symantec AntiVirus Auto-Protect Load Error 0x12071017 = Symantec AntiVirus Auto-Protect Enabled 0x12071018 = Symantec AntiVirus Auto-Protect Disabled 0x1207101A = Scan Delayed 0x1207101B = Scan Re-started 0x12071027 = Symantec AntiVirus is using old virus definitions 0x12071041 = Scan suspended 0x12071042 = Scan Resumed 0x12071043 = Scan Duration Too Short 0x12071045 = Scan Enhancements Failed AGENT_SYSTEM_LICENSE_EVENT_TYPES = License events: possible values are 0x1207101E = License Warning 0x1207101F = License Error 0x12071020 = License in Grace Period 0x12071023 = License Installed 0x12071025 = License Up-to-date AGENT_SYSTEM_SECURITY_EVENT_TYPES = Security events: possible values are 0x1207102B = Computer not compliant with security policy 0x1207102C = Computer compliant with security policy 0x1207102D = Tamper Attempt AGENT_SYSTEM_OTHER_EVENT_TYPES = Other events: possible values are 0x1207020A = Email post OK 0x1207020B = Email post failure 0x1207020C = Update complete 0x1207020D = Update failure 0x1207020E = Manual location change 0x1207020F = Location changed 0x12070212 = Old Rasdll detected 0x12070213 = Autoupdate postponed 0x12070305 = Mode changed 0x1207030B = Cannot apply HI script 0x12070500 = System message from device control 0x12070600 = System message from anti-buffer overflow driver 0x12071021 = Access Denied Warning 0x12071022 = Log Forwarding Error 0x12071044 = Client moved |
|||
AGENT_TRAFFIC_LOG_1 | EVENT_ID | int | 4 | An event ID from send agent: 301 = TCP initiated 302 = UDP datagram 303 = Ping request 304 = TCP completed 305 = Traffic (other) 306 = ICMP packet 307 = Ethernet packet 308 = IP packet |
|||
AGENT_TRAFFIC_LOG_2 | EVENT_ID | int | 4 | An event ID from send agent: 301 = TCP initiated 302 = UDP datagram 303 = Ping request 304 = TCP completed 305 = Traffic (other) 306 = ICMP packet 307 = Ethernet packet 308 = IP packet |
|||
COMPLIANCE_REPORT | EVENT_ID | int | 4 | √ | (NULL) | Events for Enforcer Server: 1 = Enforcer registered 2 = Enforcer failed to register 5 = Enforcer downloaded policy 7 = Enforcer downloaded sylink.xml 9 = Server received Enforcer log 12 = Server received Enforcer information Events for Enforcer Traffic : 17 = Incoming traffic blocked 18 = Outgoing traffic blocked 33 = Incoming traffic allowed 34 = Outgoing traffic allowed Events for Host compliance: 209 = Host Integrity failed 210 = Host Integrity passed 221 = Host Integrity failed but reported as PASS 237 = Host Integrity custom log entry Events for Attack (firewall): 207 = Active Response 211 = Active Response disengaged 219 = Active Response canceled 217 = Executable file change accepted 218 = Executable file change denied 220 = Application Hijack 201 = N/A (invalid traffic by rule) 202 = Port Scan 203 = Denial of Service 204 = Trojan 206 = Intrusion Prevention 208 = MAC Spoofing Events for Device control: 238 = Device control disabled device |
|
ENFORCER_CLIENT_LOG_1 | EVENT_ID | int | 4 | No event IDs defined, logged as 0 | |||
ENFORCER_CLIENT_LOG_2 | EVENT_ID | int | 4 | No event IDs defined, logged as 0 | |||
ENFORCER_SYSTEM_LOG_1 | EVENT_ID | int | 4 | √ | null | An event ID from send agent: (in hex) 0x101 = Connected to management server 0x102 = Lost connection to management server 0x103 = Applied policy downloaded from management server 0x104 = Failed to apply policy downloaded from management server 0x105 = Applied management server configuration 0x106 = Failed to apply management server configuration 0x107 = Applied management server configuration 0x108 = Failed to apply management server configuration 0x110 = Registered to NAP management server 0x111 = Unregistered from NAP management server 0x112 = Failed to register to NAP management server 0x201 = Enforcer started 0x202 = Enforcer stopped 0x203 = Enforcer paused 0x204 = Enforcer resumed 0x205 = Enforcer disconnected from server 0x301 = Enforcer failover enabled 0x302 = Enforcer failover disabled 0x303 = Enforcer in standby mode 0x304 = Enforcer in primary mode 0x305 = Enforcer short 0x306 = Enforcer loop 0x401 = Forward engine pause 0x402 = Forward engine start 0x403 = DNS Enforcer enabled 0x404 = DNS Enforcer disabled 0x405 = DHCP Enforcer enabled 0x406 = DHCP Enforcer disabled 0x407 = Allow all enabled 0x408 = Allow all disabled 0x501 = Seat number change 0x601 = Failed to create policy parser 0x602 = Failed to import policy downloaded from management server 0x603 = Failed to export policy downloaded from management server 0x701 = Incorrect customized attribute |
|
ENFORCER_SYSTEM_LOG_2 | EVENT_ID | int | 4 | √ | null | An event ID from send agent: (in hex) 0x101 = Connected to management server 0x102 = Lost connection to management server 0x103 = Applied policy downloaded from management server 0x104 = Failed to apply policy downloaded from management server 0x105 = Applied management server configuration 0x106 = Failed to apply management server configuration 0x107 = Applied management server configuration 0x108 = Failed to apply management server configuration 0x110 = Registered to NAP management server 0x111 = Unregistered from NAP management server 0x112 = Failed to register to NAP management server 0x201 = Enforcer started 0x202 = Enforcer stopped 0x203 = Enforcer paused 0x204 = Enforcer resumed 0x205 = Enforcer disconnected from server 0x301 = Enforcer failover enabled 0x302 = Enforcer failover disabled 0x303 = Enforcer in standby mode 0x304 = Enforcer in primary mode 0x305 = Enforcer short 0x306 = Enforcer loop 0x401 = Forward engine pause 0x402 = Forward engine start 0x403 = DNS Enforcer enabled 0x404 = DNS Enforcer disabled 0x405 = DHCP Enforcer enabled 0x406 = DHCP Enforcer disabled 0x407 = Allow all enabled 0x408 = Allow all disabled 0x501 = Seat number change 0x601 = Failed to create policy parser 0x602 = Failed to import policy downloaded from management server 0x603 = Failed to export policy downloaded from management server 0x701 = Incorrect customized attribute |
|
ENFORCER_TRAFFIC_LOG_1 | EVENT_ID | int | 4 | √ | null | An event ID from send agent: 17 = Incoming traffic blocked 18 = Outgoing traffic blocked 33 = Incoming traffic allowed 34 = Outgoing traffic allowed |
|
ENFORCER_TRAFFIC_LOG_2 | EVENT_ID | int | 4 | √ | null | An event ID from send agent: 17 = Incoming traffic blocked 18 = Outgoing traffic blocked 33 = Incoming traffic allowed 34 = Outgoing traffic allowed |
|
SERVER_ADMIN_LOG_1 | EVENT_ID | int | 4 | A unique ID of the admin event: 0x1001 = Login succeeded 0x1002 = Login failed 0x1003 = Logout 0x1004 = Account locked 0x1005 = Account unlocked 0x1006 = Account disabled 0x1007 = Account enabled 0x1008 = Administrator created 0x1009 = Administrator deleted 0x100A = Administrator renamed 0x100B = Password changed 0x100C = Administrator properties are changed 0x100D = Domain is created 0x100E = Domain is deleted 0x100F = Domain properties are changed 0x1020 = Domain is disabled 0x1021 = Domain is enabled 0x1022 = Domain is renamed 0x2001 = Group is created 0x2002 = Group is deleted 0x2003 = Group is renamed 0x2004 = Group is moved 0x2005 = Group properties are changed 0x2006 = User is created 0x2007 = User is deleted 0x2008 = User is moved 0x2009 = User is copied 0x200A = User policy mode is switched 0x200B = User properties are changed 0x200C = Computer is created 0x200D = Computer is deleted 0x200E = Computer is moved 0x200F = Computer is copied 0x2010 = Computer policy mode is switched 0x2011 = Computer properties are changed 0x2012 = Organizational Unit is imported 0x2013 = Domain user is imported 0x2014 = LDAP user is imported 0x3001 = Package is created 0x3002 = Package is deleted 0x3003 = Package is exported 0x3004 = Package is moved to recycle bin 0x3005 = Package is now current 0x3006 = Package is added to other domain 0x3007 = Package properties are changed 0x3008 = Package deployment created 0x3009 = Package deployment deleted 0x300A = Package deployment properties changed 0x300B = Package updated 0x4001 = Replication partner is registered 0x4002 = Replication partner is deleted 0x4003 = Remote site is deleted 0x4004 = Site properties are changed 0x4005 = Server properties are changed 0x4006 = Database properties are changed 0x4007 = Partner properties are change 0x4008 = Site license is changed 0x4009 = Enforcer license changed # looks like it is not used 0x400A = Replicate now # looks like it is not used 0x400B = Back up now # looks like it is not used 0x400C = External logging properties are changed # looks like it is not used 0x400D = Site backup settings changed # looks like it is not used 0x400E = Server deleted # looks like it is not used 0x400F = Server certificate changed 0x4010 = Replicate now 0x4011 = Back up now 0x4012 = External logging properties are changed 0x4013 = Site backup settings changed 0x4014 = Server deleted 0x4015 = Server certificate changed 0x4016 = Enforcer group properties changed |
|||
SERVER_ADMIN_LOG_2 | EVENT_ID | int | 4 | A unique ID of the admin event: 0x1001 = Login succeeded 0x1002 = Login failed 0x1003 = Logout 0x1004 = Account locked 0x1005 = Account unlocked 0x1006 = Account disabled 0x1007 = Account enabled 0x1008 = Administrator created 0x1009 = Administrator deleted 0x100A = Administrator renamed 0x100B = Password changed 0x100C = Administrator properties are changed 0x100D = Domain is created 0x100E = Domain is deleted 0x100F = Domain properties are changed 0x1020 = Domain is disabled 0x1021 = Domain is enabled 0x1022 = Domain is renamed 0x2001 = Group is created 0x2002 = Group is deleted 0x2003 = Group is renamed 0x2004 = Group is moved 0x2005 = Group properties are changed 0x2006 = User is created 0x2007 = User is deleted 0x2008 = User is moved 0x2009 = User is copied 0x200A = User policy mode is switched 0x200B = User properties are changed 0x200C = Computer is created 0x200D = Computer is deleted 0x200E = Computer is moved 0x200F = Computer is copied 0x2010 = Computer policy mode is switched 0x2011 = Computer properties are changed 0x2012 = Organizational Unit is imported 0x2013 = Domain user is imported 0x2014 = LDAP user is imported 0x3001 = Package is created 0x3002 = Package is deleted 0x3003 = Package is exported 0x3004 = Package is moved to recycle bin 0x3005 = Package is now current 0x3006 = Package is added to other domain 0x3007 = Package properties are changed 0x3008 = Package deployment created 0x3009 = Package deployment deleted 0x300A = Package deployment properties changed 0x300B = Package updated 0x4001 = Replication partner is registered 0x4002 = Replication partner is deleted 0x4003 = Remote site is deleted 0x4004 = Site properties are changed 0x4005 = Server properties are changed 0x4006 = Database properties are changed 0x4007 = Partner properties are change 0x4008 = Site license is changed 0x4009 = Enforcer license changed # looks like it is not used 0x400A = Replicate now # looks like it is not used 0x400B = Back up now # looks like it is not used 0x400C = External logging properties are changed # looks like it is not used 0x400D = Site backup settings changed # looks like it is not used 0x400E = Server deleted # looks like it is not used 0x400F = Server certificate changed 0x4010 = Replicate now 0x4011 = Back up now 0x4012 = External logging properties are changed 0x4013 = Site backup settings changed 0x4014 = Server deleted 0x4015 = Server certificate changed 0x4016 = Enforcer group properties changed |
|||
SERVER_CLIENT_LOG_1 | EVENT_ID | int | 4 | A unique ID of the client activity event: 1 = Registration succeeded 2 = Registration failed 3 = Client reconnected 4 = Client disconnected 5 = Downloaded policy 6 = Downloaded Intrusion Prevention policy 7 = Downloaded sylink.xml 8 = Downloaded auto-upgrade file 9 = Server received log 10 = Log processing failed 11 = Server received learned application 12 = Server received client information 13 = Client information processing failed 14 = Hardware identity change 15 = Downloaded File Fingerprint list 20 = Downloaded content package 22 = Downloaded command |
|||
SERVER_CLIENT_LOG_2 | EVENT_ID | int | 4 | A unique ID of the client activity event: 1 = Registration succeeded 2 = Registration failed 3 = Client reconnected 4 = Client disconnected 5 = Downloaded policy 6 = Downloaded Intrusion Prevention policy 7 = Downloaded sylink.xml 8 = Downloaded auto-upgrade file 9 = Server received log 10 = Log processing failed 11 = Server received learned application 12 = Server received client information 13 = Client information processing failed 14 = Hardware identity change 15 = Downloaded File Fingerprint list 20 = Downloaded content package 22 = Downloaded command |
|||
SERVER_ENFORCER_LOG_1 | EVENT_ID | int | 4 | A unique ID of the Enforcer activity: 0x101 = Connected to Policy Manager 0x102 = Lost connection to Policy Manager 0x103 = Applied policy downloaded from Policy Manager 0x104 = Failed to apply policy downloaded from Policy Manager 0x105 = Applied Policy Manager configuration 0x106 = Failed to apply Policy Manager configuration 0x107 = Applied Policy Manager configuration 0x108 = Failed to apply Policy Manager configuration 0x201 = Enforcer started 0x202 = Enforcer stopped 0x203 = Enforcer paused 0x204 = Enforcer resumed 0x205 = Enforcer disconnected from server 0x301 = Enforcer failover enabled 0x302 = Enforcer failover disabled 0x303 = Enforcer in standby mode 0x304 = Enforcer in primary mode 0x305 = Enforcer short 0x306 = Enforcer loop 0x401 = Forward engine pause 0x402 = Forward engine start 0x403 = DNS Enforcer enabled 0x404 = DNS Enforcer disabled 0x405 = DHCP Enforcer enabled 0x406 = DHCP Enforcer disabled 0x407 = Allow all enabled 0x408 = Allow all disabled 0x501 = Seat number change 0x601 = Failed to create policy parser 0x602 = Failed to import policy downloaded from Policy Manager 0x603 = Failed to export policy downloaded from Policy Manager 0x701 = Incorrect customized attribute |
|||
SERVER_ENFORCER_LOG_2 | EVENT_ID | int | 4 | A unique ID of the Enforcer activity: 0x101 = Connected to Policy Manager 0x102 = Lost connection to Policy Manager 0x103 = Applied policy downloaded from Policy Manager 0x104 = Failed to apply policy downloaded from Policy Manager 0x105 = Applied Policy Manager configuration 0x106 = Failed to apply Policy Manager configuration 0x107 = Applied Policy Manager configuration 0x108 = Failed to apply Policy Manager configuration 0x201 = Enforcer started 0x202 = Enforcer stopped 0x203 = Enforcer paused 0x204 = Enforcer resumed 0x205 = Enforcer disconnected from server 0x301 = Enforcer failover enabled 0x302 = Enforcer failover disabled 0x303 = Enforcer in standby mode 0x304 = Enforcer in primary mode 0x305 = Enforcer short 0x306 = Enforcer loop 0x401 = Forward engine pause 0x402 = Forward engine start 0x403 = DNS Enforcer enabled 0x404 = DNS Enforcer disabled 0x405 = DHCP Enforcer enabled 0x406 = DHCP Enforcer disabled 0x407 = Allow all enabled 0x408 = Allow all disabled 0x501 = Seat number change 0x601 = Failed to create policy parser 0x602 = Failed to import policy downloaded from Policy Manager 0x603 = Failed to export policy downloaded from Policy Manager 0x701 = Incorrect customized attribute |
|||
SERVER_POLICY_LOG_1 | EVENT_ID | int | 4 | A unique ID of the policy event: 0 = Policy added 1 = Policy deleted 2 = Policy edited 3 = Add shared policy upon system install 4 = Add shared policy upon system upgrade 5 = Add shared policy upon domain creation |
|||
SERVER_POLICY_LOG_2 | EVENT_ID | int | 4 | A unique ID of the policy event: 0 = Policy added 1 = Policy deleted 2 = Policy edited 3 = Add shared policy upon system install 4 = Add shared policy upon system upgrade 5 = Add shared policy upon domain creation |
|||
SERVER_SYSTEM_LOG_1 | EVENT_ID | int | 4 | The unique ID for the system event. Server events; possible values are as follows: 257 = Management server started up successfully 258 = Management server startup failed 259 = Management server shut down gracefully 260 = Management server created 261 = Site created 262 = Package published 263 = Site license exceeded 264 = Organization Unit or Container importing started 265 = Organization Unit or Container importing succeeded 266 = Organization Unit or Container importing failed 267 = Client sweeping started 268 = Client sweeping summary 269 = Client sweeping successful 270 = Client sweeping failed 271 = Database logs have been swept 272 = Management server upgrade successful 273 = Scheduled reporting failed 274 = Virus definitions folder does not exist 275 = The process {0} cannot lock the process status table. The process status has been locked by the server {1} since {2}. 276 = Whitelist and Blacklist LiveUpdate 281 = Resource is locked Replication events; possible values are as follows: 769 = Replication from remote site started 770 = Replication failed to log on to remote site 771 = Unable to fetch changed data from remote site 772 = Replication finished successfully 773 = Replication failed 774 = Replication merge failed 775 = Unable to connect to remote site 776 = Name changed to resolve merge conflict 777 = Group full path name is too long for replication 778 = Retrieval of local changed data for remote site started. 779 = Retrieval of local changed data for remote site finished successfully 780 = Retrieval of local changed data for remote site failed. 781 = Replication has been chosen as the deadlock victim and has been killed by the database. 782 = Replication data has been received 783 = DB versions dont match between local and remote sites Backup events; possible values are as follows: 1025 = Backup connection failed 1026 = Backup data fetch failed 1027 = Backup file write failed 1028 = Backup failed 1029 = Backup success 1030 = Backup has been started System error events; possible values are as follows: 1281 = An unexpected exception has occurred 1282 = Connection to the mail server failed 1283 = Failed to start RADIUS Server. The RADIUS port may be in use by another process. 1284 = Failed to start RADIUS Server. Set non-Block IO socket failed 1285 = Failed to start RADIUS Server. Create socket Error. 1286 = Server error Policy events; possible values are as follows: 1537 = Added Intrusion Prevention Policy 1538 = Deleted Intrusion Prevention Policy 1539 = Updated Intrusion Prevention Policy 1540 = Intrusion Prevention Policy is up to date 1541 = Skipped publishing a Content Revision during LU Content Policy compilation as the corresponding binary file exist. LiveUpdate events; possible values are as follows: 1793 = LiveUpdate started 1794 = LiveUpdate successful 1795 = LiveUpdate failed 1796 = LiveUpdate manual launch successful 1797 = LiveUpdate manual launch failed 1798 = LiveUpdate retry started 1799 = LiveUpdate retry successful 1800 = LiveUpdate retry failed 1802 = Download started 1803 = Retry timestamp is over the maximum retry window, switching to regular schedule run. 1804 = LiveUpdate retry failed and will try again 1805 = Retry timestamp is equal or over the next schedule time, switching to regular schedule run. 1806 = LUALL.EXE has been launched. 1807 = LUALL.EXE exited abnormally. 1808 = LUALL.EXE finished running. 1809 = LUALL.EXE Failed. 1810 = Start uploading content to the database 1811 = The specified LiveUpdate file path does not exist. 1812 = LiveUpdate content category file has been inserted 1813 = LiveUpdate content category file has been updated 1814 = Client Package has been downloaded 1815 = Client Package patching failed 1816 = New LiveUpdate content has been downloaded 1817 = There is an error in the LiveUpdate upload URL parameters. 1818 = Failed to download LiveUpdate content 1819 = Cleaned up LiveUpdate downloaded content 1820 = Host Integrity Template has been updated 1821 = LiveUpdate exceeded its timeout. Process is destroyed. 1822 = LiveUpdate next start time and server 1824 = Failed to update 1825 = {0} is up-to-date. 1826 = LiveUpdate re-run is triggered by content catalog update. 1827 = {0} is not available on the LiveUpdate server. 1828 = Manual LiveUpdate cancelled 1829 = LiveUpdate delayed Network Audit events; possible values are as follows: 2049 = Network Audit Search Unagented Hosts Started 2050 = Network Audit Search Unagented Hosts Finished Normally 2051 = Network Audit Search Unagented Hosts Finished Abnormally 2052 = Network Audit Client Remote Pushing Install Started 2053 = Network Audit Client Remote Pushing Install Finished Normally 2054 = Network Audit Client Remote Pushing Install Finished Abnormally Rapid Response content events; possible values are as follows: 2305 = Successful installation of rapid response content 2306 = Failed to install rapid response content Certificate events; possible values are as follows: 4097 = Got a valid certificate. 4098 = Got a mis-matched certificate. JDNI events; possible values are as follows: 4353 = Management Server has detected and ignored one or more duplicate entries. Please check the following entries in your directory server:\n{0} Send email events; possible values are as follows: 4609 = Email sending failed 4610 = Email sending directly to mail server failed Licensing events; possible values are as follows: 4865 = Add a license 4866 = Renew a license 4867 = Delete a license 4868 = Import trial license 4869 = Import upgrade license 4870 = License expires 4871 = License overdeployed 4872 = Remove trial license Transaction log truncation events; possible values are as follows: 5121 = Truncate Transaction Log Task Started 5122 = Truncate Transaction Log Task Succeeded 5123 = Truncate Transaction Log Task Failed Rebuild indexes events; possible values are as follows: 5377 = Rebuild Indexes Task Started 5378 = Rebuild Indexes Task Succeeded 5379 = Rebuild Indexes Task Failed |
|||
SERVER_SYSTEM_LOG_2 | EVENT_ID | int | 4 | The unique ID for the system event. Server events; possible values are as follows: 257 = Management server started up successfully 258 = Management server startup failed 259 = Management server shut down gracefully 260 = Management server created 261 = Site created 262 = Package published 263 = Site license exceeded 264 = Organization Unit or Container importing started 265 = Organization Unit or Container importing succeeded 266 = Organization Unit or Container importing failed 267 = Client sweeping started 268 = Client sweeping summary 269 = Client sweeping successful 270 = Client sweeping failed 271 = Database logs have been swept 272 = Management server upgrade successful 273 = Scheduled reporting failed 274 = Virus definitions folder does not exist 275 = The process {0} cannot lock the process status table. The process status has been locked by the server {1} since {2}. 276 = Whitelist and Blacklist LiveUpdate 281 = Resource is locked Replication events; possible values are as follows: 769 = Replication from remote site started 770 = Replication failed to log on to remote site 771 = Unable to fetch changed data from remote site 772 = Replication finished successfully 773 = Replication failed 774 = Replication merge failed 775 = Unable to connect to remote site 776 = Name changed to resolve merge conflict 777 = Group full path name is too long for replication 778 = Retrieval of local changed data for remote site started. 779 = Retrieval of local changed data for remote site finished successfully 780 = Retrieval of local changed data for remote site failed. 781 = Replication has been chosen as the deadlock victim and has been killed by the database. 782 = Replication data has been received 783 = DB versions dont match between local and remote sites Backup events; possible values are as follows: 1025 = Backup connection failed 1026 = Backup data fetch failed 1027 = Backup file write failed 1028 = Backup failed 1029 = Backup success 1030 = Backup has been started System error events; possible values are as follows: 1281 = An unexpected exception has occurred 1282 = Connection to the mail server failed 1283 = Failed to start RADIUS Server. The RADIUS port may be in use by another process. 1284 = Failed to start RADIUS Server. Set non-Block IO socket failed 1285 = Failed to start RADIUS Server. Create socket Error. 1286 = Server error Policy events; possible values are as follows: 1537 = Added Intrusion Prevention Policy 1538 = Deleted Intrusion Prevention Policy 1539 = Updated Intrusion Prevention Policy 1540 = Intrusion Prevention Policy is up to date 1541 = Skipped publishing a Content Revision during LU Content Policy compilation as the corresponding binary file exist. LiveUpdate events; possible values are as follows: 1793 = LiveUpdate started 1794 = LiveUpdate successful 1795 = LiveUpdate failed 1796 = LiveUpdate manual launch successful 1797 = LiveUpdate manual launch failed 1798 = LiveUpdate retry started 1799 = LiveUpdate retry successful 1800 = LiveUpdate retry failed 1802 = Download started 1803 = Retry timestamp is over the maximum retry window, switching to regular schedule run. 1804 = LiveUpdate retry failed and will try again 1805 = Retry timestamp is equal or over the next schedule time, switching to regular schedule run. 1806 = LUALL.EXE has been launched. 1807 = LUALL.EXE exited abnormally. 1808 = LUALL.EXE finished running. 1809 = LUALL.EXE Failed. 1810 = Start uploading content to the database 1811 = The specified LiveUpdate file path does not exist. 1812 = LiveUpdate content category file has been inserted 1813 = LiveUpdate content category file has been updated 1814 = Client Package has been downloaded 1815 = Client Package patching failed 1816 = New LiveUpdate content has been downloaded 1817 = There is an error in the LiveUpdate upload URL parameters. 1818 = Failed to download LiveUpdate content 1819 = Cleaned up LiveUpdate downloaded content 1820 = Host Integrity Template has been updated 1821 = LiveUpdate exceeded its timeout. Process is destroyed. 1822 = LiveUpdate next start time and server 1824 = Failed to update 1825 = {0} is up-to-date. 1826 = LiveUpdate re-run is triggered by content catalog update. 1827 = {0} is not available on the LiveUpdate server. 1828 = Manual LiveUpdate cancelled 1829 = LiveUpdate delayed Network Audit events; possible values are as follows: 2049 = Network Audit Search Unagented Hosts Started 2050 = Network Audit Search Unagented Hosts Finished Normally 2051 = Network Audit Search Unagented Hosts Finished Abnormally 2052 = Network Audit Client Remote Pushing Install Started 2053 = Network Audit Client Remote Pushing Install Finished Normally 2054 = Network Audit Client Remote Pushing Install Finished Abnormally Rapid Response content events; possible values are as follows: 2305 = Successful installation of rapid response content 2306 = Failed to install rapid response content Certificate events; possible values are as follows: 4097 = Got a valid certificate. 4098 = Got a mis-matched certificate. JDNI events; possible values are as follows: 4353 = Management Server has detected and ignored one or more duplicate entries. Please check the following entries in your directory server:\n{0} Send email events; possible values are as follows: 4609 = Email sending failed 4610 = Email sending directly to mail server failed Licensing events; possible values are as follows: 4865 = Add a license 4866 = Renew a license 4867 = Delete a license 4868 = Import trial license 4869 = Import upgrade license 4870 = License expires 4871 = License overdeployed 4872 = Remove trial license Transaction log truncation events; possible values are as follows: 5121 = Truncate Transaction Log Task Started 5122 = Truncate Transaction Log Task Succeeded 5123 = Truncate Transaction Log Task Failed Rebuild indexes events; possible values are as follows: 5377 = Rebuild Indexes Task Started 5378 = Rebuild Indexes Task Succeeded 5379 = Rebuild Indexes Task Failed |
|||
SYSTEM_REPORT | EVENT_ID | varchar | 64 | ('') | Blank or % in this field means no filtering. For the System > Administrative log ADMIN_ADMIN_TYPES=Administrator events. Possible values: 4097=Login succeeded 4098=Login failed 4099=Logout 4050=Account locked 4101=Account unlocked 4102=Account disabled 4103=Account enabled 4104=Administrator created 4105=Administrator deleted 4106=Administrator renamed 4107=Password changed 4108=Administrator properties are changed ADMIN_DOMAIN_TYPES=Domain events. Possible values are as follows: 4109=Domain is created 4110=Domain is deleted 4111=Domain properties are changed 4128=Domain is disabled 4129=Domain is enabled 4130=Domain is renamed ADMIN_GROUP_TYPES=Group events. Possible values are as follows: 8193=Group is created 8194=Group is deleted 8195=Group is renamed 8196=Group is moved 8197=Group properties are changed ADMIN_USER_TYPES=User events. Possible values are as follows: 8198=User is created 8199=User is deleted 8200=User is moved 8201=User is copied 8202=User policy mode is switched 8203=User properties are changed ADMIN_COMPUTER_TYPES=Computer events. Possible values are as follows: 8204=Computer is created 8205=Computer is deleted 8206=Computer is moved 8207=Computer is copied 8208=Computer policy mode is switched 8209=Computer properties are changed ADMIN_IMPORT_TYPES=Import events. Possible values are as follows: 8210=Organizational Unit is imported 8211=Domain user is imported 8212=LDAP user is imported ADMIN_PACKAGE_TYPES=Package events. Possible values are as follows: 12289=Package is created 12290=Package is deleted 12291=Package is exported 12292=Package is moved to recycle bin 12293=Package is now current 12294=Package is added to other domain 12295=Package properties are changed 12296=Package deployment created 12297=Package deployment deleted 12298=Package deployment properties changed 12299=Package updated ADMIN_REPLICATION_TYPES=Replication events. Possible values are as follows: 16385=Replication partner is registered 16386=Replication partner is deleted 16400=Replicate now ADMIN_OTHER_TYPES=Other events. Possible values are as follows: 16387=Remote site is deleted 16388=Site properties are changed 16389=Server properties are changed 16390=Database properties are changed 16391=Partner properties are changed 16392=Site license is changed 16393=Enforcer license changed 16394=Replicate now 16395=Back up now 16396=External logging properties are changed 16397=Site backup settings changed 16398=Server deleted 16399=Server certificate changed 16401=Back up now 16402=External logging properties are changed 16403=Site backup settings changed 16404=Server deleted 16405=Server certificate changed 16406=Enforcer group properties changed For the System > Client-Server Activity log. 1=Registration succeeded 2=Registration failed 3=Client reconnected 4=Client disconnected 5=Downloaded policy 6=Downloaded Intrusion Prevention policy 7=Downloaded sylink.xml 8=Downloaded auto-upgrade file 9=Server received log 10=Log processing failed 11=Server received learned application 12=Server received client information 13=Client information processing failed 14=Hardware identity change 15=Downloaded File Fingerprint list 20=Downloaded content package 22=Downloaded command For the System > Server Activity log. SERVER_EVENT_TYPES=Server events. Possible values are as follows: 257=Server startup succeeded 258=Server startup failed 259=Server shut down gracefully 260=Server created SERVER_AGENT_EVENT_TYPES=Database maintenance events. Possible values are as follows: 267=Client sweeping started 268=Client sweeping Summary 269=Client sweeping succeeded 270=Client sweeping failed 271=Database logs have been swept SERVER_BACKUP_EVENT_TYPES=Backup events. Possible values are as follows: 1025=Backup connection failed 1026=Backup data fetch failed 1027=Backup file write failed 1028=Backup unknown failed 1029=Backup success 1030=Backup started SERVER_RADIUS_EVENT_TYPES=Radius server events. Possible values are as follows: 1283=Failed to start Radius server. The Radius port may be in use by another process 1284=Failed to start Radius server. Set non-Block IO socket failed. 1285=Failed to start Radius Server. Create socket error. SERVER_REPLICATION_EVENT_TYPES=Replication events. Possible values are as follows: 769=Replication from remote site started 770=Replication failed to login to remote site 771=Unable to fetch changed data from remote site 772=Replication finished successfully 773=Replication failed 774=Replication merge failed 775=Unable to connect to remote site 776=Name changed to resolvs merge conflict 777=Group full path name is too long for replication 778=Retrieval of local changed data for remote site started 779=Retrieval of local changed data for remote site finished successfully 780=Retrieval of local changed data for remote site failed 781=Replication has been chosen as the deadlock victim and killed by database 782=Replication data is received SERVER_IMPORT_EVENT_TYPES=Import events. Possible values are as follows: 264=Organization importing started 265=Organization importing succeeded 266=Organization importing failed SERVER_INTRUSION_PREVENTION_EVEN=Intrusion Prevention policy content updates. Possible values are as follows: 1537=Added Intrusion Prevention Library 1538=Deleted Intrusion Prevention Library 1539=Updated Intrusion Prevention Library 1540=Intrusion Prevention Library is up to date SERVER_LU_EVENT_TYPES=LiveUpdate events. Possible values are as follows: 1793=LiveUpdate started 1794=LiveUpdate succeeded 1795=LiveUpdate failed 1796=LiveUpdate manual task succeeded 1797=LiveUpdate manual task failed 1798=LiveUpdate retry started 1799=LiveUpdate retry succeeded 1800=LiveUpdate retry failed and will try again 1801=LiveUpdate manual task started 1802=LiveUpdate retry over max window 1803=LiveUpdate retry failed and will try again 1804=LiveUpdate retry pass scheduled time 1805=LiveUpdate All process launched 1806=LiveUpdate All process exited abnormally 1807=LiveUpdate next server 1808=LiveUpdate All process finished 1809=LiveUpdate All process failed to launch 1810=LiveUpdate uploading content 1811=LiveUpdate file path not exist 1812=LiveUpdate Content Catalog file has been inserted 1813=LiveUpdate Content Catalog file has been updated 1814=Client Package has been downloaded 1815=Client Package patching failed. 1816=New LiveUpdate content has been downloaded 1817=LiveUpdate wrong URL parameter 1824=Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs failed to update 1825=Download is current 1826=LiveUpdate re-run is triggered by content catalog update. 1818=Failed to download LiveUpdate content 1819=LiveUpdate content cleaned up 1820=Host Integrity Template has been updated 1821=LiveUpdate timed out 1822=LiveUpdate schedule updated SERVER_NET_AUDIT_EVENT_TYPES=Find unmanaged computers events: possible values 2049=Search uncliented hosts started 2050=Search uncliented hosts finished normally 2051=Search uncliented hosts finished abnormally 2052=Client remote started 2053=Client remote finished normally 2054=Client remote finished abnormally SERVER_OTHER_EVENT_TYPES=Other events. Possible values are as follows: 261=Site created 262=Package published 263=Site license exceeded 272=Server upgrade success 273=Scheduled reporting failed 274=Security risk rating summary 1281=An unexpected exception has occurred 1282=Connect mail server failed 1286=Server error For the System > Client Activity log. EventIDs are listed by hexadecimal value. AGENT_SYSTEM_INSTALL_EVENT_TYPES=Installation events. Possible values are as follows: 0x12070001=Internal error 0x12070101=Install complete 0x12070102=Restart recommended 0x12070103=Restart required 0x12070104=Installation failed 0x12070105=Uninstallation complete 0x12070106=Uninstallation failed 0x12071037=Symantec AntiVirus installed 0x12071038=Symantec Firewall installed 0x12071039=Uninstall 0x1207103A=Uninstall rolled-back AGENT_SYSTEM_SERVICE_EVENT_TYPES=Service events. Possible values are as follows: 0x12070201=Service starting 0x12070202=Service started 0x12070203=Service start failure 0x12070204=Service stopped 0x12070205=Service stop failure 0x1207021A=Attempt to stop service AGENT_SYSTEM_CONFIG_EVENT_TYPES=Configuration events. Possible values are as follows: 0x12070206=Config import complete 0x12070207=Config import error 0x12070208=Config export complete 0x12070209=Config export error AGENT_SYSTEM_HI_EVENT_TYPES=Host Integrity events. Possible values are as follows: 0x12070210=Host Integrity disabled 0x12070211=Host Integrity enabled AGENT_SYSTEM_IMPORT_EVENT_TYPES=Import events. Possible values are as follows: 0x12070214=Successfully imported advanced rule 0x12070215=Failed to import advanced rule 0x12070216=Successfully exported advanced rule 0x12070217=Failed to export advanced rule AGENT_SYSTEM_CLIENT_EVENT_TYPES=Client events. Possible values are as follows: 0x12070218=Client Engine enabled 0x12070219=Client Engine disabled 0x12071046=Proactive Threat Scanning is not supported on this platform 0x12071047=Proactive Threat Scanning Load Error AGENT_SYSTEM_SERVER_EVENT_TYPES=Server events. Possible values are as follows: 0x12070301=Server connected 0x12070302=No server response 0x12070303=Server connection failed 0x12070304=Server disconnected 0x120B0001=Cannot reach server 0x120B0002=Reconnected server AGENT_SYSTEM_PROFILE_EVENT_TYPES=Policy events. Possible values are as follows: 0x12070306=New policy received 0x12070307=New policy applied 0x12070308=New policy failed 0x12070309=Cannot download policy 0x120B0005=Cannot download policy 0x1207030A=Have latest policy 0x120B0004=Have latest policy AGENT_SYSTEM_AV_EVENT_TYPES=Antivirus engine events. Possible values are as follows: 0x12071006=Scan Omission 0x1207100B=Virus Behavior Detected 0x1207100C=Configuration Changed 0x12071010=Definition File Download 0x12071012=Sent To Quarantine Server 0x12071013=Delivered To Symantec 0x12071014=Security Response Backup 0x12071015=Scan Aborted 0x12071016=Symantec AntiVirus Auto-Protect Load Error 0x12071017=Symantec AntiVirus Auto-Protect Enabled 0x12071018=Symantec AntiVirus Auto-Protect Disabled 0x1207101A=Scan Delayed 0x1207101B=Scan Re-started 0x12071027=Symantec AntiVirus is using old virus definitions 0x12071041=Scan suspended 0x12071042=Scan Resumed 0x12071043=Scan Duration Too Short 0x12071045=Scan Enhancements Failed AGENT_SYSTEM_LICENSE_EVENT_TYPES=License events. Possible values are as follows: 0x1207101E=License Warning 0x1207101F=License Error 0x12071020=License in Grace Period 0x12071023=License Installed 0x12071025=License Up-to-date AGENT_SYSTEM_SECURITY_EVENT_TYPES=Security events. Possible values are as follows: 0x1207102B=Computer not compliant with security policy 0x1207102C=Computer compliant with security policy 0x1207102D=Tamper Attempt AGENT_SYSTEM_OTHER_EVENT_TYPES=Other events: possible values 0x1207020A=Email post OK 0x1207020B=Email post failure 0x1207020C=Update complete 0x1207020D=Update failure 0x1207020E=Manual location change 0x1207020F=Location changed 0x12070212=Old Rasdll detected 0x12070213=Autoupdate postponed 0x12070305=Mode changed 0x1207030B=Cannot apply HI script 0x12070500=System message from device control 0x12070600=System message from anti-buffer overflow driver 0x12071021=Access Denied Warning 0x12071022=Log Forwarding Error 0x12071044=Client moved For the System > Enforcer Activity log. EventIDs are listed by hexadecimal value. ENFORCER_POLICY_MANAGER_EVENT_TY=Management events. Possible values are as follows: 0x101=Connected to Policy Manager 0x102=Lost connection to Policy Manager 0x103=Applied policy downloaded from Policy Manager 0x104=Failed to apply policy downloaded from Policy Manager 0x105=Applied Policy Manager configuration 0x106=Failed to apply Policy Manager configuration 0x107=Applied Policy Manager configuration 0x108=Failed to apply Policy Manager configuration ENFORCER_ENFORCER_EVENT_TYPES=Enforcer events. Possible values are as follows: 0x201=Enforcer started 0x202=Enforcer stopped 0x203=Enforcer paused 0x204=Enforcer resumed 0x205=Enforcer disconnected from server 0x301=Enforcer failover enabled 0x302=Enforcer failover disabled 0x303=Enforcer in standby mode 0x304=Enforcer in primary mode 0x305=Enforcer short 0x306=Enforcer loop ENFORCER_ENABLE_EVENT_TYPES=Enable events. Possible values are as follows: 0x401=Forward engine pause 0x402=Forward engine start 0x403=DNS enforcer enabled 0x404=DNS enforcer disabled 0x405=DHCP enforcer enabled 0x406=DHCP enforcer disabled 0x407=Allow all enabled 0x408=Allow all disabled ENFORCER_PROFILE_EVENT_TYPES=Policy events. Possible values are as follows: 0x501=Seat number change 0x601=Failed to create policy parser 0x602=Failed to import policy downloaded from Policy Manager 0x603=Failed to export policy downloaded from Policy Manager 0x701=Incorrect customized attribute |
||
V_AGENT_BEHAVIOR_LOG | EVENT_ID | int | 4 | ||||
V_AGENT_PACKET_LOG | EVENT_ID | int | 4 | ||||
V_AGENT_SECURITY_LOG | EVENT_ID | int | 4 | ||||
V_AGENT_SYSTEM_LOG | EVENT_ID | int | 4 | ||||
V_AGENT_TRAFFIC_LOG | EVENT_ID | int | 4 | ||||
V_CLIENT_CHANGE_LOG | EVENT_ID | int | 4 | ||||
V_ENFORCER_CLIENT_LOG | EVENT_ID | int | 4 | ||||
V_ENFORCER_SYSTEM_LOG | EVENT_ID | int | 4 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | EVENT_ID | int | 4 | √ | null | ||
V_SECURITY_VIEW | EVENT_ID | int | 4 | ||||
V_SERVER_ADMIN_LOG | EVENT_ID | int | 4 | ||||
V_SERVER_CLIENT_LOG | EVENT_ID | int | 4 | ||||
V_SERVER_ENFORCER_LOG | EVENT_ID | int | 4 | ||||
V_SERVER_POLICY_LOG | EVENT_ID | int | 4 | ||||
V_SERVER_SYSTEM_LOG | EVENT_ID | int | 4 | ||||
AGENT_SYSTEM_LOG_1 | EVENT_SOURCE | varchar | 32 | The data source, such as NETPORT, NATSRV, etc. | |||
AGENT_SYSTEM_LOG_2 | EVENT_SOURCE | varchar | 32 | The data source, such as NETPORT, NATSRV, etc. | |||
V_AGENT_SYSTEM_LOG | EVENT_SOURCE | varchar | 32 | ||||
AGENT_BEHAVIOR_LOG_1 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_BEHAVIOR_LOG_2 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_PACKET_LOG_1 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_PACKET_LOG_2 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_SECURITY_LOG_1 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_SECURITY_LOG_2 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_SYSTEM_LOG_1 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_SYSTEM_LOG_2 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_TRAFFIC_LOG_1 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
AGENT_TRAFFIC_LOG_2 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
ENFORCER_CLIENT_LOG_1 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
ENFORCER_CLIENT_LOG_2 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
ENFORCER_SYSTEM_LOG_1 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
ENFORCER_SYSTEM_LOG_2 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
ENFORCER_TRAFFIC_LOG_1 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
ENFORCER_TRAFFIC_LOG_2 | EVENT_TIME | bigint | 8 | The event generated time (GMT) | |||
V_AGENT_BEHAVIOR_LOG | EVENT_TIME | bigint | 8 | ||||
V_AGENT_PACKET_LOG | EVENT_TIME | bigint | 8 | ||||
V_AGENT_SECURITY_LOG | EVENT_TIME | bigint | 8 | ||||
V_AGENT_SYSTEM_LOG | EVENT_TIME | bigint | 8 | ||||
V_AGENT_TRAFFIC_LOG | EVENT_TIME | bigint | 8 | ||||
V_ENFORCER_CLIENT_LOG | EVENT_TIME | bigint | 8 | ||||
V_ENFORCER_SYSTEM_LOG | EVENT_TIME | bigint | 8 | ||||
V_ENFORCER_TRAFFIC_LOG | EVENT_TIME | bigint | 8 | ||||
V_SECURITY_VIEW | EVENT_TIME | bigint | 8 | ||||
SYSTEM_REPORT | EVENTSOURCELIST | nvarchar | 510 | ('') | Comma-separated event names by which to filter | ||
AUDIT_REPORT | EVENTTYPE | int | 4 | √ | (NULL) | 0 = Policy added 1 = Policy deleted 2 = Policy edited 3 = Add shared policy upon system install 4 = Add shared policy upon system upgrade 5 = Add shared policy upon domain creation |
|
BEHAVIOR_REPORT | EVENTTYPE | int | 4 | √ | (NULL) | For Application Control 501 = Application Control Driver 502 = Application Control Rules 999 = Tamper Protection |
|
FIREWALL_REPORT | EVENTTYPE | int | 4 | √ | (NULL) | Events for Traffic : 307 = Ethernet packet, 306 = ICMP packet, 308 = IP packet, 303 = Ping request, 301 = TCP initiated, 304 = TCP completed, 302 = UDP datagram, 305 = Other Events for Packet: 401 = Raw Ethernet |
|
THREATREPORT | EVENTTYPE | varchar | 32 | ('') | Possibilities here are in the ALERTMSG table | ||
LAN_DEVICE_EXCLUDED | EXCLUDE_MODE | tinyint | 1 | ||||
V_LAN_DEVICE_EXCLUDED | EXCLUDE_MODE | tinyint | 1 | ||||
LAN_DEVICE_EXCLUDED | EXCLUDED_ID | char | 32 | ||||
V_LAN_DEVICE_EXCLUDED | EXCLUDED_ID | char | 32 | ||||
LOG_CONFIG | EXPIRATION | int | 4 | ((60)) | Expiration date of the logs | ||
LICENSE | EXPIRE_DATE | bigint | 8 | √ | null | end date - grace days | |
LICENSE_CHAIN | EXPIRE_DATE | bigint | 8 | √ | null | Expiration date of the chain : end date - grace days | |
ENFORCER_CLIENT_LOG_1 | EXTENDED_INFO | nvarchar | 2048 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | EXTENDED_INFO | nvarchar | 2048 | √ | null | ||
V_ENFORCER_CLIENT_LOG | EXTENDED_INFO | nvarchar | 2048 | √ | null | ||
SEM_CLIENT | EXTRA_FEATURE | int | 4 | √ | null | ||
SEM_SVA_CLIENT | EXTRA_FEATURE | int | 4 | √ | null | ||
INVENTORYCURRENTRISK1 | FILE_KEY | char | 32 | ||||
AGENT_BEHAVIOR_LOG_1 | FILE_SIZE | bigint | 8 | √ | null | Size of the file associated with the application control violation, in MB | |
AGENT_BEHAVIOR_LOG_2 | FILE_SIZE | bigint | 8 | √ | null | Size of the file associated with the application control violation in MB | |
BEHAVIOR_REPORT | FILE_SIZE | tinyint | 1 | ((0)) | Size of the file in MB associated with the application control violation (used for filtering) | ||
HPP_APPLICATION | FILE_SIZE | bigint | 8 | ((0)) | File size | ||
SEM_APPLICATION | FILE_SIZE | bigint | 8 | √ | null | File size of the application binary | |
V_AGENT_BEHAVIOR_LOG | FILE_SIZE | bigint | 8 | √ | null | ||
BEHAVIOR_REPORT | FILE_UPDOWN | tinyint | 1 | ((0)) | Greater than or less than. Used for filtering in association with FILE_SIZE in this table. 0 = don't filter with this 1 = greater than 2 = less than |
||
INVENTORYCURRENTRISK1 | FILENAME | nvarchar | 510 | ('') | Risk file name | ||
ALERTS | FILEPATH | nvarchar | 510 | ('') | File path of attacked file | ||
V_ALERTS | FILEPATH | nvarchar | 510 | ||||
SCANREPORT | FILESCANNED | bigint | 8 | ('0') | Number of files scanned | ||
SCANREPORT | FILESINFECTED | bigint | 8 | ('0') | Number of files the scan found | ||
THREATREPORT | FILTER_TYPE | tinyint | 1 | ((0)) | 1 = Risk , 2 = Proactive Threat Protection | ||
HISTORYCONFIG | FILTER_USER_ID | char | 32 | √ | ('') | Filter user ID | |
ALERTFILTER | FILTERACKNOWLEDGED | nvarchar | 510 | ('') | 1 = Acknowledged 0 = Unacknowledged |
||
ALERTFILTER | FILTERCREATEDBY | nvarchar | 510 | ('') | GUID of the administrator who created any alert filters | ||
ALERTFILTER | FILTERNAME | nvarchar | 510 | ('') | User-specified name of filter | ||
AUDIT_REPORT | FILTERNAME | nvarchar | 510 | ('') | |||
BEHAVIOR_REPORT | FILTERNAME | nvarchar | 510 | ('') | |||
COMMAND_REPORT | FILTERNAME | nvarchar | 510 | ('') | |||
COMPLIANCE_REPORT | FILTERNAME | nvarchar | 510 | ('') | |||
FIREWALL_REPORT | FILTERNAME | nvarchar | 510 | ('') | Filter name | ||
HISTORYCONFIG | FILTERNAME | nvarchar | 510 | ('Default') | Filter used by this scheduled report | ||
INVENTORYREPORT | FILTERNAME | nvarchar | 510 | ('') | |||
SCANREPORT | FILTERNAME | nvarchar | 510 | ('') | |||
SYSTEM_REPORT | FILTERNAME | nvarchar | 510 | ('') | |||
THREATREPORT | FILTERNAME | nvarchar | 510 | ('') | |||
ALERTFILTER | FILTERSUBJECT | nvarchar | 510 | ('') | AF = Authentication failure CL = Client list changed CS = Client security alert ED = Enforcer Down WL = Forced or commercial application detected LA = New learned application NV = New risk detected NS = New software package VO = Virus outbreak DF = Server health 1V = Single risk event SE = System event UM = Unmanaged computer ID = Virus definitions out-of-date |
||
INVENTORYREPORT | FILVIEW | varchar | 16 | ('SAVCE') | Not used | ||
INVENTORYREPORT | FIREWALL_ONOFF | tinyint | 1 | √ | ((127)) | Firewall status: 0 = filters on off, 127 = No filter (all) |
|
SEM_AGENT | FIREWALL_ONOFF | tinyint | 1 | ((127)) | Firewall status: 1 = On, 2 = Not installed, 0 = Off, 127 = Not reporting | ||
FIREWALL_REPORT | FIREWALLFILTER_IDX | char | 32 | ||||
FIREWALL_REPORT | FIREWALLTYPE | int | 4 | ((0)) | 1 = Traffic, 2 = Packets | ||
INVENTORYCURRENTRISK1 | FIRST_INFECTED_TIME | bigint | 8 | ((0)) | Time that the unremediated risk was first detected | ||
HPP_APPLICATION | FIRST_SEEN | bigint | 8 | ((0)) | The first seen date for the convicted application Default is 0. |
||
SEM_AGENT | FREE_DISK | bigint | 8 | √ | null | Free disk space available | |
SEM_AGENT | FREE_MEM | bigint | 8 | √ | null | Free memory available | |
THREATREPORT | FROMUSERINCLUDE | int | 4 | ((0)) | Deprecated | ||
THREATREPORT | FROMUSERLIST | nvarchar | 510 | ('%') | Deprecated | ||
LICENSE | FULFILLMENT_ID | char | 16 | License fulfilment id, read from license file | |||
COMPLIANCE_REPORT | FULL_CHARTS | varchar | 255 | ('') | Admin-specified list of charts to include in the NTP Full Report | ||
FIREWALL_REPORT | FULL_CHARTS | varchar | 255 | ('') | Not used | ||
THREATREPORT | FULL_CHARTS | varchar | 255 | ('') | Admin-specified list of charts to include in the Antivirus Comprehensive report | ||
SEM_AGENT | FULL_NAME | nvarchar | 512 | √ | null | Employee full name | |
SEM_CLIENT | FULL_NAME | nvarchar | 512 | √ | null | User full name | |
SEM_COMPUTER | GATEWAY1 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | GATEWAY1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | GATEWAY1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | GATEWAY1_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | GATEWAY2 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | GATEWAY2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | GATEWAY2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | GATEWAY2_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | GATEWAY3 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | GATEWAY3 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | GATEWAY3 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | GATEWAY3_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | GATEWAY4 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | GATEWAY4 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | GATEWAY4 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | GATEWAY4_TEXT | varchar | 123 | √ | null | ||
INVENTORYREPORT | GOOD | varchar | 5 | ('%') | Not used | ||
LICENSE | GRACE_COUNT | int | 4 | √ | null | actual grace count, computed based on seat count and grace percentage | |
LICENSE_CHAIN | GRACE_COUNT | int | 4 | √ | null | actual grace count, computed based on seat count and grace percentage | |
LICENSE | GRACE_COUNT_PCT | int | 4 | grace seat percentage value, read from license file | |||
LICENSE | GRACE_POLICY | bigint | 8 | number of days of grace, specified in license file. End date includes the grace days as well. Hence expiration date = end date - grace days | |||
ADMIN_GROUPS | GROUP_ID | char | 32 | ||||
AGENT_BEHAVIOR_LOG_1 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_BEHAVIOR_LOG_2 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_PACKET_LOG_1 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_PACKET_LOG_2 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_SECURITY_LOG_1 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_SECURITY_LOG_2 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_SYSTEM_LOG_1 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_SYSTEM_LOG_2 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_TRAFFIC_LOG_1 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
AGENT_TRAFFIC_LOG_2 | GROUP_ID | char | 32 | GUID of the group to which the log belongs | |||
COMPUTER_APPLICATION | GROUP_ID | char | 32 | Group GUID | |||
GROUP_HI_STATUS | GROUP_ID | char | 32 | ||||
GROUP_LAN_SENSOR | GROUP_ID | char | 32 | ||||
SEM_AGENT | GROUP_ID | char | 32 | √ | null | Current group GUID of the agent | |
SEM_CLIENT | GROUP_ID | char | 32 | √ | null | GUID of the group | |
SEM_SVA | GROUP_ID | char | 32 | √ | null | ||
SEM_SVA_CLIENT | GROUP_ID | char | 32 | √ | null | ||
SERIAL_NUMBERS | GROUP_ID | char | 32 | GUID of a group | |||
V_AGENT_BEHAVIOR_LOG | GROUP_ID | char | 32 | ||||
V_AGENT_PACKET_LOG | GROUP_ID | char | 32 | ||||
V_AGENT_SECURITY_LOG | GROUP_ID | char | 32 | ||||
V_AGENT_SYSTEM_LOG | GROUP_ID | char | 32 | ||||
V_AGENT_TRAFFIC_LOG | GROUP_ID | char | 32 | ||||
V_CLIENT_CHANGE_LOG | GROUP_ID | char | 32 | √ | null | ||
V_SECURITY_VIEW | GROUP_ID | char | 32 | ||||
V_SERVER_CLIENT_LOG | GROUP_ID | char | 32 | √ | null | ||
SEM_CLIENT | GROUP_IS_OU | tinyint | 1 | √ | null | If client is from ActiveDirectory | |
SEM_SVA_CLIENT | GROUP_IS_OU | tinyint | 1 | √ | null | ||
LEGACY_AGENT | GROUP_PATH | char | 260 | Group full path | |||
GUIPARMS | GUIPARMS_IDX | int | 4 | ||||
GUP_LIST | GUP_ID | char | 32 | ||||
AGENT_SECURITY_LOG_1 | HACK_TYPE | int | 4 | √ | null | If event ID = 209, Host Integrity failed If Event ID = 206, Intrusion Prevention System If event ID = 210, Host Integrity passed Possible reasons are as follows: Process is not running - Bit0 is 1 Signature is out of date - Bit1 is 1 Recovery was attempted - Bit2 is 1 |
|
AGENT_SECURITY_LOG_2 | HACK_TYPE | int | 4 | √ | null | It is reason if event ID is TSLOG_SEC_NO_AV It is intrusion ID if Event ID is TSLOG_SEC_INTRUSION_DETECTED It is additional information if event ID is TSLOG_SEC_AV Reasons: Process is not running - Bit0 is 1 Signature is out of date - Bit1 is 1 Recovery was attempted - Bit2 is 1 |
|
COMPLIANCE_REPORT | HACK_TYPE | int | 4 | √ | (NULL) | 0 = Process is not running 1 = Signature is out-of-date 2 = Recovery was attempted |
|
V_AGENT_SECURITY_LOG | HACK_TYPE | int | 4 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_BEHAVIOR_LOG_2 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_PACKET_LOG_1 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_PACKET_LOG_2 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_SECURITY_LOG_1 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_SECURITY_LOG_2 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_SYSTEM_LOG_1 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_SYSTEM_LOG_2 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_TRAFFIC_LOG_1 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
AGENT_TRAFFIC_LOG_2 | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
COMMAND | HARDWARE_KEY | char | 32 | ||||
SEM_CLIENT | HARDWARE_KEY | char | 32 | √ | null | Hash of Computer Hardware information | |
SEM_COMPUTER | HARDWARE_KEY | char | 32 | √ | null | Hash of computer hardware information | |
SEM_SVA_CLIENT | HARDWARE_KEY | char | 32 | √ | null | ||
SEM_SVA_COMPUTER | HARDWARE_KEY | char | 32 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | HARDWARE_KEY | char | 32 | √ | null | ||
V_AGENT_PACKET_LOG | HARDWARE_KEY | char | 32 | √ | null | ||
V_AGENT_SECURITY_LOG | HARDWARE_KEY | char | 32 | √ | null | ||
V_AGENT_SYSTEM_LOG | HARDWARE_KEY | char | 32 | √ | null | ||
V_AGENT_TRAFFIC_LOG | HARDWARE_KEY | char | 32 | √ | null | ||
V_SEM_COMPUTER | HARDWARE_KEY | char | 32 | √ | null | ||
LAN_DEVICE_DETECTED | HASH | char | 32 | Link with the computer HARDWARE_KEY | |||
LAN_DEVICE_EXCLUDED | HASH | char | 32 | Link with the computer HARDWARE_KEY | |||
SEM_CLIENT | HASH | char | 32 | Hash of POLICY_MODE,COMPUTER_NAME,COMPUTER_DOMAIN_NAME,USER_NAME,USER_DOMAIN_NAME | |||
SEM_SVA_CLIENT | HASH | char | 32 | ||||
V_LAN_DEVICE_DETECTED | HASH | char | 32 | ||||
V_LAN_DEVICE_EXCLUDED | HASH | char | 32 | ||||
HPP_APPLICATION | HASH_TYPE | tinyint | 1 | ((1)) | HASH algorithm used: 0 = MD5 1 = SHA-1 2 = SHA-256 |
||
SEM_SVA | HEARTBEAT | int | 4 | √ | null | ||
HPP_APPLICATION | HELP_VIRUS_IDX | char | 32 | √ | null | Foreign key to VIRUS table which provides help ID for online Symantec write-up | |
GROUP_HI_STATUS | HI_ENABLED | tinyint | 1 | Is HI enabled? | |||
AGENT_SECURITY_LOG_1 | HI_EXECUTION_ID | varchar | 50 | √ | null | Execution ID that SNAC agent generates for each HI execution. | |
AGENT_SECURITY_LOG_2 | HI_EXECUTION_ID | varchar | 50 | √ | null | Execution ID that SNAC agent generates for each HI execution. | |
ENFORCER_CLIENT_LOG_1 | HI_EXECUTION_ID | varchar | 50 | √ | null | Execution ID that SNAC agent generates for each HI execution | |
ENFORCER_CLIENT_LOG_2 | HI_EXECUTION_ID | varchar | 50 | √ | null | Execution ID that SNAC agent generates for each HI execution | |
V_AGENT_SECURITY_LOG | HI_EXECUTION_ID | varchar | 50 | √ | null | ||
V_ENFORCER_CLIENT_LOG | HI_EXECUTION_ID | varchar | 50 | √ | null | ||
INVENTORYREPORT | HI_REASONCODE | int | 4 | √ | ((-1)) | Filters on the following reasons: 0 = Pass 101 = Antivirus version is out-of-date 102 = Antivirus is not running 103 = Script failed 104 = Check is incomplete 105 = Check is disabled 127 = Location changed -1 = No filter (all) |
|
SEM_AGENT | HI_REASONCODE | int | 4 | √ | null | Host integrity reason code: 0 = Pass 101 = Antivirus version is out-of-date 102 = Antivirus is not running 103 = Script failed 104 = Check is incomplete 105 = Check is disabled 127 = Location changed |
|
SEM_AGENT | HI_REASONDESC | nvarchar | 4000 | √ | null | Host integrity description | |
ENFORCER_CLIENT_LOG_1 | HI_STATUS | char | 32 | √ | null | Host Integrity Status of SNAC agent | |
ENFORCER_CLIENT_LOG_2 | HI_STATUS | char | 32 | √ | null | Host Integrity Status of SNAC agent | |
INVENTORYREPORT | HI_STATUS | tinyint | 1 | √ | ((127)) | Filters on the following compliance status: 0 = Fail 1 = Success 2 = Pending 3 = Disabled 4 = Ignore 127 = No filter (all) |
|
SEM_AGENT | HI_STATUS | int | 4 | √ | null | Host integrity status: 0 = Fail 1 = Success 2 = Pending 3 = Disabled 4 = Ignore |
|
V_ENFORCER_CLIENT_LOG | HI_STATUS | char | 32 | √ | null | ||
HISTORY | HISTORY_IDX | char | 32 | ||||
HISTORY | HISTORYCONFIG_IDX | char | 32 | ('') | Pointer to historyconfig table | ||
HISTORYCONFIG | HISTORYCONFIG_IDX | char | 32 | ||||
SEM_AGENT | HOME_PHONE | varchar | 32 | √ | null | Employee home phone number | |
HOMEPAGECONFIG | HOMEPAGECONFIG_IDX | char | 32 | ||||
AGENT_BEHAVIOR_LOG_1 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of client computer | |
AGENT_BEHAVIOR_LOG_2 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of client computer | |
AGENT_PACKET_LOG_1 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of client computer | |
AGENT_PACKET_LOG_2 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of client computer | |
AGENT_SECURITY_LOG_1 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of client computer | |
AGENT_SECURITY_LOG_2 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of client computer | |
AGENT_SYSTEM_LOG_1 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of the client computer | |
AGENT_SYSTEM_LOG_2 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of the client computer | |
AGENT_TRAFFIC_LOG_1 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of the client computer | |
AGENT_TRAFFIC_LOG_2 | HOST_NAME | nvarchar | 512 | √ | null | Host Name of the client computer | |
SERVER_CLIENT_LOG_1 | HOST_NAME | nvarchar | 512 | √ | null | Computer name of the client | |
SERVER_CLIENT_LOG_2 | HOST_NAME | nvarchar | 512 | √ | null | Computer name of the client | |
V_AGENT_BEHAVIOR_LOG | HOST_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_PACKET_LOG | HOST_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_SECURITY_LOG | HOST_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_SYSTEM_LOG | HOST_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_TRAFFIC_LOG | HOST_NAME | nvarchar | 512 | √ | null | ||
V_SERVER_CLIENT_LOG | HOST_NAME | nvarchar | 512 | √ | null | ||
ALERTS | HPP_APP_IDX | varchar | 32 | ('') | Pointer to hpp_application table | ||
V_ALERTS | HPP_APP_IDX | varchar | 32 | ||||
THREATREPORT | HPP_APP_LIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of heuristic risks by which to filter | ||
NOTIFICATIONALERTS | HYPERLINK | nvarchar | 1024 | ('') | Link to report with details about alert situation | ||
NOTIFICATION | HYPERLINK2 | nvarchar | 510 | ('/reports/FullReport.php') | Hyperlink used to generate report | ||
HYPERVISOR_PATTERN | HYPERVISOR_VENDOR_ID | tinyint | 1 | Vendor ID that links to HYPERVISOR_VENDOR | |||
HYPERVISOR_VENDOR | HYPERVISOR_VENDOR_ID | tinyint | 1 | ||||
SEM_COMPUTER | HYPERVISOR_VENDOR_ID | tinyint | 1 | √ | null | Foreign key to HYPERVISOR_VENDOR table | |
SEM_SVA_COMPUTER | HYPERVISOR_VENDOR_ID | tinyint | 1 | √ | null | ||
V_SEM_COMPUTER | HYPERVISOR_VENDOR_ID | tinyint | 1 | √ | null | ||
HYPERVISOR_VENDOR | HYPERVISOR_VENDOR_NAME | varchar | 128 | √ | null | Vendor name | |
SEM_OS_INFO | I18N_KEY | varchar | 64 | ('') | Key value for i18n display | ||
ANOMALYDETECTIONS | ID | char | 32 | ||||
ANOMALYREMEDIATIONS | ID | char | 32 | (upper(replace(newid(),'-',''))) | |||
BASIC_METADATA | ID | char | 32 | ||||
BINARY_FILE | ID | char | 32 | ||||
IDENTITY_MAP | ID | char | 32 | ||||
LICENSE | ID | char | 32 | ||||
LICENSE_CHAIN | ID | char | 32 | ||||
LOCAL_METADATA | ID | char | 32 | ||||
PROCESS_STATE | ID | char | 32 | ||||
REPORTS | ID | char | 32 | ||||
SYSTEM_STATE | ID | char | 32 | ||||
V_DOMAINS | ID | char | 32 | ||||
V_GROUPS | ID | char | 32 | ||||
V_SERVERS | ID | char | 32 | ||||
SEM_AGENT | IDS_CHECKSUM | char | 32 | √ | null | Current IDS checksum of agent | |
SEM_AGENT | IDS_SERIAL_NO | varchar | 64 | √ | null | Current IDS serial number of agent | |
INVENTORYREPORT | IDS_VERSION | varchar | 64 | ('%') | Intrusion prevention system signature version by which to filter | ||
SEM_AGENT | IDS_VERSION | varchar | 64 | √ | null | Current IDS version of agent | |
AGENTCONFIG | IDX | int | 4 | ||||
AGENTSTATUS | IDX | char | 32 | ||||
ALERTS | IDX | char | 32 | ||||
DATA_HANDLER | IDX | char | 32 | ||||
HPP_ALERTS | IDX | char | 32 | ||||
NOTIFICATIONALERTS | IDX | char | 32 | ||||
NOTIFICATIONHISTORY | IDX | char | 32 | ||||
V_ALERTS | IDX | char | 32 | ||||
INVENTORYREPORT | INFECTED | varchar | 2 | ('') | On' = filter for infected machines | ||
SCANS | INFECTED | bigint | 8 | ((0)) | Number of files the scan found infected | ||
SEM_AGENT | INFECTED | tinyint | 1 | ((0)) | Whether the client computer is infected: 0 = Not infected 1 = Infected |
||
PATTERN | INSERTDATETIME | datetime | 16,3 | ('19700101') | Time when this pattern information was entered into the database | ||
SEM_APPLICATION | INTERESTING | tinyint | 1 | ((0)) | This is whether this application was flagged for detection by the administrator using the Detect Process option in the Centralized Exceptions policy | ||
AGENT_SECURITY_LOG_1 | INTRUSION_PAYLOAD_URL | nvarchar | 4200 | ('') | URL that hosted payload | ||
AGENT_SECURITY_LOG_2 | INTRUSION_PAYLOAD_URL | nvarchar | 4200 | ('') | URL that hosted payload | ||
V_AGENT_SECURITY_LOG | INTRUSION_PAYLOAD_URL | nvarchar | 4200 | ||||
AGENT_SECURITY_LOG_1 | INTRUSION_URL | nvarchar | 4200 | ('') | URL from detection | ||
AGENT_SECURITY_LOG_2 | INTRUSION_URL | nvarchar | 4200 | ('') | URL from detection | ||
V_AGENT_SECURITY_LOG | INTRUSION_URL | nvarchar | 4200 | ||||
INVENTORYREPORT | INVENTORYFILTER_IDX | char | 32 | ||||
AGENT_BEHAVIOR_LOG_1 | IP_ADDR | bigint | 8 | √ | null | IP Address of the machine associated with the application control violation | |
AGENT_BEHAVIOR_LOG_2 | IP_ADDR | bigint | 8 | √ | null | IP Address of the machine associated with the application control violation | |
V_AGENT_BEHAVIOR_LOG | IP_ADDR | bigint | 8 | √ | null | ||
SEM_COMPUTER | IP_ADDR1 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | IP_ADDR1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | IP_ADDR1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | IP_ADDR1_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | IP_ADDR2 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | IP_ADDR2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | IP_ADDR2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | IP_ADDR2_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | IP_ADDR3 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | IP_ADDR3 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | IP_ADDR3 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | IP_ADDR3_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | IP_ADDR4 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | IP_ADDR4 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | IP_ADDR4 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | IP_ADDR4_TEXT | varchar | 123 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | IP_ADDR_TEXT | varchar | 123 | √ | null | ||
GUP_LIST | IP_ADDRESS | bigint | 8 | Represents the GUP IP address | |||
LAN_DEVICE_DETECTED | IP_ADDRESS | bigint | 8 | IP Address of the device | |||
LAN_DEVICE_EXCLUDED | IP_ADDRESS | bigint | 8 | √ | null | IP Address of the device | |
V_LAN_DEVICE_DETECTED | IP_ADDRESS | bigint | 8 | ||||
V_LAN_DEVICE_EXCLUDED | IP_ADDRESS | bigint | 8 | √ | null | ||
V_LAN_DEVICE_DETECTED | IP_ADDRESS_TEXT | varchar | 123 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | IP_ADDRESS_TEXT | varchar | 123 | √ | null | ||
LAN_DEVICE_EXCLUDED | IP_RANGE_END | bigint | 8 | √ | null | End of IP Address range | |
V_LAN_DEVICE_EXCLUDED | IP_RANGE_END | bigint | 8 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | IP_RANGE_END_TEXT | varchar | 123 | √ | null | ||
LAN_DEVICE_EXCLUDED | IP_RANGE_START | bigint | 8 | √ | null | Start of IP Address range | |
V_LAN_DEVICE_EXCLUDED | IP_RANGE_START | bigint | 8 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | IP_RANGE_START_TEXT | varchar | 123 | √ | null | ||
THREATREPORT | IPADDRESSINCLUDE | int | 4 | ('0') | Whether to include (1) or exclude (0) the IP addresses in the list. (Always set to 1 in SAV 11.0.) | ||
BEHAVIOR_REPORT | IPADDRESSLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded IP by which to filter | ||
COMPLIANCE_REPORT | IPADDRESSLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded IP list by which to filter | ||
FIREWALL_REPORT | IPADDRESSLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded IP list by which to filter | ||
INVENTORYREPORT | IPADDRESSLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of IP addresses by which to filter | ||
SCANREPORT | IPADDRESSLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of IP addresses by which to filter | ||
SYSTEM_REPORT | IPADDRESSLIST | nvarchar | 510 | ('') | Comma-separated wild-card IP addresses by which to filter | ||
THREATREPORT | IPADDRESSLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of IP addresses by which to filter | ||
SERIAL_NUMBERS | IPS_SERIAL_NO | varchar | 64 | √ | null | IPS serial number of the group | |
SCFINVENTORY | IPSSIGDATE | datetime | 16,3 | √ | (NULL) | Date of IPS signature | |
SCFINVENTORY | IPSSIGREV | int | 4 | √ | (NULL) | Revision of IPS signature | |
SEM_AGENT | IS_GRACE | tinyint | 1 | ((0)) | Is the license in grace period? | ||
HISTORYCONFIG | IS_MAIL_TO_SYS_ADMIN | tinyint | 1 | ('1') | The flag for mailing to be sent to system administrator. | ||
NOTIFICATION | IS_MAIL_TO_SYS_ADMIN | tinyint | 1 | ('1') | Flag for mailing to System Administrator | ||
SEM_AGENT | IS_NPVDI_CLIENT | tinyint | 1 | ((0)) | |||
ADMIN_GROUPS | IS_READONLY | tinyint | 1 | ||||
SEM_AGENT | JOB_TITLE | nvarchar | 256 | √ | null | Employee job title | |
LAN_DEVICE_DETECTED | LAN_DEVICE_ID | char | 32 | GUID of the device | |||
V_LAN_DEVICE_DETECTED | LAN_DEVICE_ID | char | 32 | ||||
LEGACY_AGENT | LAN_SENSOR | int | 4 | If the Agent is a LAN_SENSOR | |||
COMPUTER_APPLICATION | LAST_ACCESS_TIME | bigint | 8 | √ | null | Last access time of the application on the computer (GMT) | |
SEM_AGENT | LAST_CONNECTED_IP_ADDR | bigint | 8 | √ | null | ||
SEM_AGENT | LAST_DOWNLOAD_TIME | bigint | 8 | ((0)) | Last download time | ||
SEM_AGENT | LAST_HEURISTIC_THREAT_TIME | bigint | 8 | ((0)) | Last time that SONAR detected a risk | ||
ALERTS | LAST_LOG_SESSION_GUID | char | 32 | ('') | This is an ID used by the client to keep track of related threat events. | ||
V_ALERTS | LAST_LOG_SESSION_GUID | char | 32 | ||||
BASIC_METADATA | LAST_MODIFY_TIME | bigint | 8 | √ | null | Last modify time | |
SEM_APPLICATION | LAST_MODIFY_TIME | bigint | 8 | √ | null | Last modify time of the application binary | |
SEM_SVA | LAST_REBOOT_TIME | bigint | 8 | √ | null | ||
ADMIN_GROUP_REFRESH_INFO | LAST_REFRESH_AT | bigint | 8 | ||||
SEM_AGENT | LAST_SCAN_TIME | bigint | 8 | ((0)) | Last scan time for this agent (GMT) | ||
SEM_AGENT | LAST_SERVER_ID | char | 32 | √ | null | Last connected server GUID | |
SEM_SVA | LAST_SERVER_ID | char | 32 | √ | null | ||
SEM_AGENT | LAST_SITE_ID | char | 32 | √ | null | Last connected site GUID | |
SEM_SVA | LAST_SITE_ID | char | 32 | √ | null | ||
COMMAND | LAST_UPDATE_TIME | bigint | 8 | ((0)) | Time of last status reported by client in GMT | ||
SEM_AGENT | LAST_UPDATE_TIME | bigint | 8 | √ | null | Last online time of the agent | |
SEM_REPLICATION_STATE | LAST_UPDATE_TIME | bigint | 8 | Last USN update time | |||
SEM_SVA | LAST_UPDATE_TIME | bigint | 8 | √ | null | ||
SEM_AGENT | LAST_VIRUS_TIME | bigint | 8 | ((0)) | Last time virus was detected on the client computer (GMT) | ||
ADMINUSER | LASTCHANGE | int | 4 | (CONVERT([int],getdate(),0)) | Last time that the user accessed the console | ||
INVENTORYREPORT | LASTCHECKINTIME | datetime | 16,3 | ('19700101') | Last time of check in with parent server | ||
ALERTFILTER | LASTCOLUMN | varchar | 255 | ('') | |||
SCANREPORT | LASTCOLUMN | varchar | 32 | ('SERVERGROUP') | Not used | ||
HISTORYCONFIG | LASTRUN | bigint | 8 | ((0)) | When the report got generated last in GMT | ||
NOTIFICATION | LASTRUN | bigint | 8 | ((0)) | Time stamp when this notification has last been analyzed | ||
AGENTSTATUS | LASTRUN_DATA | nvarchar | 510 | √ | (NULL) | Extra data associated with the agent run if any | |
NOTIFICATION | LASTRUN_DATA | varchar | 50 | ('') | Any extra data needed to give details in notification e-mail | ||
AGENTSTATUS | LASTRUNGMT | varchar | 50 | ((0)) | Last time this agent ran, stored as GMT | ||
INVENTORYREPORT | LASTSCANTIME | int | 4 | √ | (NULL) | Last time machine was scanned: 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
|
ADMINUSER | LASTSPMTIME | int | 4 | (CONVERT([int],getdate(),0)) | Last time for successful keep alive to application server | ||
V_VIRUS | LATEST_THREAT | tinyint | 1 | ||||
VIRUS | LATEST_THREAT | tinyint | 1 | ((0)) | 0 = not a latest threat, 1 = latest threat | ||
LEGACY_AGENT | LEGACY_AGENT_ID | char | 32 | ||||
DATA_HANDLER | LF_EXT | varchar | 255 | ('') | File Extension: possible values are .dat, .AgentStatus, .SecurityRisk, .VirusScans, .VirusLogs, .Inventory | ||
DATA_HANDLER | LF_HANDLER | varchar | 255 | ('') | Classes that handle data files: AvMan = com.sygate.scm.server.logreader.av.LogHandler Legacy agentstatus = com.sygate.scm.server.logreader.av.AgentStatusHandler Legacy inventory = com.sygate.scm.server.logreader.av.InventoryHandler Legacy security and virus logs = com.sygate.scm.server.logreader.av.LogHandler |
||
DATA_HANDLER | LF_SORT | tinyint | 1 | ((0)) | Sort files: 0 = Ascending by file modification time, 1 = Descending by file modification time | ||
SEM_AGENT | LICENSE_EXPIRY | bigint | 8 | ((0)) | For future use | ||
SEM_AGENT | LICENSE_ID | char | 32 | √ | null | SEP license ID | |
INVENTORYREPORT | LICENSE_STATUS | tinyint | 1 | √ | ((127)) | Not used | |
SEM_AGENT | LICENSE_STATUS | int | 4 | ((-1)) | For future use | ||
ALERTFILTER | LIMITROWS | int | 4 | ((20)) | Number of rows to use for pagination | ||
AUDIT_REPORT | LIMITROWS | int | 4 | ((20)) | Number of rows to use for pagination | ||
BEHAVIOR_REPORT | LIMITROWS | int | 4 | ((20)) | Number of rows to show for pagination | ||
COMMAND_REPORT | LIMITROWS | int | 4 | ((20)) | Number of rows to use for pagination | ||
COMPLIANCE_REPORT | LIMITROWS | int | 4 | ((20)) | Number of rows to use for pagination | ||
FIREWALL_REPORT | LIMITROWS | int | 4 | ((20)) | Number of rows to use for pagination | ||
INVENTORYREPORT | LIMITROWS | int | 4 | ('20') | Number of rows to use for pagination | ||
SCANREPORT | LIMITROWS | int | 4 | ('0') | Number of rows to use for pagination | ||
SYSTEM_REPORT | LIMITROWS | int | 4 | ((20)) | Number of rows to use for pagination | ||
THREATREPORT | LIMITROWS | int | 4 | ('20') | Number of rows to use for pagination | ||
AGENT_PACKET_LOG_1 | LOCAL_HOST_IP | bigint | 8 | √ | null | The IP address of local computer (IPv4) | |
AGENT_PACKET_LOG_2 | LOCAL_HOST_IP | bigint | 8 | √ | null | The IP address of local computer (IPv4) | |
AGENT_SECURITY_LOG_1 | LOCAL_HOST_IP | bigint | 8 | √ | null | The IP address of local computer (IPv4) | |
AGENT_SECURITY_LOG_2 | LOCAL_HOST_IP | bigint | 8 | √ | null | The IP address of local computer (IPv4) | |
AGENT_TRAFFIC_LOG_1 | LOCAL_HOST_IP | bigint | 8 | √ | null | The IP address of local computer (IPv4) | |
AGENT_TRAFFIC_LOG_2 | LOCAL_HOST_IP | bigint | 8 | √ | null | The IP address of local computer (IPv4) | |
ALERTS | LOCAL_HOST_IP | bigint | 8 | √ | ((0)) | Local host IP | |
ENFORCER_TRAFFIC_LOG_1 | LOCAL_HOST_IP | bigint | 8 | The IP address of local computer (IPv4) | |||
ENFORCER_TRAFFIC_LOG_2 | LOCAL_HOST_IP | bigint | 8 | The IP address of local computer (IPv4) | |||
V_AGENT_PACKET_LOG | LOCAL_HOST_IP | bigint | 8 | √ | null | ||
V_AGENT_SECURITY_LOG | LOCAL_HOST_IP | bigint | 8 | √ | null | ||
V_AGENT_TRAFFIC_LOG | LOCAL_HOST_IP | bigint | 8 | √ | null | ||
V_ALERTS | LOCAL_HOST_IP | bigint | 8 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | LOCAL_HOST_IP | bigint | 8 | ||||
V_AGENT_PACKET_LOG | LOCAL_HOST_IP_TEXT | varchar | 123 | √ | null | ||
V_AGENT_SECURITY_LOG | LOCAL_HOST_IP_TEXT | varchar | 123 | √ | null | ||
V_AGENT_TRAFFIC_LOG | LOCAL_HOST_IP_TEXT | varchar | 123 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | LOCAL_HOST_IP_TEXT | varchar | 123 | √ | null | ||
AGENT_PACKET_LOG_1 | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | Local host IPv6 | |
AGENT_PACKET_LOG_2 | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | Local host IPv6 | |
AGENT_SECURITY_LOG_1 | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | Local host IPv6 | |
AGENT_SECURITY_LOG_2 | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | Local host IPv6 | |
AGENT_TRAFFIC_LOG_1 | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | Local host IPv6 | |
AGENT_TRAFFIC_LOG_2 | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | Local host IPv6 | |
V_AGENT_PACKET_LOG | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | ||
V_AGENT_SECURITY_LOG | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | ||
V_AGENT_TRAFFIC_LOG | LOCAL_HOST_IPV6 | varchar | 32 | √ | null | ||
AGENT_SECURITY_LOG_1 | LOCAL_HOST_MAC | varchar | 18 | √ | null | The MAC address of local computer | |
AGENT_SECURITY_LOG_2 | LOCAL_HOST_MAC | varchar | 18 | √ | null | The MAC address of local computer | |
AGENT_TRAFFIC_LOG_1 | LOCAL_HOST_MAC | varchar | 18 | √ | null | The MAC address of local computer | |
AGENT_TRAFFIC_LOG_2 | LOCAL_HOST_MAC | varchar | 18 | √ | null | The MAC address of local computer | |
V_AGENT_SECURITY_LOG | LOCAL_HOST_MAC | varchar | 18 | √ | null | ||
V_AGENT_TRAFFIC_LOG | LOCAL_HOST_MAC | varchar | 18 | √ | null | ||
AGENT_PACKET_LOG_1 | LOCAL_PORT | int | 4 | √ | null | The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |
AGENT_PACKET_LOG_2 | LOCAL_PORT | int | 4 | √ | null | The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |
AGENT_SECURITY_LOG_1 | LOCAL_PORT | int | 4 | ((0)) | Local port | ||
AGENT_SECURITY_LOG_2 | LOCAL_PORT | int | 4 | ((0)) | Local port | ||
AGENT_TRAFFIC_LOG_1 | LOCAL_PORT | int | 4 | √ | null | The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |
AGENT_TRAFFIC_LOG_2 | LOCAL_PORT | int | 4 | √ | null | The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |
COMPLIANCE_REPORT | LOCAL_PORT | int | 4 | √ | (NULL) | Port number | |
ENFORCER_TRAFFIC_LOG_1 | LOCAL_PORT | int | 4 | The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero | |||
ENFORCER_TRAFFIC_LOG_2 | LOCAL_PORT | int | 4 | The TCP/UDP port in local machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero | |||
V_AGENT_PACKET_LOG | LOCAL_PORT | int | 4 | √ | null | ||
V_AGENT_SECURITY_LOG | LOCAL_PORT | int | 4 | ||||
V_AGENT_TRAFFIC_LOG | LOCAL_PORT | int | 4 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | LOCAL_PORT | int | 4 | ||||
SEM_REPLICATION_STATE | LOCAL_SERVER_ID | char | 32 | GUID of a server | |||
VIRUSCATEGORY | LOCALE | int | 4 | ((0)) | Locale integer | ||
FIREWALL_REPORT | LOCALPORT | int | 4 | √ | (NULL) | Port number | |
COMPUTER_APPLICATION | LOCATION_ID | char | 32 | GUID of the location | |||
AGENT_SECURITY_LOG_1 | LOCATION_NAME | nvarchar | 512 | √ | null | The location used when event occurs | |
AGENT_SECURITY_LOG_2 | LOCATION_NAME | nvarchar | 512 | √ | null | The location used when event occurs | |
AGENT_TRAFFIC_LOG_1 | LOCATION_NAME | nvarchar | 512 | √ | null | The location used when event occurs | |
AGENT_TRAFFIC_LOG_2 | LOCATION_NAME | nvarchar | 512 | √ | null | The location used when event occurs | |
V_AGENT_SECURITY_LOG | LOCATION_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_TRAFFIC_LOG | LOCATION_NAME | nvarchar | 512 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
AGENT_BEHAVIOR_LOG_2 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
AGENT_PACKET_LOG_1 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
AGENT_PACKET_LOG_2 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
AGENT_SYSTEM_LOG_1 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
AGENT_SYSTEM_LOG_2 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
AGENT_TRAFFIC_LOG_1 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
AGENT_TRAFFIC_LOG_2 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
ENFORCER_CLIENT_LOG_1 | LOG_IDX | char | 32 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | LOG_IDX | char | 32 | √ | null | ||
ENFORCER_SYSTEM_LOG_1 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
ENFORCER_SYSTEM_LOG_2 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
ENFORCER_TRAFFIC_LOG_1 | LOG_IDX | char | 32 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | LOG_IDX | char | 32 | √ | null | ||
SERVER_CLIENT_LOG_1 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
SERVER_CLIENT_LOG_2 | LOG_IDX | char | 32 | √ | null | Log index unique ID | |
SERVER_ENFORCER_LOG_1 | LOG_IDX | char | 32 | √ | null | ||
SERVER_ENFORCER_LOG_2 | LOG_IDX | char | 32 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | LOG_IDX | char | 32 | √ | null | ||
V_AGENT_PACKET_LOG | LOG_IDX | char | 32 | √ | null | ||
V_AGENT_SYSTEM_LOG | LOG_IDX | char | 32 | √ | null | ||
V_AGENT_TRAFFIC_LOG | LOG_IDX | char | 32 | √ | null | ||
V_ENFORCER_CLIENT_LOG | LOG_IDX | char | 32 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | LOG_IDX | char | 32 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | LOG_IDX | char | 32 | √ | null | ||
V_SERVER_CLIENT_LOG | LOG_IDX | char | 32 | √ | null | ||
V_SERVER_ENFORCER_LOG | LOG_IDX | char | 32 | √ | null | ||
ANOMALYDETECTIONS | LOG_SESSION_GUID | char | 32 | ('') | This is an ID used by the client to keep track of related threat events. | ||
ANOMALYREMEDIATIONS | LOG_SESSION_GUID | char | 32 | This is an ID used by the client to keep track of related threat events. | |||
LOG_CONFIG | LOG_TYPE | int | 4 | ||||
INVENTORYCURRENTRISK1 | LOGON_USER | nvarchar | 512 | √ | null | User who was logged on when risk was first detected | |
SEM_COMPUTER | MAC_ADDR1 | varchar | 17 | √ | null | ||
SEM_SVA_COMPUTER | MAC_ADDR1 | varchar | 17 | √ | null | ||
V_SEM_COMPUTER | MAC_ADDR1 | varchar | 17 | √ | null | ||
SEM_COMPUTER | MAC_ADDR2 | varchar | 17 | √ | null | ||
SEM_SVA_COMPUTER | MAC_ADDR2 | varchar | 17 | √ | null | ||
V_SEM_COMPUTER | MAC_ADDR2 | varchar | 17 | √ | null | ||
SEM_COMPUTER | MAC_ADDR3 | varchar | 17 | √ | null | ||
SEM_SVA_COMPUTER | MAC_ADDR3 | varchar | 17 | √ | null | ||
V_SEM_COMPUTER | MAC_ADDR3 | varchar | 17 | √ | null | ||
SEM_COMPUTER | MAC_ADDR4 | varchar | 17 | √ | null | ||
SEM_SVA_COMPUTER | MAC_ADDR4 | varchar | 17 | √ | null | ||
V_SEM_COMPUTER | MAC_ADDR4 | varchar | 17 | √ | null | ||
LAN_DEVICE_DETECTED | MAC_ADDRESS | varchar | 18 | Mac Address of the device | |||
LAN_DEVICE_EXCLUDED | MAC_ADDRESS | varchar | 18 | √ | null | Mac Address of the device | |
V_LAN_DEVICE_DETECTED | MAC_ADDRESS | varchar | 18 | ||||
V_LAN_DEVICE_EXCLUDED | MAC_ADDRESS | varchar | 18 | √ | null | ||
AGENTSTATUS | MACHINE_NAME | nvarchar | 128 | ('') | Computer name of the client computer | ||
AGENTSTATUS | int | 4 | ((0)) | Flag whether e-mail has already been sent (1 = Yes, 0 = No) | |||
SEM_AGENT | MAJOR_VERSION | int | 4 | ((0)) | SEP version: 11 | ||
SEM_SVA | MAJOR_VERSION | int | 4 | ((0)) | |||
V_VIRUS | MAXCATEGORY | int | 4 | ||||
VIRUS | MAXCATEGORY | int | 4 | ((-1)) | Maximum category that the virus has reached. Values are 1 through 5. -1 means unknown or not applicable. This rating is only applicable to viral threats. | ||
SEM_COMPUTER | MEMORY | bigint | 8 | √ | null | Physical memory in kb | |
SEM_SVA_COMPUTER | MEMORY | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | MEMORY | bigint | 8 | √ | null | ||
SCANS | MESSAGE1 | nvarchar | 510 | ('') | Scan message when scan started | ||
SCANS | MESSAGE2 | nvarchar | 510 | ('') | Scan message when scan ended | ||
LICENSE | METER_COUNT | int | 4 | seat count, read from license file | |||
LICENSE_CHAIN | METER_COUNT | int | 4 | seat count, from license file | |||
SEM_AGENT | MINOR_VERSION | int | 4 | ((0)) | Minor version | ||
SEM_SVA | MINOR_VERSION | int | 4 | ((0)) | |||
SEM_AGENT | MOBILE_PHONE | varchar | 32 | √ | null | Employee mobile number | |
ALERTS | MOTHER_IDX | char | 32 | ('') | Pointer to the related compressed event in the ALERTS table. This is the compressed event created by database maintenance. A value here means this event has been aggregated server-side and is a child event. | ||
V_ALERTS | MOTHER_IDX | char | 32 | ||||
HYPERVISOR_PATTERN | MOTHERBOARD_MANUFACTURER_PREFIX | varchar | 128 | √ | null | Keeps prefix for the motherboard manufactures | |
NOTIFICATIONALERTS | MSG | nvarchar | 2048 | ('') | Notification alert message text | ||
SERVER_ADMIN_LOG_1 | MSG_ID | int | 4 | √ | null | Event description ID, use this ID to load the localized message (Only used when an exception is related to this event). ** See worksheet ERROR_CODE and MSG_ID values. ** | |
SERVER_ADMIN_LOG_2 | MSG_ID | int | 4 | √ | null | Event description ID, use this ID to load the localized message (Only used when an exception is related to this event). ** See worksheet ERROR_CODE and MSG_ID values. ** | |
SERVER_SYSTEM_LOG_1 | MSG_ID | int | 4 | √ | null | Event description ID, use this ID to load localized message (Only used when an exception is related to this event) ** See ERROR_CODE and MSG_ID worksheet ** | |
SERVER_SYSTEM_LOG_2 | MSG_ID | int | 4 | √ | null | Event description ID, use this ID to load localized message (Only used when an exception is related to this event) | |
SYSTEM_REPORT | MSG_ID | varchar | 255 | ('') | This field stores the hard-coded English string key found to the left of the = sign. To the right is a description of the kinds of error messages that will be queried. % or blank in this field means no filtering (all records). See "ERROR_CODE and MSG_ID" worksheet for the list of corresponding MSG IDs that fall into each bucket. For System>Administrative: ERR_SERVER=Server error messages ERR_INVALID_PARAMETER=Invalid parameter error messages ERR_GENERAL=General error messages ERR_ROOT=Root error messages ERR_AUTHENTICATION=Login related error messages ERR_METADATA=Metadata error messages ERR_TRANSACTION=Transaction error messages ERR_DATASTORE=Datastore error messages ERR_LICENSE=License error messages ERR_CERTIFICATE=Certificate error messages ERR_GROUP=Group error messages ERR_FILE=File related error messages ERR_LIVEUPDATE=LiveUpdate error messages ERR_OTHER=Other error messages ERR_NONE=None For System> Server activity: ERR_SERVER=Server error messages ERR_INVALID_PARAMETER=Invalid parameter error messages ERR_GENERAL=General error messages ERR_ROOT=Root error messages ERR_AUTHENTICATION=Login related error messages ERR_METADATA=Metadata error messages ERR_TRANSACTION=Transaction error messages ERR_DATASTORE=Datastore error messages ERR_LICENSE=License error messages ERR_CERTIFICATE=Certificate error messages ERR_GROUP=Group error messages ERR_FILE=File related error messages ERR_LIVEUPDATE=LiveUpdate error messages ERR_OTHER=Other error messages ERR_NONE=None |
||
V_SERVER_ADMIN_LOG | MSG_ID | int | 4 | √ | null | ||
V_SERVER_SYSTEM_LOG | MSG_ID | int | 4 | √ | null | ||
BASIC_METADATA | NAME | nvarchar | 4000 | √ | null | Object name | |
HISTORYCONFIG | NAME | nvarchar | 510 | ('') | Name of this scheduled report | ||
IDENTITY_MAP | NAME | nvarchar | 4000 | √ | null | Name of the object | |
NOTIFICATION | NAME | nvarchar | 510 | ('') | Name of notification configuration | ||
V_DOMAINS | NAME | nvarchar | 4000 | √ | null | ||
V_GROUPS | NAME | nvarchar | 4000 | √ | null | ||
V_SERVERS | NAME | nvarchar | 4000 | √ | null | ||
AGENT_SECURITY_LOG_1 | NETWORK_PROTOCOL | tinyint | 1 | √ | null | The protocol type: Enum (OTHERS = 1; TCP = 2; UDP = 3; ICMP = 4) | |
AGENT_SECURITY_LOG_2 | NETWORK_PROTOCOL | tinyint | 1 | √ | null | The protocol type: Enum (OTHERS = 1; TCP = 2; UDP = 3; ICMP = 4) | |
AGENT_TRAFFIC_LOG_1 | NETWORK_PROTOCOL | tinyint | 1 | √ | null | The protocol type: Enum (OTHERS = 1; TCP = 2; UDP = 3; ICMP = 4) | |
AGENT_TRAFFIC_LOG_2 | NETWORK_PROTOCOL | tinyint | 1 | √ | null | The protocol type: Enum (OTHERS = 1; TCP = 2; UDP = 3; ICMP = 4) | |
COMPLIANCE_REPORT | NETWORK_PROTOCOL | tinyint | 1 | √ | (NULL) | 1 = Other, 2 = TCP, 3 = UDP, 4 = ICMP | |
ENFORCER_TRAFFIC_LOG_1 | NETWORK_PROTOCOL | tinyint | 1 | The protocol type: Enum (OTHERS = 1; TCP = 2; UDP = 3; ICMP = 4) | |||
ENFORCER_TRAFFIC_LOG_2 | NETWORK_PROTOCOL | tinyint | 1 | The protocol type: Enum (OTHERS = 1; TCP = 2; UDP = 3; ICMP = 4) | |||
V_AGENT_SECURITY_LOG | NETWORK_PROTOCOL | tinyint | 1 | √ | null | ||
V_AGENT_TRAFFIC_LOG | NETWORK_PROTOCOL | tinyint | 1 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | NETWORK_PROTOCOL | tinyint | 1 | ||||
ALERTS | NOOFVIRUSES | int | 4 | ((1)) | Number of events for aggregated event record. This can be due to client-side aggregation, server-side compression, or both. | ||
V_ALERTS | NOOFVIRUSES | int | 4 | ||||
NOTIFICATION | NOTAG_IDX | char | 32 | ||||
NOTIFICATIONALERTS | NOTAG_IDX | char | 32 | ('') | Notification which triggered this alert (Pointer to table 'notification') | ||
ALERTFILTER | NOTIFICATIONNAME | nvarchar | 510 | ('') | Name of selected notification condition | ||
NOTIFICATION | NTIMES | int | 4 | ((0)) | Number of occurrences to trigger this notification | ||
SERVER_POLICY_LOG_1 | OBJECT_ID | char | 32 | GUID of the AgentPolicy | |||
SERVER_POLICY_LOG_2 | OBJECT_ID | char | 32 | GUID of the AgentPolicy | |||
V_SERVER_POLICY_LOG | OBJECT_ID | char | 32 | ||||
SEM_AGENT | OFFICE_PHONE | varchar | 32 | √ | null | Employee office number | |
SCANS | OMITTED | bigint | 8 | ((0)) | Number of files omitted | ||
INVENTORYREPORT | ONOFF | tinyint | 1 | √ | ((127)) | Auto-Protect Status: 0 = filter for off, 127 = No filter (all) |
|
SEM_OS_INFO | OPERATING_SYSTEM | nvarchar | 256 | ||||
SEM_COMPUTER | OPERATION_SYSTEM | nvarchar | 256 | √ | null | Operation System name | |
SEM_SVA_COMPUTER | OPERATION_SYSTEM | nvarchar | 256 | √ | null | ||
V_SEM_COMPUTER | OPERATION_SYSTEM | nvarchar | 256 | √ | null | ||
INVENTORYREPORT | OPERATOR | tinyint | 1 | ((0)) | Not used | ||
SEM_AGENT | OS_BIT_TYPE | varchar | 8 | √ | null | ||
SEM_OS_INFO | OS_FAMILY | int | 4 | Operating system family | |||
SEM_COMPUTER | OS_LANG | int | 4 | √ | null | Operating system language ID, for example, English = 0x09 | |
SEM_SVA_COMPUTER | OS_LANG | int | 4 | √ | null | ||
V_SEM_COMPUTER | OS_LANG | int | 4 | √ | null | ||
SEM_OS_INFO | OS_MAJOR | int | 4 | √ | ('') | Operating system major version | |
SEM_OS_INFO | OS_MINOR | int | 4 | √ | ('') | Operating system minor version | |
SEM_OS_INFO | OS_NAME | nvarchar | 128 | Operating system name | |||
COMPLIANCE_REPORT | OS_TYPE | int | 4 | √ | (NULL) | 600 = Windows Vista and Windows Server 2008 502 = Windows 2003 and Windows XP 64 bit 501 = Windows XP 500 = Windows 2000 400 = Windows NT 000 = Other |
|
SEM_OS_INFO | OS_TYPE | nvarchar | 128 | √ | ('') | Operating system type | |
SEM_AGENT | OSELAM_STATUS | tinyint | 1 | ((127)) | |||
SEM_CLIENT | OU_GUID | char | 32 | √ | null | OU's GUID if the client is from ActiveDirectory | |
SEM_SVA_CLIENT | OU_GUID | char | 32 | √ | null | ||
V_VIRUS | OVERALL | int | 4 | ||||
VIRUS | OVERALL | int | 4 | ((-1)) | An average of all the security risk ratings. This rating is only applicable to non-viral threats. | ||
BASIC_METADATA | OWNER | char | 32 | √ | null | GUID of the owner. It only applies to a private object. | |
BINARY_FILE | OWNER | char | 32 | √ | null | GUID of the owner. It only applies to private object | |
NOTIFICATIONHISTORY | OWNER | char | 32 | ||||
SYSTEM_STATE | OWNER | char | 32 | √ | null | GUID of the corresponding schema object | |
AGENT_BEHAVIOR_LOG_1 | PARAM_DEVICE_ID | varchar | 256 | √ | null | GUID of an external device (floppy disk, dvd, USB device, etc.) | |
AGENT_BEHAVIOR_LOG_2 | PARAM_DEVICE_ID | varchar | 256 | √ | null | GUID of an external device (floppy disk, dvd, USB device, etc.) | |
V_AGENT_BEHAVIOR_LOG | PARAM_DEVICE_ID | varchar | 256 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | PARAMETER | nvarchar | 512 | √ | null | Parameters that were used in the API call. Each parameter was converted to string format and separated by one space character. Double quotation mark characters within the string are escaped with a \ character. | |
AGENT_BEHAVIOR_LOG_2 | PARAMETER | nvarchar | 512 | √ | null | Parameters that were used in the API call. Each parameter was converted to STRING format and separated by one space character. Double quotation characters within the string are escape by a \ char. | |
GUIPARMS | PARAMETER | varchar | 255 | ('') | Parameter name | ||
HOMEPAGECONFIG | PARAMETER | varchar | 255 | ('') | Parameter name | ||
V_AGENT_BEHAVIOR_LOG | PARAMETER | nvarchar | 512 | √ | null | ||
ALERTFILTER | PARENTSERVER | nvarchar | 510 | ('') | Not used | ||
NOTIFICATION | PARENTSERVER | nvarchar | 510 | ('%') | Name of parent server(s) to which this notification applies (Comma-separated list, wild-cards allowed) | ||
ALERTS | PARENTSERVER_IDX | char | 32 | ('') | Pointer to table 'identity_map'; this is the SEPM server GUID | ||
SCANS | PARENTSERVER_IDX | char | 32 | ('') | Pointer to table IDENTITY_MAP (server GUID) | ||
V_ALERTS | PARENTSERVER_IDX | char | 32 | ||||
THREATREPORT | PARENTSERVERINCLUDE | int | 4 | ('0') | Whether to include (1) or exclude (0) the servers in the list. (Always set to 1 in SAV 11.0.) | ||
AUDIT_REPORT | PARENTSERVERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded server names by which to filter | ||
BEHAVIOR_REPORT | PARENTSERVERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded server names by which to filter | ||
COMPLIANCE_REPORT | PARENTSERVERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded server names by which to filter | ||
FIREWALL_REPORT | PARENTSERVERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded server names by which to filter | ||
INVENTORYREPORT | PARENTSERVERLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of server names by which to filter | ||
SCANREPORT | PARENTSERVERLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of parent servers by which to filter | ||
SYSTEM_REPORT | PARENTSERVERLIST | nvarchar | 510 | ('') | comma separated, wild-card server names by which to filter | ||
THREATREPORT | PARENTSERVERLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of SEPM servers by which to filter | ||
INVENTORYREPORT | PATTERN_IDX | varchar | 255 | ('%') | Hard-coded English string used as key (filters for Antivirus signature version): WITHIN_RELATIVE_30 = Within the last 30 days WITHIN_RELATIVE_90 = Within the last 90 days OUTSIDE_RELATIVE_30 = Older than the last 30 days OUTSIDE_RELATIVE_90 = Older than the last 90 days or virus definition revision which results in an < = query on that revision. |
||
PATTERN | PATTERN_IDX | char | 32 | ||||
SEM_AGENT | PATTERN_IDX | char | 32 | ('') | Pointer to table 'pattern' | ||
SEM_CONTENT | PATTERN_IDX | char | 32 | Pointer to pattern table | |||
V_IPS | PATTERN_IDX | char | 32 | ||||
V_MR_CLEAN | PATTERN_IDX | char | 32 | ||||
V_SEM_CONTENT | PATTERN_IDX | char | 32 | ||||
V_SONAR | PATTERN_IDX | char | 32 | ||||
V_VIRUS | PATTERN_IDX | char | 32 | ||||
VIRUS | PATTERN_IDX | char | 32 | ('') | Pointer to table 'pattern', that protects against this threat/virus | ||
PATTERN | PATTERN_TYPE | nvarchar | 256 | ('') | Virus definition = VIRUS_DEFS DECABI DEUCE_SIG ERASER_ENGINE PTS_CONTENT PTS_ENGINE SYKNAPPS_CAL SYKNAPPS_ENGINE SYKNAPPS_WHITELIST |
||
V_IPS | PATTERN_TYPE | nvarchar | 256 | ||||
V_MR_CLEAN | PATTERN_TYPE | nvarchar | 256 | ||||
V_SONAR | PATTERN_TYPE | nvarchar | 256 | ||||
PATTERN | PATTERNDATE | datetime | 16,3 | ('19700101') | Date when this content was released | ||
V_IPS | PATTERNDATE | datetime | 16,3 | ||||
COMMAND | PERCENT_COMPLETE | tinyint | 1 | ((0)) | Progress (0-100%) of command based on estimated duration. | ||
COMMAND_REPORT | PERCENT_COMPLETE | tinyint | 1 | √ | (NULL) | Command progress | |
V_VIRUS | PERFORMANCE | int | 4 | ||||
VIRUS | PERFORMANCE | int | 4 | ((-1)) | Measures the negative impact that the presence of a security risk has on the computer's performance. 0= No rating, 1,2= Low, 3= Medium, 4>= High, -1 means not applicable. This rating is only applicable to non-viral threats. | ||
ENFORCER_CLIENT_LOG_1 | PERIOD | int | 4 | √ | null | The period in seconds that the Enforcer will take action on the client. Only valid when action is equal to Rejected and Disconnected. For other actions, this field must be 0. | |
ENFORCER_CLIENT_LOG_2 | PERIOD | int | 4 | √ | null | The period in seconds that the Enforcer will take action on the client. Only valid when action is equal to Rejected and Disconnected. For other actions, this field must be 0. | |
V_ENFORCER_CLIENT_LOG | PERIOD | int | 4 | √ | null | ||
SEM_CLIENT | PIN_MARK | tinyint | 1 | √ | null | A flag to mark if this client should synchronized with ActiveDirectory | |
SEM_SVA_CLIENT | PIN_MARK | tinyint | 1 | √ | null | ||
SERIAL_NUMBERS | POLICY_LAST_MODIFIED | bigint | 8 | √ | null | The time when the event is logged into system (GMT), which is server side time | |
LEGACY_AGENT | POLICY_MODE | int | 4 | User/Computer mode | |||
SEM_CLIENT | POLICY_MODE | int | 4 | √ | null | Enum {USER_MODE, COMPUTER_MODE} | |
V_CLIENT_CHANGE_LOG | POLICY_MODE | int | 4 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | POLICY_STATUS | char | 32 | √ | null | Policy Status such as Passed, Failed, Unknown etc | |
ENFORCER_CLIENT_LOG_2 | POLICY_STATUS | char | 32 | √ | null | Policy Status such as Passed, Failed, Unknown etc | |
V_ENFORCER_CLIENT_LOG | POLICY_STATUS | char | 32 | √ | null | ||
AUDIT_REPORT | POLICYNAMELIST | nvarchar | 510 | ('') | Comma-separated, wild-carded policy names by which to filter | ||
SYSTEM_REPORT | POLICYNAMELIST | nvarchar | 510 | ('') | Comma-separated, wild-card policy names by which to filter | ||
GUP_LIST | PORT | int | 4 | Represents the GUP port | |||
HPP_ALERTS | PREVALENCE | int | 4 | ((0)) | The prevalence data for the application 0: Unknown. 1-50: Very low 51-100: Low 101-150: Moderate 151-200: High 201-255: Very high > 255: Very high Default is 0 |
||
V_VIRUS | PRIVACY | int | 4 | ||||
VIRUS | PRIVACY | int | 4 | ((-1)) | The level of privacy that is lost due to the presence of a security risk on a computer. 0= No rating, 1, 2 = Low, 3 = Medium, 4 >= High, -1 means not applicable. This rating is only applicable to non-viral threats. | ||
SEM_COMPUTER | PROCESSOR_CLOCK | bigint | 8 | √ | null | Processor clock | |
SEM_SVA_COMPUTER | PROCESSOR_CLOCK | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | PROCESSOR_CLOCK | bigint | 8 | √ | null | ||
SEM_COMPUTER | PROCESSOR_NUM | int | 4 | √ | null | Number of processors | |
SEM_SVA_COMPUTER | PROCESSOR_NUM | int | 4 | √ | null | ||
V_SEM_COMPUTER | PROCESSOR_NUM | int | 4 | √ | null | ||
SEM_COMPUTER | PROCESSOR_TYPE | nvarchar | 128 | √ | null | Processor type | |
SEM_SVA_COMPUTER | PROCESSOR_TYPE | nvarchar | 128 | √ | null | ||
V_SEM_COMPUTER | PROCESSOR_TYPE | nvarchar | 128 | √ | null | ||
THREATREPORT | PRODUCT | varchar | 32 | ('generic') | Not used | ||
VERSION | PRODUCT | char | 20 | ||||
LICENSE | PRODUCT_ID | varchar | 32 | product code , indicating sepe/sepsb product type, version and suffix. Read from license file | |||
LICENSE | PRODUCT_NAME | varchar | 128 | Example: Symantec Endpoint Protection Small Business Edition 12.0 Trial License |
|||
LICENSE | PRODUCT_TYPE | varchar | 32 | Enteprise or small business product type : SEPSB / SEPE | |||
INVENTORYREPORT | PRODUCTVERSION | varchar | 32 | ('%') | Product version by which to filter | ||
SEM_AGENT | PROFILE_CHECKSUM | char | 32 | √ | null | Current profile checksum of agent | |
AGENT_SECURITY_LOG_1 | PROFILE_SERIAL_NO | varchar | 64 | √ | null | Policy serial number | |
AGENT_SECURITY_LOG_2 | PROFILE_SERIAL_NO | varchar | 64 | √ | null | Policy serial number | |
SEM_AGENT | PROFILE_SERIAL_NO | varchar | 64 | √ | null | Current profile serial number of agent | |
SERIAL_NUMBERS | PROFILE_SERIAL_NO | varchar | 64 | Profile serial number of the group | |||
V_AGENT_SECURITY_LOG | PROFILE_SERIAL_NO | varchar | 64 | √ | null | ||
INVENTORYREPORT | PROFILE_VERSION | varchar | 64 | ('%') | Profile version by which to filter | ||
SEM_AGENT | PROFILE_VERSION | varchar | 64 | √ | null | Current profile version of agent | |
FIREWALL_REPORT | PROTOCOL | int | 4 | √ | (NULL) | 1 = Other, 2 = TCP, 3 = UDP, 4 = ICMP | |
INVENTORYREPORT | PTP_ONOFF | tinyint | 1 | ((127)) | Proactive threat protection status: 0 = off 1 = on 2 = not installed 3 = off by admin policy 127 = unknown. Default is 127 |
||
SEM_AGENT | PTP_ONOFF | tinyint | 1 | ((127)) | Enabled state of Proactive threat protection is 0 = off 1 = on 2 = not installed 3 = off by admin policy 127 = unknown. Default is 127 |
||
INVENTORYREPORT | R_OS_TYPE | int | 4 | √ | ((-1)) | 600 = Windows Vista and Windows Server 2008, 502 = Windows 2003 and Windows XP 64 bit, 501 = Windows XP, 500 = Windows 2000, 400 = Windows NT 000 = Other -1 = No filter (all) |
|
SCANREPORT | R_OS_TYPE | int | 4 | √ | ((-1)) | Operating System type running on the client computer: | |
SEM_AGENT | R_OS_TYPE | int | 4 | √ | null | Enum that indicates the operating system on the client computer. | |
SEM_SVA | R_OS_TYPE | int | 4 | √ | null | ||
THREATREPORT | R_OS_TYPE | int | 4 | √ | ((-1)) | Operating System type running on the client computer: | |
ENFORCER_CLIENT_LOG_1 | RADIUS_STATUS | char | 32 | √ | null | Radius Status | |
ENFORCER_CLIENT_LOG_2 | RADIUS_STATUS | char | 32 | √ | null | Radius Status | |
V_ENFORCER_CLIENT_LOG | RADIUS_STATUS | char | 32 | √ | null | ||
SEM_AGENT | REBOOT_REASON | varchar | 128 | ('') | Format is Components: AVMAN = Antivirus LUMAN = LiveUpdate FW = Network Threat Protection GUP = Group Update Provider Reasons: 1 = risk remediation to complete 2 = product patch to apply 3 = content download to apply |
||
INVENTORYREPORT | REBOOT_REQUIRED | tinyint | 1 | √ | ((127)) | Restart required status: 1 = filter for needs restart, 127 = No filter (all) |
|
SEM_AGENT | REBOOT_REQUIRED | tinyint | 1 | ((0)) | Reboot Required: 0 = No, 1 = Yes | ||
BASIC_METADATA | REF_ID | varchar | 32 | √ | null | Object reference ID | |
OAUTH_ACCESS_TOKEN | REFRESH_TOKEN | varchar | 80 | √ | null | ||
ALERTFILTER | RELATIVEDATETYPE | int | 4 | ((0)) | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
AUDIT_REPORT | RELATIVEDATETYPE | int | 4 | ((0)) | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
BEHAVIOR_REPORT | RELATIVEDATETYPE | int | 4 | ((0)) | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
COMMAND_REPORT | RELATIVEDATETYPE | int | 4 | ((0)) | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
COMPLIANCE_REPORT | RELATIVEDATETYPE | int | 4 | ((0)) | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
FIREWALL_REPORT | RELATIVEDATETYPE | int | 4 | ((0)) | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
INVENTORYREPORT | RELATIVEDATETYPE | int | 4 | ('0') | Last check in time if relative filtering used: 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
SCANREPORT | RELATIVEDATETYPE | int | 4 | ('0') | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
SYSTEM_REPORT | RELATIVEDATETYPE | int | 4 | ((0)) | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
THREATREPORT | RELATIVEDATETYPE | int | 4 | ('0') | 0 = past week 1 = past month 2 = past three months 3 = past year 4 = past 24 hours 5 = current month |
||
ANOMALYREMEDIATIONOPERATION | REMEDIATION_OPERATION_DESC | varchar | 255 | ('') | Remediation_Operation_ID, Remediation_Operation_Desc (a hard-coded English string used for lookup) 0 = Unknown 1 = Delete 2 = Delete Line 3 = Move 4 = Create Empty File 5 = Set 6 = Terminate 7 = Suspend 8 = Stop 9 = Remove 10 = Handle Threat 11 = Set IP Address 12 = Set Domain Name 13 = Deny Access 999 = Invalid 1001 = Move 1002 = Rename 1003 = Delete 1004 = Leave Alone 1005 = Clean 1006 = Remove Macros 1007 = Save As 1008 = Move Back 1010 = Rename Back 1011 = Undo 1012 = Bad 1013 = Backup 1014 = Pending 1015 = Partial 1016 = Terminate 1017 = Exclude 1018 = Reboot Processing 1019 = Clean By Deletion 1020 = Access Denied |
||
ANOMALYREMEDIATIONOPERATION | REMEDIATION_OPERATION_ID | int | 4 | ||||
ANOMALYREMEDIATIONTYPE | REMEDIATION_TYPE_DESC | varchar | 255 | ('') | Remediation_Type_ID, Remediation_Type_Desc (hard-coded English string used for lookup) 2000 = Registry 2001 = File 2002 = Process 2003 = Batch File 2004 = INI File 2005 = Service 2006 = Infected File 2007 = COM Object 2008 = Hosts File Entry 2009 = Directory 2010 = Layered Service Provider 2011 = Internet Browser Cache |
||
ANOMALYREMEDIATIONTYPE | REMEDIATION_TYPE_ID | int | 4 | ||||
ENFORCER_CLIENT_LOG_1 | REMOTE_HOST | nvarchar | 512 | √ | null | Remote host name | |
ENFORCER_CLIENT_LOG_2 | REMOTE_HOST | nvarchar | 512 | √ | null | Remote host name | |
V_ENFORCER_CLIENT_LOG | REMOTE_HOST | nvarchar | 512 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | REMOTE_HOST_INFO | nvarchar | 256 | √ | null | Remote host information | |
ENFORCER_CLIENT_LOG_2 | REMOTE_HOST_INFO | nvarchar | 256 | √ | null | Remote host information | |
V_ENFORCER_CLIENT_LOG | REMOTE_HOST_INFO | nvarchar | 256 | √ | null | ||
AGENT_PACKET_LOG_1 | REMOTE_HOST_IP | bigint | 8 | √ | null | The IP address of remote computer (IPv4) | |
AGENT_PACKET_LOG_2 | REMOTE_HOST_IP | bigint | 8 | √ | null | The IP address of remote computer (IPv4) | |
AGENT_SECURITY_LOG_1 | REMOTE_HOST_IP | bigint | 8 | √ | null | The IP address of remote computer (IPv4) | |
AGENT_SECURITY_LOG_2 | REMOTE_HOST_IP | bigint | 8 | √ | null | The IP address of remote computer (IPv4) | |
AGENT_TRAFFIC_LOG_1 | REMOTE_HOST_IP | bigint | 8 | √ | null | The IP address of remote computer (IPv4) | |
AGENT_TRAFFIC_LOG_2 | REMOTE_HOST_IP | bigint | 8 | √ | null | The IP address of remote computer (IPv4) | |
ENFORCER_TRAFFIC_LOG_1 | REMOTE_HOST_IP | bigint | 8 | The IP address of remote computer (IPv4) | |||
ENFORCER_TRAFFIC_LOG_2 | REMOTE_HOST_IP | bigint | 8 | The IP address of remote computer (IPv4) | |||
V_AGENT_PACKET_LOG | REMOTE_HOST_IP | bigint | 8 | √ | null | ||
V_AGENT_SECURITY_LOG | REMOTE_HOST_IP | bigint | 8 | √ | null | ||
V_AGENT_TRAFFIC_LOG | REMOTE_HOST_IP | bigint | 8 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | REMOTE_HOST_IP | bigint | 8 | ||||
V_AGENT_PACKET_LOG | REMOTE_HOST_IP_TEXT | varchar | 123 | √ | null | ||
V_AGENT_SECURITY_LOG | REMOTE_HOST_IP_TEXT | varchar | 123 | √ | null | ||
V_AGENT_TRAFFIC_LOG | REMOTE_HOST_IP_TEXT | varchar | 123 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | REMOTE_HOST_IP_TEXT | varchar | 123 | √ | null | ||
AGENT_PACKET_LOG_1 | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | Remote host IPv6 | |
AGENT_PACKET_LOG_2 | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | Remote host IPv6 | |
AGENT_SECURITY_LOG_1 | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | Remote host IPv6 | |
AGENT_SECURITY_LOG_2 | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | Remote host IPv6 | |
AGENT_TRAFFIC_LOG_1 | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | Remote host IPv6 | |
AGENT_TRAFFIC_LOG_2 | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | Remote host IPv6 | |
V_AGENT_PACKET_LOG | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | ||
V_AGENT_SECURITY_LOG | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | ||
V_AGENT_TRAFFIC_LOG | REMOTE_HOST_IPV6 | varchar | 32 | √ | null | ||
AGENT_SECURITY_LOG_1 | REMOTE_HOST_MAC | varchar | 18 | √ | null | The MAC address of remote computer | |
AGENT_SECURITY_LOG_2 | REMOTE_HOST_MAC | varchar | 18 | √ | null | The MAC address of remote computer | |
AGENT_TRAFFIC_LOG_1 | REMOTE_HOST_MAC | varchar | 18 | √ | null | The MAC address of remote computer | |
AGENT_TRAFFIC_LOG_2 | REMOTE_HOST_MAC | varchar | 18 | √ | null | The MAC address of remote computer | |
ENFORCER_CLIENT_LOG_1 | REMOTE_HOST_MAC | varchar | 17 | √ | null | Remote host MAC address | |
ENFORCER_CLIENT_LOG_2 | REMOTE_HOST_MAC | varchar | 17 | √ | null | Remote host MAC address | |
V_AGENT_SECURITY_LOG | REMOTE_HOST_MAC | varchar | 18 | √ | null | ||
V_AGENT_TRAFFIC_LOG | REMOTE_HOST_MAC | varchar | 18 | √ | null | ||
V_ENFORCER_CLIENT_LOG | REMOTE_HOST_MAC | varchar | 17 | √ | null | ||
AGENT_PACKET_LOG_1 | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | The Name of remote computer (it may be empty if name solve failed) | |
AGENT_PACKET_LOG_2 | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | The Name of remote computer (it may be empty if name solve failed) | |
AGENT_SECURITY_LOG_1 | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | The Name of remote computer (it may be empty if name solve failed) | |
AGENT_SECURITY_LOG_2 | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | The Name of remote computer (it may be empty if name solve failed) | |
AGENT_TRAFFIC_LOG_1 | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | The Name of remote computer (it may be empty if name solve failed) | |
AGENT_TRAFFIC_LOG_2 | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | The Name of remote computer (it may be empty if name solve failed) | |
V_AGENT_PACKET_LOG | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | ||
V_AGENT_SECURITY_LOG | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | ||
V_AGENT_TRAFFIC_LOG | REMOTE_HOST_NAME | nvarchar | 128 | √ | null | ||
AGENT_PACKET_LOG_1 | REMOTE_PORT | int | 4 | √ | null | The TCP/UDP port in remote machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |
AGENT_PACKET_LOG_2 | REMOTE_PORT | int | 4 | √ | null | The TCP/UDP port in remote machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |
AGENT_SECURITY_LOG_1 | REMOTE_PORT | int | 4 | ((0)) | Remote port | ||
AGENT_SECURITY_LOG_2 | REMOTE_PORT | int | 4 | ((0)) | Remote port | ||
AGENT_TRAFFIC_LOG_1 | REMOTE_PORT | int | 4 | √ | null | The TCP/UDP port in remote machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |
AGENT_TRAFFIC_LOG_2 | REMOTE_PORT | int | 4 | √ | null | The TCP/UDP port in remote machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |
ENFORCER_TRAFFIC_LOG_1 | REMOTE_PORT | int | 4 | The TCP/UDP port in remote machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |||
ENFORCER_TRAFFIC_LOG_2 | REMOTE_PORT | int | 4 | The TCP/UDP port in remote machine (host byte-order). It is only valid on TSE_TRAFFIC_TCP and TSE_TRAFFIC_UDP. On the other event, it is always zero. | |||
V_AGENT_PACKET_LOG | REMOTE_PORT | int | 4 | √ | null | ||
V_AGENT_SECURITY_LOG | REMOTE_PORT | int | 4 | ||||
V_AGENT_TRAFFIC_LOG | REMOTE_PORT | int | 4 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | REMOTE_PORT | int | 4 | ||||
SEM_REPLICATION_STATE | REMOTE_SITE_ID | char | 32 | GUID of a site | |||
AGENTSTATUS | REMOTE_TZ_OFFSET | int | 4 | ((0)) | Time zone offset | ||
COMPLIANCE_REPORT | REMOTEHOSTLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded remote computer names by which to filter | ||
FIREWALL_REPORT | REMOTEHOSTLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded remote computer names by which to filter | ||
FIREWALL_REPORT | REMOTEIPADDRLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded remote IP list by which to filter | ||
COMPLIANCE_REPORT | REMOTEIPLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded remote IP list by which to filter | ||
AGENTCONFIG | REMOTEX | int | 4 | ((0)) | 1 indicates this agent runs on a remote host; 0 indicates it is running locally on the SAV Reporter host itself. | ||
V_VIRUS | REMOVAL | int | 4 | ||||
VIRUS | REMOVAL | int | 4 | ((-1)) | Skill level required to remove the threat from a given computer. 0 = No rating, 1,2 = Low, 3 = Medium, 4 >= High, -1 means not applicable. This rating is only applicable to non-viral threats. | ||
LICENSE | RENEWAL_URL | varchar | 256 | √ | null | URL for the license renewal, created using slic library API | |
LICENSE_CHAIN | RENEWAL_URL | varchar | 256 | √ | null | URL for the license renewal, created using slic API | |
AGENT_BEHAVIOR_LOG_1 | REPETITION | int | 4 | ((1)) | Event repetition due to aggregation (damper) | ||
AGENT_BEHAVIOR_LOG_2 | REPETITION | int | 4 | ((1)) | Event repetition due to aggregation (damper) | ||
AGENT_SECURITY_LOG_1 | REPETITION | int | 4 | √ | null | The number of attacks. Sometime, when a hacker launches a mass attack, it may be damped to one event by the log system. | |
AGENT_SECURITY_LOG_2 | REPETITION | int | 4 | √ | null | The number of attacks. Sometime, when a hacker launches a mass attack, it may be damped to one event by the log system. | |
AGENT_TRAFFIC_LOG_1 | REPETITION | int | 4 | √ | null | The number of attacks. Sometime, when a hacker launches a mass attack, it may be damped to one event by the log system. | |
AGENT_TRAFFIC_LOG_2 | REPETITION | int | 4 | √ | null | The number of attacks. Sometime, when a hacker launches a mass attack, it may be damped to one event by the log system. | |
ENFORCER_TRAFFIC_LOG_1 | REPETITION | int | 4 | √ | null | The number of attacks. Sometime, when a hacker launches a mass attack, it may be damped to one event by the log system. | |
ENFORCER_TRAFFIC_LOG_2 | REPETITION | int | 4 | √ | null | The number of attacks. Sometime, when a hacker launches a mass attack, it may be damped to one event by the log system. | |
V_AGENT_BEHAVIOR_LOG | REPETITION | int | 4 | ||||
V_AGENT_SECURITY_LOG | REPETITION | int | 4 | √ | null | ||
V_AGENT_TRAFFIC_LOG | REPETITION | int | 4 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | REPETITION | int | 4 | √ | null | ||
V_SECURITY_VIEW | REPETITION | int | 4 | √ | null | ||
SEM_REPLICATION_STATE | REPLICATION_STATE | tinyint | 1 | ((0)) | Replication is in process or not. 0: not, 1: replication in process | ||
AUDIT_REPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
BEHAVIOR_REPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
COMMAND_REPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
COMPLIANCE_REPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
FIREWALL_REPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
HISTORYCONFIG | REPORT_IDX | varchar | 10 | ('I-0') | Format is Reporttype-number: example I-0 is Virus Definitions Distribution I = Computer Status Report 0 = Virus Definitions Distribution 1 = Computers Not Checked Into Server 2 = Symantec Endpoint Protection Product Versions 3 = Intrusion Prevention Signature Distribution 4 = Client Inventory 5 = Compliance Status Distribution 6 = Client Online Status 7 = Clients With Latest Policy 8 = Client Count by Group 9 = Security Status Summary 10 = Protection Content Versions 11 =Client Migration 100 = Client Software Rollout (Snapshots) 101 = Clients Online/Offline Over Time (Snapshots) 102 = Clients With Latest Policy Over Time (Snapshots) 103 = Non-Compliant Clients Over Time (Snapshots) 104 = Virus Definition Rollout (Snapshots) A = Audit Report 0 = Policies Used B = Application and Device Control Report 0 = Top Groups With Most Alerted Application Control Logs 1 = Top Targets Blocked 2 = Top Devices Blocked C = Compliance Report 0 = Network Compliance Status 1 = Compliance Status 2 = Clients by Compliance Failure Summary 3 = Compliance Failure Details 4 = Non-compliant Clients by Location F = Network Threat Protection Report 0 = Top Targets Attacked 1 = Top Sources of Attack 2 = Top Types of Attack 3 = Top Blocked Applications 4 = Attacks Over Time 5 = Security Events by Severity 6 = Blocked Applications Over Time 7 = Traffic Notifications Over Time 8 = Top Traffic Notifications 9 = Full Report R = Risk Report 0 = Infected and At Risk Computers 1 = Detection Action Summary 2 = Risk Detections Count 3 = New Risks Detected in the Network 4 = Top Risk Detections Correlation 5 = Risk Distribution Summary 6 = Risk Distribution Over Time 8 = Proactive Threat Detection Results 9 = Proactive Threat Distribution 10 = Proactive Threat Detection Over Time 11 = Action Summary for Top Risks 12 = Number of Notifications 14 = Number of Notifications Over Time 13 = Weekly Outbreaks 7 = Comprehensive Risk Report S = Scan Report 0 = Scan Statistics Histogram 1 = Computers by Last Scan Time 2 = Computers Not Scanned Y = System Report 0 = Top Clients That Generate Errors 1 = Top Servers That Generate Errors 2 = Top Enforcers That Generate Errors 3 = Database Replication Failures Over Time 4 =Site Status Report |
||
INVENTORYREPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
SCANREPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
SYSTEM_REPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
THREATREPORT | REPORT_IDX | int | 4 | ('0') | Not used | ||
REPORTS | REPORT_TIME | bigint | 8 | Report sample time | |||
AGENTSTATUS | REPORTER_TZ_OFFSET | int | 4 | ((0)) | Time zone offset | ||
ALERTFILTER | REPORTINPUTS | nvarchar | 128 | ('') | Special parameters if report needs them | ||
AUDIT_REPORT | REPORTINPUTS | nvarchar | 128 | ('') | Special parameters if report needs them | ||
BEHAVIOR_REPORT | REPORTINPUTS | nvarchar | 128 | ('') | Special parameters if report needs them | ||
COMMAND_REPORT | REPORTINPUTS | nvarchar | 128 | ('') | Special parameters if report needs them | ||
COMPLIANCE_REPORT | REPORTINPUTS | nvarchar | 128 | ('') | Special parameters if report needs them | ||
FIREWALL_REPORT | REPORTINPUTS | nvarchar | 128 | ('') | Special parameters if report needs them | ||
INVENTORYREPORT | REPORTINPUTS | nvarchar | 128 | ('') | Special parameters if report needs them | ||
SCANREPORT | REPORTINPUTS | nvarchar | 510 | ('') | Special parameters if report needs them | ||
SYSTEM_REPORT | REPORTINPUTS | nvarchar | 128 | ('') | Special parameters if report needs them | ||
THREATREPORT | REPORTINPUTS | nvarchar | 510 | ('') | Special parameters if report needs them | ||
ALERTS | REQUESTEDACTION_IDX | int | 4 | ((0)) | Pointer to table 'actualaction'; this is the action requested by the policy | ||
V_ALERTS | REQUESTEDACTION_IDX | int | 4 | ||||
AGENT_BEHAVIOR_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_PACKET_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_PACKET_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_SECURITY_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_SECURITY_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_SYSTEM_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_SYSTEM_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_TRAFFIC_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_TRAFFIC_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
BASIC_METADATA | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
BINARY_FILE | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
COMMAND | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
COMPUTER_APPLICATION | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
ENFORCER_SYSTEM_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
ENFORCER_SYSTEM_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
ENFORCER_TRAFFIC_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
IDENTITY_MAP | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
LAN_DEVICE_DETECTED | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
LAN_DEVICE_EXCLUDED | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
LEGACY_AGENT | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
LOCAL_METADATA | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
LOG_CONFIG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
REPORTS | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SEM_AGENT | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SEM_APPLICATION | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SEM_CLIENT | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SEM_COMPUTER | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SEM_JOB | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SEM_SVA | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SEM_SVA_CLIENT | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_ADMIN_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_ADMIN_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_CLIENT_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_CLIENT_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_ENFORCER_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_ENFORCER_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_POLICY_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_POLICY_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_SYSTEM_LOG_1 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SERVER_SYSTEM_LOG_2 | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
SYSTEM_STATE | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_AGENT_PACKET_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_AGENT_SECURITY_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_AGENT_SYSTEM_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_DOMAINS | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_ENFORCER_CLIENT_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_GROUPS | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_LAN_DEVICE_DETECTED | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_SERVER_ADMIN_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_SERVER_CLIENT_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_SERVER_ENFORCER_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_SERVER_POLICY_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_SERVER_SYSTEM_LOG | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
V_SERVERS | RESERVED_BIGINT1 | bigint | 8 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_PACKET_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_PACKET_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_SECURITY_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_SECURITY_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_SYSTEM_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_SYSTEM_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_TRAFFIC_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_TRAFFIC_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
BASIC_METADATA | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
BINARY_FILE | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
COMMAND | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
COMPUTER_APPLICATION | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
ENFORCER_SYSTEM_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
ENFORCER_SYSTEM_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
ENFORCER_TRAFFIC_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
IDENTITY_MAP | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
LAN_DEVICE_DETECTED | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
LAN_DEVICE_EXCLUDED | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
LEGACY_AGENT | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
LOCAL_METADATA | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
LOG_CONFIG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
REPORTS | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SEM_AGENT | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SEM_APPLICATION | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SEM_CLIENT | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SEM_COMPUTER | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SEM_JOB | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SEM_SVA | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SEM_SVA_CLIENT | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_ADMIN_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_ADMIN_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_CLIENT_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_CLIENT_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_ENFORCER_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_ENFORCER_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_POLICY_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_POLICY_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_SYSTEM_LOG_1 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SERVER_SYSTEM_LOG_2 | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
SYSTEM_STATE | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_AGENT_PACKET_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_AGENT_SECURITY_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_AGENT_SYSTEM_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_DOMAINS | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_ENFORCER_CLIENT_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_GROUPS | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_LAN_DEVICE_DETECTED | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_SERVER_ADMIN_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_SERVER_CLIENT_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_SERVER_ENFORCER_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_SERVER_POLICY_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_SERVER_SYSTEM_LOG | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
V_SERVERS | RESERVED_BIGINT2 | bigint | 8 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
AGENT_PACKET_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
AGENT_PACKET_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
AGENT_SECURITY_LOG_1 | RESERVED_BINARY | varbinary | 1900 | √ | null | ||
AGENT_SECURITY_LOG_2 | RESERVED_BINARY | varbinary | 1900 | √ | null | ||
AGENT_SYSTEM_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
AGENT_SYSTEM_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
AGENT_TRAFFIC_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
AGENT_TRAFFIC_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
BASIC_METADATA | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
BINARY_FILE | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
COMMAND | RESERVED_BINARY | varbinary | 1000 | √ | null | ||
COMPUTER_APPLICATION | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
ENFORCER_SYSTEM_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
ENFORCER_SYSTEM_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
ENFORCER_TRAFFIC_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
IDENTITY_MAP | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
LAN_DEVICE_DETECTED | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
LAN_DEVICE_EXCLUDED | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
LEGACY_AGENT | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
LOCAL_METADATA | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
LOG_CONFIG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
REPORTS | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SEM_APPLICATION | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SEM_CLIENT | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SEM_COMPUTER | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SEM_JOB | RESERVED_BINARY | varbinary | 1000 | √ | null | ||
SEM_SVA_CLIENT | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SEM_SVA_COMPUTER | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_ADMIN_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_ADMIN_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_CLIENT_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_CLIENT_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_ENFORCER_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_ENFORCER_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_POLICY_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_POLICY_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_SYSTEM_LOG_1 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SERVER_SYSTEM_LOG_2 | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
SYSTEM_STATE | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_AGENT_PACKET_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_AGENT_SECURITY_LOG | RESERVED_BINARY | varbinary | 1900 | √ | null | ||
V_AGENT_SYSTEM_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_DOMAINS | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_ENFORCER_CLIENT_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_GROUPS | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_LAN_DEVICE_DETECTED | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_SEM_COMPUTER | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_SERVER_ADMIN_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_SERVER_CLIENT_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_SERVER_ENFORCER_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_SERVER_POLICY_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_SERVER_SYSTEM_LOG | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
V_SERVERS | RESERVED_BINARY | varbinary | 2000 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_PACKET_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_PACKET_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_SECURITY_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_SECURITY_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_SYSTEM_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_SYSTEM_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_TRAFFIC_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_TRAFFIC_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
BASIC_METADATA | RESERVED_CHAR1 | char | 32 | √ | null | ||
BINARY_FILE | RESERVED_CHAR1 | char | 32 | √ | null | ||
COMMAND | RESERVED_CHAR1 | char | 32 | √ | null | ||
COMPUTER_APPLICATION | RESERVED_CHAR1 | char | 32 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
ENFORCER_SYSTEM_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
ENFORCER_SYSTEM_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
ENFORCER_TRAFFIC_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
IDENTITY_MAP | RESERVED_CHAR1 | char | 32 | √ | null | ||
LAN_DEVICE_DETECTED | RESERVED_CHAR1 | char | 32 | √ | null | ||
LAN_DEVICE_EXCLUDED | RESERVED_CHAR1 | char | 32 | √ | null | ||
LEGACY_AGENT | RESERVED_CHAR1 | char | 32 | √ | null | ||
LOCAL_METADATA | RESERVED_CHAR1 | char | 32 | √ | null | ||
LOG_CONFIG | RESERVED_CHAR1 | char | 32 | √ | null | ||
REPORTS | RESERVED_CHAR1 | char | 32 | √ | null | ||
SEM_AGENT | RESERVED_CHAR1 | char | 32 | √ | null | ||
SEM_APPLICATION | RESERVED_CHAR1 | char | 32 | √ | null | ||
SEM_CLIENT | RESERVED_CHAR1 | char | 32 | √ | null | ||
SEM_COMPUTER | RESERVED_CHAR1 | char | 32 | √ | null | ||
SEM_JOB | RESERVED_CHAR1 | char | 32 | √ | null | ||
SEM_SVA | RESERVED_CHAR1 | char | 32 | √ | null | ||
SEM_SVA_CLIENT | RESERVED_CHAR1 | char | 32 | √ | null | ||
SEM_SVA_COMPUTER | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_ADMIN_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_ADMIN_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_CLIENT_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_CLIENT_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_ENFORCER_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_ENFORCER_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_POLICY_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_POLICY_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_SYSTEM_LOG_1 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SERVER_SYSTEM_LOG_2 | RESERVED_CHAR1 | char | 32 | √ | null | ||
SYSTEM_STATE | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_AGENT_PACKET_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_AGENT_SECURITY_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_AGENT_SYSTEM_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_DOMAINS | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_ENFORCER_CLIENT_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_GROUPS | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_LAN_DEVICE_DETECTED | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_SEM_COMPUTER | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_SERVER_ADMIN_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_SERVER_CLIENT_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_SERVER_ENFORCER_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_SERVER_POLICY_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_SERVER_SYSTEM_LOG | RESERVED_CHAR1 | char | 32 | √ | null | ||
V_SERVERS | RESERVED_CHAR1 | char | 32 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_PACKET_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_PACKET_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_SECURITY_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_SECURITY_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_SYSTEM_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_SYSTEM_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_TRAFFIC_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_TRAFFIC_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
BASIC_METADATA | RESERVED_CHAR2 | char | 32 | √ | null | ||
BINARY_FILE | RESERVED_CHAR2 | char | 32 | √ | null | ||
COMMAND | RESERVED_CHAR2 | char | 32 | √ | null | ||
COMPUTER_APPLICATION | RESERVED_CHAR2 | char | 32 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
ENFORCER_SYSTEM_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
ENFORCER_SYSTEM_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
ENFORCER_TRAFFIC_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
IDENTITY_MAP | RESERVED_CHAR2 | char | 32 | √ | null | ||
LAN_DEVICE_DETECTED | RESERVED_CHAR2 | char | 32 | √ | null | ||
LAN_DEVICE_EXCLUDED | RESERVED_CHAR2 | char | 32 | √ | null | ||
LEGACY_AGENT | RESERVED_CHAR2 | char | 32 | √ | null | ||
LOCAL_METADATA | RESERVED_CHAR2 | char | 32 | √ | null | ||
LOG_CONFIG | RESERVED_CHAR2 | char | 32 | √ | null | ||
REPORTS | RESERVED_CHAR2 | char | 32 | √ | null | ||
SEM_AGENT | RESERVED_CHAR2 | char | 32 | √ | null | ||
SEM_APPLICATION | RESERVED_CHAR2 | char | 32 | √ | null | ||
SEM_CLIENT | RESERVED_CHAR2 | char | 32 | √ | null | ||
SEM_COMPUTER | RESERVED_CHAR2 | char | 32 | √ | null | ||
SEM_JOB | RESERVED_CHAR2 | char | 32 | √ | null | ||
SEM_SVA | RESERVED_CHAR2 | char | 32 | √ | null | ||
SEM_SVA_CLIENT | RESERVED_CHAR2 | char | 32 | √ | null | ||
SEM_SVA_COMPUTER | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_ADMIN_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_ADMIN_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_CLIENT_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_CLIENT_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_ENFORCER_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_ENFORCER_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_POLICY_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_POLICY_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_SYSTEM_LOG_1 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SERVER_SYSTEM_LOG_2 | RESERVED_CHAR2 | char | 32 | √ | null | ||
SYSTEM_STATE | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_AGENT_PACKET_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_AGENT_SECURITY_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_AGENT_SYSTEM_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_DOMAINS | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_ENFORCER_CLIENT_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_GROUPS | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_LAN_DEVICE_DETECTED | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_SEM_COMPUTER | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_SERVER_ADMIN_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_SERVER_CLIENT_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_SERVER_ENFORCER_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_SERVER_POLICY_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_SERVER_SYSTEM_LOG | RESERVED_CHAR2 | char | 32 | √ | null | ||
V_SERVERS | RESERVED_CHAR2 | char | 32 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_PACKET_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_PACKET_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_SECURITY_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_SECURITY_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_SYSTEM_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_SYSTEM_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_TRAFFIC_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_TRAFFIC_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
BASIC_METADATA | RESERVED_INT1 | int | 4 | √ | null | ||
BINARY_FILE | RESERVED_INT1 | int | 4 | √ | null | ||
COMMAND | RESERVED_INT1 | int | 4 | √ | null | ||
COMPUTER_APPLICATION | RESERVED_INT1 | int | 4 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
ENFORCER_SYSTEM_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
ENFORCER_SYSTEM_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
ENFORCER_TRAFFIC_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
IDENTITY_MAP | RESERVED_INT1 | int | 4 | √ | null | ||
LAN_DEVICE_DETECTED | RESERVED_INT1 | int | 4 | √ | null | ||
LAN_DEVICE_EXCLUDED | RESERVED_INT1 | int | 4 | √ | null | ||
LEGACY_AGENT | RESERVED_INT1 | int | 4 | √ | null | ||
LOCAL_METADATA | RESERVED_INT1 | int | 4 | √ | null | ||
LOG_CONFIG | RESERVED_INT1 | int | 4 | √ | null | ||
REPORTS | RESERVED_INT1 | int | 4 | √ | null | ||
SEM_AGENT | RESERVED_INT1 | int | 4 | √ | null | ||
SEM_APPLICATION | RESERVED_INT1 | int | 4 | √ | null | ||
SEM_CLIENT | RESERVED_INT1 | int | 4 | √ | null | ||
SEM_COMPUTER | RESERVED_INT1 | int | 4 | √ | null | ||
SEM_JOB | RESERVED_INT1 | int | 4 | √ | null | ||
SEM_SVA | RESERVED_INT1 | int | 4 | √ | null | ||
SEM_SVA_CLIENT | RESERVED_INT1 | int | 4 | √ | null | ||
SEM_SVA_COMPUTER | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_ADMIN_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_ADMIN_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_CLIENT_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_CLIENT_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_ENFORCER_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_ENFORCER_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_POLICY_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_POLICY_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_SYSTEM_LOG_1 | RESERVED_INT1 | int | 4 | √ | null | ||
SERVER_SYSTEM_LOG_2 | RESERVED_INT1 | int | 4 | √ | null | ||
SYSTEM_STATE | RESERVED_INT1 | int | 4 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_AGENT_PACKET_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_AGENT_SECURITY_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_AGENT_SYSTEM_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_DOMAINS | RESERVED_INT1 | int | 4 | √ | null | ||
V_ENFORCER_CLIENT_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_GROUPS | RESERVED_INT1 | int | 4 | √ | null | ||
V_LAN_DEVICE_DETECTED | RESERVED_INT1 | int | 4 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | RESERVED_INT1 | int | 4 | √ | null | ||
V_SEM_COMPUTER | RESERVED_INT1 | int | 4 | √ | null | ||
V_SERVER_ADMIN_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_SERVER_CLIENT_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_SERVER_ENFORCER_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_SERVER_POLICY_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_SERVER_SYSTEM_LOG | RESERVED_INT1 | int | 4 | √ | null | ||
V_SERVERS | RESERVED_INT1 | int | 4 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_PACKET_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_PACKET_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_SECURITY_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_SECURITY_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_SYSTEM_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_SYSTEM_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_TRAFFIC_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_TRAFFIC_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
BASIC_METADATA | RESERVED_INT2 | int | 4 | √ | null | ||
BINARY_FILE | RESERVED_INT2 | int | 4 | √ | null | ||
COMMAND | RESERVED_INT2 | int | 4 | √ | null | ||
COMPUTER_APPLICATION | RESERVED_INT2 | int | 4 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
ENFORCER_CLIENT_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
ENFORCER_SYSTEM_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
ENFORCER_SYSTEM_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
ENFORCER_TRAFFIC_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
IDENTITY_MAP | RESERVED_INT2 | int | 4 | √ | null | ||
LAN_DEVICE_DETECTED | RESERVED_INT2 | int | 4 | √ | null | ||
LAN_DEVICE_EXCLUDED | RESERVED_INT2 | int | 4 | √ | null | ||
LEGACY_AGENT | RESERVED_INT2 | int | 4 | √ | null | ||
LOCAL_METADATA | RESERVED_INT2 | int | 4 | √ | null | ||
LOG_CONFIG | RESERVED_INT2 | int | 4 | √ | null | ||
REPORTS | RESERVED_INT2 | int | 4 | √ | null | ||
SEM_AGENT | RESERVED_INT2 | int | 4 | √ | null | ||
SEM_APPLICATION | RESERVED_INT2 | int | 4 | √ | null | ||
SEM_CLIENT | RESERVED_INT2 | int | 4 | √ | null | ||
SEM_COMPUTER | RESERVED_INT2 | int | 4 | √ | null | ||
SEM_JOB | RESERVED_INT2 | int | 4 | √ | null | ||
SEM_SVA | RESERVED_INT2 | int | 4 | √ | null | ||
SEM_SVA_CLIENT | RESERVED_INT2 | int | 4 | √ | null | ||
SEM_SVA_COMPUTER | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_ADMIN_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_ADMIN_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_CLIENT_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_CLIENT_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_ENFORCER_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_ENFORCER_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_POLICY_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_POLICY_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_SYSTEM_LOG_1 | RESERVED_INT2 | int | 4 | √ | null | ||
SERVER_SYSTEM_LOG_2 | RESERVED_INT2 | int | 4 | √ | null | ||
SYSTEM_STATE | RESERVED_INT2 | int | 4 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_AGENT_PACKET_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_AGENT_SECURITY_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_AGENT_SYSTEM_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_DOMAINS | RESERVED_INT2 | int | 4 | √ | null | ||
V_ENFORCER_CLIENT_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_GROUPS | RESERVED_INT2 | int | 4 | √ | null | ||
V_LAN_DEVICE_DETECTED | RESERVED_INT2 | int | 4 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | RESERVED_INT2 | int | 4 | √ | null | ||
V_SEM_COMPUTER | RESERVED_INT2 | int | 4 | √ | null | ||
V_SERVER_ADMIN_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_SERVER_CLIENT_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_SERVER_ENFORCER_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_SERVER_POLICY_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_SERVER_SYSTEM_LOG | RESERVED_INT2 | int | 4 | √ | null | ||
V_SERVERS | RESERVED_INT2 | int | 4 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_BEHAVIOR_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_PACKET_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_PACKET_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_SECURITY_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_SECURITY_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_SYSTEM_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_SYSTEM_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_TRAFFIC_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
AGENT_TRAFFIC_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
BASIC_METADATA | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
BINARY_FILE | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
COMMAND | RESERVED_VARCHAR1 | varchar | 260 | √ | null | ||
COMPUTER_APPLICATION | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
ENFORCER_CLIENT_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | For PeerToPeer Enforcer log records, this field contains the host name of the client acting as the Enforcer. | |
ENFORCER_CLIENT_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | For PeerToPeer Enforcer log records, this field contains the host name of the client acting as the Enforcer. | |
ENFORCER_SYSTEM_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
ENFORCER_SYSTEM_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
ENFORCER_TRAFFIC_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
ENFORCER_TRAFFIC_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
IDENTITY_MAP | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
LAN_DEVICE_DETECTED | RESERVED_VARCHAR1 | varchar | 260 | √ | null | ||
LAN_DEVICE_EXCLUDED | RESERVED_VARCHAR1 | varchar | 260 | √ | null | ||
LEGACY_AGENT | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
LOCAL_METADATA | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
LOG_CONFIG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
REPORTS | RESERVED_VARCHAR1 | varchar | 260 | √ | null | ||
SEM_AGENT | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SEM_APPLICATION | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SEM_CLIENT | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SEM_COMPUTER | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SEM_JOB | RESERVED_VARCHAR1 | varchar | 260 | √ | null | ||
SEM_SVA | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SEM_SVA_CLIENT | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SEM_SVA_COMPUTER | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_ADMIN_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_ADMIN_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_CLIENT_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_CLIENT_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_ENFORCER_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_ENFORCER_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_POLICY_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_POLICY_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_SYSTEM_LOG_1 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SERVER_SYSTEM_LOG_2 | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
SYSTEM_STATE | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_AGENT_BEHAVIOR_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_AGENT_PACKET_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_AGENT_SECURITY_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_AGENT_SYSTEM_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_DOMAINS | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_ENFORCER_CLIENT_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_ENFORCER_SYSTEM_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_GROUPS | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_LAN_DEVICE_DETECTED | RESERVED_VARCHAR1 | varchar | 260 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | RESERVED_VARCHAR1 | varchar | 260 | √ | null | ||
V_SEM_COMPUTER | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_SERVER_ADMIN_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_SERVER_CLIENT_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_SERVER_ENFORCER_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_SERVER_POLICY_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_SERVER_SYSTEM_LOG | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
V_SERVERS | RESERVED_VARCHAR1 | nvarchar | 520 | √ | null | ||
OAUTH_CLIENT_DETAILS | RESOURCE_IDS | varchar | 200 | √ | null | ||
SEM_COMPLIANCE_CRITERIA | RESULT | varchar | 64 | ('') | One of: pass fail ignore error postponed. for remediation criteria only unknown. fallback at the server if the criteria or rule ends up without a final status |
||
SEM_COMPLIANCE_CRITERIA_2 | RESULT | varchar | 64 | ('') | |||
PATTERN | REVISION | int | 4 | ((0)) | Revision number for this content | ||
V_IPS | REVISION | int | 4 | ||||
HPP_ALERTS | RISK_LEVEL | tinyint | 1 | ((0)) | The risk level (high, med, low) for the convicted threat. 0 -- Unknown 1 or 2 -- Low 3 -- Medium 4 -- High Default is 0. |
||
THREATREPORT | RISK_LEVEL | varchar | 32 | ('') | SONAR log filter field for Risk level. One of the following: All (>= -1) Unknown (= 0) Low (>= 1) Medium (= 3) High (= 4) |
||
AGENT_BEHAVIOR_LOG_1 | RULE_ID | char | 32 | √ | null | The ID of rule triggered by the event. It is always 0 if rule ID is not specified in security rule. The field is helpful to security rule troubleshooting. If multiple rules matched, it logs the rule that has final decision on PacketProc (pass/block/drop). | |
AGENT_BEHAVIOR_LOG_2 | RULE_ID | char | 32 | √ | null | The ID of rule triggered by the event. It is always 0 if rule ID is not specified in security rule. The field is helpful to security rule troubleshooting. If multiple rules matched, it logs the rule that has finial decision on PacketProc (pass/block/drop). | |
AGENT_TRAFFIC_LOG_1 | RULE_ID | char | 32 | √ | null | The ID of rule triggered by the event. It is always 0 if rule ID is not specified in security rule. The field is helpful to security rule troubleshooting. If multiple rules matched, it logs the rule that has finial decision on PacketProc (pass/block/drop). | |
AGENT_TRAFFIC_LOG_2 | RULE_ID | char | 32 | √ | null | The ID of rule triggered by the event. It is always 0 if rule ID is not specified in security rule. The field is helpful to security rule troubleshooting. If multiple rules matched, it logs the rule that has finial decision on PacketProc (pass/block/drop). | |
V_AGENT_BEHAVIOR_LOG | RULE_ID | char | 32 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RULE_ID | char | 32 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | RULE_NAME | nvarchar | 512 | √ | null | Name of the rule that was triggered by the event. If not specified in the security rule, an empty string. Useful for troubleshooting. In theory, a rule can be recognized by the rule ID. Rule name, however, can help provide quicker recognition. | |
AGENT_BEHAVIOR_LOG_2 | RULE_NAME | nvarchar | 512 | √ | null | Name of the rule that was triggered by the event. If not specified in the security rule, an empty string. Useful for troubleshooting. In theory, a rule can be recognized by the rule ID. Rule name, however, can help provide quicker recognition. | |
AGENT_PACKET_LOG_1 | RULE_NAME | nvarchar | 512 | √ | null | Name of the rule that was triggered by the event. If not specified in the security rule, an empty string. Useful for troubleshooting. In theory, a rule can be recognized by the rule ID. Rule name, however, can help provide quicker recognition. | |
AGENT_PACKET_LOG_2 | RULE_NAME | nvarchar | 512 | √ | null | Name of the rule that was triggered by the event. If not specified in the security rule, an empty string. Useful for troubleshooting. In theory, a rule can be recognized by the rule ID. Rule name, however, can help provide quicker recognition. | |
AGENT_TRAFFIC_LOG_1 | RULE_NAME | nvarchar | 512 | √ | null | Name of the rule that was triggered by the event. If not specified in the security rule, an empty string. Useful for troubleshooting. In theory, a rule can be recognized by the rule ID. Rule name, however, can help provide quicker recognition. | |
AGENT_TRAFFIC_LOG_2 | RULE_NAME | nvarchar | 512 | √ | null | Name of the rule that was triggered by the event. If not specified in the security rule, an empty string. Useful for troubleshooting. In theory, a rule can be recognized by the rule ID. Rule name, however, can help provide quicker recognition. | |
SEM_COMPLIANCE_CRITERIA | RULE_NAME | nvarchar | 512 | ('') | Admin-provided rule name from policy | ||
SEM_COMPLIANCE_CRITERIA_2 | RULE_NAME | nvarchar | 512 | ('') | |||
V_AGENT_BEHAVIOR_LOG | RULE_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_PACKET_LOG | RULE_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_TRAFFIC_LOG | RULE_NAME | nvarchar | 512 | √ | null | ||
SEM_COMPLIANCE_CRITERIA | RULE_TYPE | varchar | 64 | ('') | hard-coded English key - one of: antivirus antispyware patch servicepack firewall custom unknown - fallback when processing log at the server and action ends up null or blank |
||
SEM_COMPLIANCE_CRITERIA_2 | RULE_TYPE | varchar | 64 | ('') | |||
HISTORYCONFIG | RUNHOURS | int | 4 | ((24)) | Repeat schedule for this report in hours, for example: 1 = Every 1 hour 24 = Every 1 day 168 = Every week 720 = Every month |
||
ALERTS | SCAN_ID | bigint | 8 | ((0)) | Pointer to scan table event that picked up this event | ||
SCANS | SCAN_ID | bigint | 8 | ((0)) | Scan ID provided by agent | ||
V_ALERTS | SCAN_ID | bigint | 8 | ||||
SCANS | SCAN_IDX | char | 32 | ||||
INVENTORYCURRENTRISK1 | SCAN_TIME | bigint | 8 | ((0)) | Last scan time | ||
SCANS | SCAN_TYPE | varchar | 64 | ('') | Type of scan: ScanNow_Quick = Active Scan ScanNow_Full = Full Scan ScanNow_Custom = Admin-defined Scan |
||
SCANREPORT | SCANFILTER_IDX | char | 32 | ||||
SCANREPORT | SCANSTARTMESSAGE | nvarchar | 510 | ('%') | Scan description | ||
SCFINVENTORY | SCFPOLICYFILE | nvarchar | 510 | ('') | |||
SCFINVENTORY | SCFVERSION | varchar | 255 | ('') | Firewall version | ||
OAUTH_CLIENT_DETAILS | SCOPE | varchar | 2000 | √ | null | ||
ALERTS | SECONDARYACTION_IDX | int | 4 | ((0)) | Pointer to table 'actualaction'; this is the secondary action requested by the policy | ||
V_ALERTS | SECONDARYACTION_IDX | int | 4 | ||||
NOTIFICATION | SECURITY_EVENT | int | 4 | ((0)) | Which buckets of security events | ||
AGENT_BEHAVIOR_LOG_1 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. | |
AGENT_BEHAVIOR_LOG_2 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. | |
AGENT_PACKET_LOG_1 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, no = 0) | |
AGENT_PACKET_LOG_2 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, no = 0) | |
AGENT_SECURITY_LOG_1 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, No = 0) | |
AGENT_SECURITY_LOG_2 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, No = 0) | |
AGENT_SYSTEM_LOG_1 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, No = 0) | |
AGENT_SYSTEM_LOG_2 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, No = 0) | |
AGENT_TRAFFIC_LOG_1 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, No = 0) | |
AGENT_TRAFFIC_LOG_2 | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. (Yes = 1, No = 0) | |
LAN_DEVICE_DETECTED | SEND_SNMP_TRAP | tinyint | 1 | √ | null | It reflects the send SNMP trap action. It is true if send is true. | |
V_AGENT_BEHAVIOR_LOG | SEND_SNMP_TRAP | tinyint | 1 | √ | null | ||
V_AGENT_PACKET_LOG | SEND_SNMP_TRAP | tinyint | 1 | √ | null | ||
V_AGENT_SECURITY_LOG | SEND_SNMP_TRAP | tinyint | 1 | √ | null | ||
V_AGENT_SYSTEM_LOG | SEND_SNMP_TRAP | tinyint | 1 | √ | null | ||
V_AGENT_TRAFFIC_LOG | SEND_SNMP_TRAP | tinyint | 1 | √ | null | ||
V_LAN_DEVICE_DETECTED | SEND_SNMP_TRAP | tinyint | 1 | √ | null | ||
HPP_ALERTS | SENSITIVITY | int | 4 | ((0)) | The engine sensitivity setting that produced the detection (0...100) | ||
SE_GLOBAL | SEQ_NUM | bigint | 8 | The latest USN on the site | |||
PATTERN | SEQUENCE | int | 4 | ((0)) | Sequence number associated with this definition | ||
SEM_CONTENT | SEQUENCE | int | 4 | ((0)) | |||
V_IPS | SEQUENCE | int | 4 | ||||
V_MR_CLEAN | SEQUENCE | int | 4 | ||||
V_SEM_CONTENT | SEQUENCE | int | 4 | ||||
V_SONAR | SEQUENCE | int | 4 | ||||
LICENSE | SERIAL_ID | char | 16 | License serial id, read from license file | |||
LICENSE | SERIAL_NUM | char | 16 | License serial number, read from license file | |||
AGENT_BEHAVIOR_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_BEHAVIOR_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_PACKET_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_PACKET_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_SECURITY_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_SECURITY_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_SYSTEM_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_SYSTEM_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_TRAFFIC_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
AGENT_TRAFFIC_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_ADMIN_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_ADMIN_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_CLIENT_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_CLIENT_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_ENFORCER_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_ENFORCER_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_POLICY_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_POLICY_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_SYSTEM_LOG_1 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
SERVER_SYSTEM_LOG_2 | SERVER_ID | char | 32 | GUID of the server to which the log belongs | |||
V_AGENT_BEHAVIOR_LOG | SERVER_ID | char | 32 | ||||
V_AGENT_PACKET_LOG | SERVER_ID | char | 32 | ||||
V_AGENT_SECURITY_LOG | SERVER_ID | char | 32 | ||||
V_AGENT_SYSTEM_LOG | SERVER_ID | char | 32 | ||||
V_AGENT_TRAFFIC_LOG | SERVER_ID | char | 32 | ||||
V_CLIENT_CHANGE_LOG | SERVER_ID | char | 32 | √ | null | ||
V_SECURITY_VIEW | SERVER_ID | char | 32 | ||||
V_SERVER_ADMIN_LOG | SERVER_ID | char | 32 | ||||
V_SERVER_CLIENT_LOG | SERVER_ID | char | 32 | ||||
V_SERVER_ENFORCER_LOG | SERVER_ID | char | 32 | ||||
V_SERVER_POLICY_LOG | SERVER_ID | char | 32 | ||||
V_SERVER_SYSTEM_LOG | SERVER_ID | char | 32 | ||||
ALERTFILTER | SERVERGROUP | nvarchar | 510 | ('') | Not used | ||
NOTIFICATION | SERVERGROUP | nvarchar | 510 | ('%') | Name of server group(s) to which this notification applies (Comma-separated list, wild-cards allowed) | ||
AGENTSTATUS | SERVERGROUP_IDX | char | 32 | ('') | Pointer to 'identity_map' table | ||
ALERTS | SERVERGROUP_IDX | char | 32 | ('') | Pointer to table 'identity_map'; this is the SEPM domain GUID | ||
SCANS | SERVERGROUP_IDX | char | 32 | ('') | Pointer to table IDENTITY_MAP (domain GUID) | ||
V_ALERTS | SERVERGROUP_IDX | char | 32 | ||||
THREATREPORT | SERVERGROUPINCLUDE | int | 4 | ('0') | Whether to include (1) or exclude (0) the domains in the list. (Always set to 1 in SAV 11.0.) | ||
AUDIT_REPORT | SERVERGROUPLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded domain names by which to filter | ||
BEHAVIOR_REPORT | SERVERGROUPLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded domain names by which to filter | ||
COMPLIANCE_REPORT | SERVERGROUPLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded domain names by which to filter | ||
FIREWALL_REPORT | SERVERGROUPLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded domain names by which to filter | ||
INVENTORYREPORT | SERVERGROUPLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of domain names by which to filter | ||
SCANREPORT | SERVERGROUPLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of server groups by which to filter | ||
SYSTEM_REPORT | SERVERGROUPLIST | nvarchar | 510 | ('') | Comma separated, wild-card domain names by which to filter | ||
THREATREPORT | SERVERGROUPLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of domains by which to filter | ||
INVENTORYREPORT | SERVICE_PACK | nvarchar | 128 | ('%') | OS service pack or % for no filter (all) | ||
SEM_COMPUTER | SERVICE_PACK | nvarchar | 128 | √ | null | Service pack | |
SEM_SVA_COMPUTER | SERVICE_PACK | nvarchar | 128 | √ | null | ||
V_SEM_COMPUTER | SERVICE_PACK | nvarchar | 128 | √ | null | ||
SEM_SVA | SERVICES | varchar | 32 | √ | null | ||
AGENT_BEHAVIOR_LOG_1 | SEVERITY | int | 4 | The seriousness of the event 0 is most serious |
|||
AGENT_BEHAVIOR_LOG_2 | SEVERITY | int | 4 | The seriousness of the event 0 is most serious |
|||
AGENT_SECURITY_LOG_1 | SEVERITY | int | 4 | It is severity defined in Security Rule. Critical = 0 - 3 Major = 4 - 7 Minor = 8 - 11 Info = 12 - 15 |
|||
AGENT_SECURITY_LOG_2 | SEVERITY | int | 4 | It is severity defined in Security Rule. Critical = 0 - 3 Major = 4 - 7 Minor = 8 - 11 Info = 12 - 15 |
|||
AGENT_SYSTEM_LOG_1 | SEVERITY | int | 4 | The type of event. Possible values are: INFO = 0, WARNING = 1, ERROR = 2, FATAL = 3 | |||
AGENT_SYSTEM_LOG_2 | SEVERITY | int | 4 | The type of event. Possible values are: INFO = 0, WARNING = 1, ERROR = 2, FATAL = 3 | |||
AGENT_TRAFFIC_LOG_1 | SEVERITY | int | 4 | Severity as defined in the Security Rule. Critical = 0 - 3 Major = 4 - 7 Minor = 8 - 11 Info = 12 - 15 |
|||
AGENT_TRAFFIC_LOG_2 | SEVERITY | int | 4 | Severity as defined in the Security Rule. Critical = 0 - 3 Major = 4 - 7 Minor = 8 - 11 Info = 12 - 15 |
|||
BEHAVIOR_REPORT | SEVERITY | int | 4 | √ | (NULL) | 1 = Critical 5 = Major 9 = Minor 13 = Information |
|
COMPLIANCE_REPORT | SEVERITY | int | 4 | √ | (NULL) | 1 = Critical (which filters on SEVERITY >= 0 AND SEVERITY <= 3) 5 = Major (which filters on SEVERITY >= 4 AND SEVERITY <= 7) 9 = Minor (which filters on SEVERITY >= 8 AND SEVERITY <= 11) 13 = Info (which filters on SEVERITY >= 12 AND SEVERITY <= 15) |
|
ENFORCER_SYSTEM_LOG_1 | SEVERITY | int | 4 | The type of event. Possible values are: 0 = INFO 1 = WARNING 2 = ERROR 3 = FATAL |
|||
ENFORCER_SYSTEM_LOG_2 | SEVERITY | int | 4 | The type of event. Possible values are: 0 = INFO 1 = WARNING 2 = ERROR 3 = FATAL |
|||
FIREWALL_REPORT | SEVERITY | int | 4 | √ | (NULL) | 1 = Critical, 5 = Major, 9 = Minor, 13 = Info | |
SERVER_ADMIN_LOG_1 | SEVERITY | int | 4 | Enum (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST) | |||
SERVER_ADMIN_LOG_2 | SEVERITY | int | 4 | Enum (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST) | |||
SERVER_SYSTEM_LOG_1 | SEVERITY | int | 4 | Enum (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST): >= 400 is Finer and above >=500 is Fine and above >=700 is Configuration and above >=800 is Informational and above >=900 is Warning and above >=1000 is Severe and above |
|||
SERVER_SYSTEM_LOG_2 | SEVERITY | int | 4 | Enum (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST): >= 400 is Finer and above >=500 is Fine and above >=700 is Configuration and above >=800 is Informational and above >=900 is Warning and above >=1000 is Severe and above |
|||
SYSTEM_REPORT | SEVERITY | int | 4 | √ | (NULL) | For Administrative, Client-Server and Server activity: 1000 = Error and above 900 = Warning and above 800 = Informational and above -1 = No filter (all) For Enforcer activity and Client activity: 0 = Informational and above 1 = Warning and above 2 = Error and above 3 = Fatal -1 = No filter (all) |
|
V_AGENT_BEHAVIOR_LOG | SEVERITY | int | 4 | ||||
V_AGENT_SECURITY_LOG | SEVERITY | int | 4 | ||||
V_AGENT_SYSTEM_LOG | SEVERITY | int | 4 | ||||
V_AGENT_TRAFFIC_LOG | SEVERITY | int | 4 | ||||
V_ENFORCER_SYSTEM_LOG | SEVERITY | int | 4 | ||||
V_SERVER_ADMIN_LOG | SEVERITY | int | 4 | ||||
V_SERVER_SYSTEM_LOG | SEVERITY | int | 4 | ||||
SEM_APPLICATION | SHA1 | char | 40 | √ | null | FileSHA1 algorithm | |
SEM_APPLICATION | SHA2 | char | 64 | √ | null | FileSHA2 algorithm | |
INVENTORYCURRENTRISK1 | SHA256 | char | 64 | Risk file SHA-256 | |||
SEM_APPLICATION | SIGNER_NAME | nvarchar | 512 | √ | null | Signer name | |
AGENT_BEHAVIOR_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_BEHAVIOR_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_PACKET_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_PACKET_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_SECURITY_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_SECURITY_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_SYSTEM_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_SYSTEM_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_TRAFFIC_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
AGENT_TRAFFIC_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
ENFORCER_CLIENT_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
ENFORCER_CLIENT_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
ENFORCER_SYSTEM_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
ENFORCER_SYSTEM_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
ENFORCER_TRAFFIC_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
ENFORCER_TRAFFIC_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
REPORTS | SITE_ID | char | 32 | GUID of the site from where the report generated | |||
SERVER_ADMIN_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_ADMIN_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_CLIENT_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_CLIENT_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_ENFORCER_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_ENFORCER_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_POLICY_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_POLICY_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_SYSTEM_LOG_1 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
SERVER_SYSTEM_LOG_2 | SITE_ID | char | 32 | GUID of the site to which the log belongs | |||
V_AGENT_BEHAVIOR_LOG | SITE_ID | char | 32 | ||||
V_AGENT_PACKET_LOG | SITE_ID | char | 32 | ||||
V_AGENT_SECURITY_LOG | SITE_ID | char | 32 | ||||
V_AGENT_SYSTEM_LOG | SITE_ID | char | 32 | ||||
V_AGENT_TRAFFIC_LOG | SITE_ID | char | 32 | ||||
V_ENFORCER_CLIENT_LOG | SITE_ID | char | 32 | ||||
V_ENFORCER_SYSTEM_LOG | SITE_ID | char | 32 | ||||
V_ENFORCER_TRAFFIC_LOG | SITE_ID | char | 32 | ||||
V_SERVER_ADMIN_LOG | SITE_ID | char | 32 | ||||
V_SERVER_CLIENT_LOG | SITE_ID | char | 32 | ||||
V_SERVER_ENFORCER_LOG | SITE_ID | char | 32 | ||||
V_SERVER_POLICY_LOG | SITE_ID | char | 32 | ||||
V_SERVER_SYSTEM_LOG | SITE_ID | char | 32 | ||||
ALERTS | SITE_IDX | char | 32 | √ | (NULL) | Pointer to table 'identity_map'; this is the SEPM site GUID | |
V_ALERTS | SITE_IDX | char | 32 | √ | null | ||
AUDIT_REPORT | SITELIST | nvarchar | 510 | ('') | Comma-separated, wild-carded site names by which to filter | ||
BEHAVIOR_REPORT | SITELIST | nvarchar | 510 | ('') | Comma-separated, wild-carded site names by which to filter | ||
COMPLIANCE_REPORT | SITELIST | nvarchar | 510 | ('') | Comma-separated, wild-carded site names by which to filter | ||
FIREWALL_REPORT | SITELIST | nvarchar | 510 | ('') | Comma-separated, wild-carded site names by which to filter | ||
INVENTORYREPORT | SITELIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of site names by which to filter | ||
SYSTEM_REPORT | SITELIST | nvarchar | 510 | ('') | Comma-separated, wild-card site names by which to filter | ||
SEM_AGENT | SNAC_LICENSE_ID | char | 32 | √ | null | SNAC license ID | |
AUDIT_REPORT | SORTDIR | varchar | 5 | ('DESC') | DESC = descending sort, ASC = ascending sort | ||
BEHAVIOR_REPORT | SORTDIR | varchar | 5 | ('DESC') | DESC = descending order, ASC = Ascending order | ||
COMMAND_REPORT | SORTDIR | varchar | 5 | ('asc') | DESC = Descending order, ASC = Ascending order | ||
COMPLIANCE_REPORT | SORTDIR | varchar | 5 | ('DESC') | DESC = Descending, ASC = Ascending | ||
FIREWALL_REPORT | SORTDIR | varchar | 5 | ('DESC') | DESC = Descending, ASC = Ascending | ||
INVENTORYREPORT | SORTDIR | varchar | 5 | ('DESC') | Ascending or descending | ||
SCANREPORT | SORTDIR | varchar | 5 | ('DESC') | Sort direction; desc = Descending, asc = Ascending | ||
SYSTEM_REPORT | SORTDIR | varchar | 5 | ('DESC') | Sort direction: Desc = Descending, Asc = Ascending | ||
THREATREPORT | SORTDIR | varchar | 5 | ('DESC') | Either 'asc' or 'desc' | ||
AUDIT_REPORT | SORTORDER | varchar | 32 | ('TIME_STAMP') | Column/Field by which to sort data | ||
BEHAVIOR_REPORT | SORTORDER | varchar | 32 | ('EVENT_TIME') | Table column to sort by | ||
COMMAND_REPORT | SORTORDER | varchar | 32 | ('COMPUTER_NAME') | Column name in table to sort by | ||
COMPLIANCE_REPORT | SORTORDER | varchar | 32 | ('EVENT_TIME') | Log column sort | ||
FIREWALL_REPORT | SORTORDER | varchar | 32 | ('EVENT_TIME') | Column in table to sort by | ||
INVENTORYREPORT | SORTORDER | varchar | 32 | ('LAST_UPDATE_TIME') | Which column to sort for Computer Status log | ||
SCANREPORT | SORTORDER | varchar | 32 | ('STARTDATETIME') | I.Computer' 'P.Parentserver' 'G.Clientgroup' 'C.Clientuser' 'S.Servergroup' 'SC.Startdatetime' 'SC.Duration' 'SC.Totalfiles' (total files scanned) 'SC.Threats' 'SC.Infected' (total files infected) |
||
SYSTEM_REPORT | SORTORDER | varchar | 32 | ('EVENT_TIME') | Column to sort on for log views | ||
THREATREPORT | SORTORDER | varchar | 32 | ('ALERTDATETIME') | Which column to use for the log view sort | ||
ALERTFILTER | SOURCE | varchar | 255 | ('') | Not used | ||
ALERTS | SOURCE | varchar | 50 | ('') | Hard-coded English string used as lookup key for scan types: "Scheduled Scan" "Manual Scan" "Real Time Scan" "Integrity Shield" "Definition downloader" "System" "Startup Scan" "DefWatch" "Manual Quarantine" "Reboot Processing" "Heuristic Scan" |
||
INVENTORYCURRENTRISK1 | SOURCE | varchar | 50 | ('') | Type of scan that detected the risk | ||
NOTIFICATION | SOURCE | varchar | 255 | ('%') | Scan for which this notification applies (hard-coded English string used as key): % = all Scheduled Scan Manual Scan Real Time Scan Heuristic Scan Console Definition downloader System Startup Scan Idle Scan Manual Quarantine |
||
THREATREPORT | SOURCE | varchar | 255 | ('') | Hard-coded English lookup key: Scheduled Scan Manual Scan Real Time Scan Heuristic Scan Console Definition downloader System Startup Scan Idle Scan Manual Quarantine |
||
V_ALERTS | SOURCE | varchar | 50 | ||||
SEM_JOB | SOURCE_ADMIN_ID | char | 32 | GUID of the administrator who issued the command | |||
ALERTS | SOURCE_COMPUTER_IP | bigint | 8 | ((0)) | This is the source of the threat. This is logged when threat tracer is enabled in the AV policy. | ||
V_ALERTS | SOURCE_COMPUTER_IP | bigint | 8 | ||||
V_ALERTS | SOURCE_COMPUTER_IP_TEXT | varchar | 123 | √ | null | ||
ALERTS | SOURCE_COMPUTER_NAME | nvarchar | 128 | ('') | This is the source of the threat. This is logged when threat tracer is enabled in the AV policy. | ||
V_ALERTS | SOURCE_COMPUTER_NAME | nvarchar | 128 | ||||
SEM_JOB | SOURCE_HOST_IP | varchar | 256 | √ | null | ||
SEM_JOB | SOURCE_SITE_ID | char | 32 | GUID of the site from where the command generated | |||
SEM_JOB | SOURCE_TYPE | tinyint | 1 | ((0)) | |||
SEM_OS_INFO | SPC_OS_NAME | nvarchar | 128 | √ | ('') | Operating system name in SPC | |
SEM_OS_INFO | SPC_OS_TYPE | nvarchar | 128 | √ | ('') | Operating system type in SPC | |
SEM_OS_INFO | SPC_OS_VERSION | nvarchar | 128 | √ | ('') | Operating system version in SPC | |
VERSION | SR_NONCE | char | 64 | √ | null | For internal usage only | |
SERVER_ADMIN_LOG_1 | STACK_TRACE | nvarchar | 4000 | √ | null | Stacktrace of exception (Only used when an exception is related to this event) | |
SERVER_ADMIN_LOG_2 | STACK_TRACE | nvarchar | 4000 | √ | null | Stacktrace of exception (Only used when an exception is related to this event) | |
SERVER_SYSTEM_LOG_1 | STACK_TRACE | nvarchar | 4000 | √ | null | Stacktrace of exception (Only used when an exception is related to this event). | |
SERVER_SYSTEM_LOG_2 | STACK_TRACE | nvarchar | 4000 | √ | null | Stacktrace of exception (Only used when an exception is related to this event). | |
V_SERVER_ADMIN_LOG | STACK_TRACE | nvarchar | 4000 | √ | null | ||
V_SERVER_SYSTEM_LOG | STACK_TRACE | nvarchar | 4000 | √ | null | ||
LICENSE | START_DATE | bigint | 8 | License start date time, read from license file | |||
ALERTFILTER | STARTDATEFROM | datetime | 16,3 | ('19700101') | Start date | ||
AUDIT_REPORT | STARTDATEFROM | datetime | 16,3 | ('19700101') | Start time for filter | ||
BEHAVIOR_REPORT | STARTDATEFROM | datetime | 16,3 | ('19700101') | Filter start date | ||
COMMAND_REPORT | STARTDATEFROM | datetime | 16,3 | ('19700101') | Start time | ||
COMPLIANCE_REPORT | STARTDATEFROM | datetime | 16,3 | ('19700101') | Start date | ||
FIREWALL_REPORT | STARTDATEFROM | datetime | 16,3 | ('19700101') | Start date | ||
SYSTEM_REPORT | STARTDATEFROM | datetime | 16,3 | ('19700101') | Time filter start date | ||
THREATREPORT | STARTDATEFROM | datetime | 16,3 | ('19700101') | Starting date | ||
SCANS | STARTDATETIME | datetime | 16,3 | ('19700101') | Start time for scan | ||
ALERTFILTER | STARTDATETO | datetime | 16,3 | ('19700101') | End date | ||
AUDIT_REPORT | STARTDATETO | datetime | 16,3 | ('19700101') | End time for filter | ||
BEHAVIOR_REPORT | STARTDATETO | datetime | 16,3 | ('19700101') | Filter end date | ||
COMMAND_REPORT | STARTDATETO | datetime | 16,3 | ('19700101') | End time | ||
COMPLIANCE_REPORT | STARTDATETO | datetime | 16,3 | ('19700101') | End date | ||
FIREWALL_REPORT | STARTDATETO | datetime | 16,3 | ('19700101') | End date | ||
SYSTEM_REPORT | STARTDATETO | datetime | 16,3 | ('19700101') | Time filter end date | ||
THREATREPORT | STARTDATETO | datetime | 16,3 | ('19700101') | Ending date | ||
HISTORYCONFIG | STARTTIME | datetime | 16,3 | ('19700101') | When to start generating the report. This establishes its scheduled time within the repeat schedule. | ||
SCANREPORT | STARTTIMEFROM | datetime | 16,3 | ('19700101') | Start date | ||
SCANREPORT | STARTTIMETO | datetime | 16,3 | ('19700101') | End date | ||
HISTORY | STAT_TYPE | varchar | 64 | ('') | What kind of data; hard-coded English key **See Snapshot data format worksheet for details ** | ||
DATA_HANDLER | STATE_HANDLER | varchar | 255 | ('') | Classes that handle state files: SEP = com.sygate.scm.server.statereader.sep.StateHandler AvMan = com.sygate.scm.server.statereader.av.StateHandler LuMan = com.sygate.scm.server.statereader.lu.StateHandler |
||
COMMAND | STATE_ID | int | 4 | ((0)) | Command status: a numeric value corresponding to one of 0 = INITIAL 1 = RECEIVED 2 = IN_PROGRESS 3 = COMPLETED 4 = REJECTED 5 = CANCELLED 6 = ERROR When first created, command status = INITIAL. It indicates that the endpoint has not received it yet. |
||
COMMAND_REPORT | STATE_ID | int | 4 | √ | (NULL) | Command status 0 = Not received 1 = Received 2 = In progress 3 = Completed 4 = Rejected 5 = Canceled 6 = Error |
|
HISTORY | STATISTIC | nvarchar | 512 | ('') | Summary statistic **See Snapshot data format worksheet for details ** | ||
ALERTS | STATUS | varchar | 6 | √ | (NULL) | ||
ANOMALYDETECTIONS | STATUS | int | 4 | Scan detection status. |
|||
ANOMALYREMEDIATIONS | STATUS | int | 4 | 1 = successful remediation, 0 = failed remediation, no default. | |||
CONNECTION_TEST | STATUS | char | 1 | √ | null | Not specified | |
INVENTORYREPORT | STATUS | tinyint | 1 | √ | ((127)) | 1 = online, 0 = offline,127 = No filter (all) | |
PROCESS_STATE | STATUS | int | 4 | Virus definition PROCESS_STATE_NA = -1 PROCESS_STATE_UNLOCKED = 0 PROCESS_STATE_LOCKED = 1 |
|||
SCANREPORT | STATUS | varchar | 32 | ('%') | Scan status as hard-coded English key: Completed, Cancelled, Started, % means no filter (all) | ||
SCANS | STATUS | varchar | 20 | ('started') | Scan status as hard-coded English key: completed = Completed cancelled = Canceled started = Started |
||
SEM_AGENT | STATUS | tinyint | 1 | √ | null | Online status of the agent (0 = offline, 1 = online) | |
SEM_SVA | STATUS | tinyint | 1 | √ | null | ||
V_ALERTS | STATUS | varchar | 6 | √ | null | ||
V_VIRUS | STEALTH | int | 4 | ||||
VIRUS | STEALTH | int | 4 | ((-1)) | Assesses how easy it is to determine if a security risk is present on a computer. 0 = No rating, 1,2 = Low, 3 = Medium, 4> = High, -1 means not applicable. This rating is only applicable to non-viral threats. | ||
SCANS | STOPDATETIME | datetime | 16,3 | ('19700101') | Stop time for scan | ||
AGENT_SECURITY_LOG_1 | STR_CIDS_SIGN_ID | nvarchar | 520 | ('') | Signature Name | ||
AGENT_SECURITY_LOG_2 | STR_CIDS_SIGN_ID | nvarchar | 520 | ('') | Signature Name | ||
V_AGENT_SECURITY_LOG | STR_CIDS_SIGN_ID | nvarchar | 520 | ||||
COMMAND | SUB_STATE_DESC | nvarchar | 520 | √ | null | Command-specific extra information like number of files scanned or error message. | |
COMMAND | SUB_STATE_ID | int | 4 | √ | null | Command-specific status: -1 = Unknown 0 = Success 1 = Client did not execute the command 2 = Client did not report any status 3 = Command was a duplicate and not executed 4 = Spooled command could not restart 5 = Restart command not allowed from the console 6 = Unexpected error 100 = Success 101 = Security risk found 102 = Scan was suspended 103 = Scan was aborted 105 = Scan did not return status 106 = Scan failed to start 110 = Auto-Protect could not be turned on 120 = LiveUpdate download is in progress 121 = LiveUpdate download failed 131 = Quarantine delete failed 132 = Quarantine delete partial success |
|
COMMAND_REPORT | SUB_STATE_ID | int | 4 | √ | (NULL) | Status Details -1 = Unknown 0 = Success 1 = Client did not execute the command 2 = Client did not report any status 3 = Command was a duplicate and not executed 4 = Spooled command could not restart 5 = Restart command not allowed from the console 6 = Unexpected error 101 = Security risk found 102 = Scan was suspended 103 = Scan was aborted 105 = Scan did not return status 106 = Scan failed to start 110 = Auto-Protect could not be turned on 120 = LiveUpdate download is in progress 121 = LiveUpdate download failed 131 = Quarantine delete failed 132 = Quarantine delete partial success |
|
NOTIFICATIONALERTS | SUBJECT | nvarchar | 510 | ('') | Subject of alert | ||
LAN_DEVICE_EXCLUDED | SUBNET_MASK | bigint | 8 | √ | null | Subnet mask of the device | |
V_LAN_DEVICE_EXCLUDED | SUBNET_MASK | bigint | 8 | √ | null | ||
SEM_COMPUTER | SUBNET_MASK1 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | SUBNET_MASK1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | SUBNET_MASK1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | SUBNET_MASK1_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | SUBNET_MASK2 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | SUBNET_MASK2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | SUBNET_MASK2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | SUBNET_MASK2_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | SUBNET_MASK3 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | SUBNET_MASK3 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | SUBNET_MASK3 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | SUBNET_MASK3_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | SUBNET_MASK4 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | SUBNET_MASK4 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | SUBNET_MASK4 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | SUBNET_MASK4_TEXT | varchar | 123 | √ | null | ||
V_LAN_DEVICE_EXCLUDED | SUBNET_MASK_TEXT | varchar | 123 | √ | null | ||
SEM_AGENT | SVA_ID | char | 32 | √ | null | ||
SEM_SVA | SVA_ID | char | 32 | ||||
SEM_SVA | SVA_VERSION | nvarchar | 128 | √ | null | ||
LOG_CONFIG | SWITCH_TIME | bigint | 8 | √ | null | Last log switch time | |
NOTIFICATION | SYSTEM_EVENT | int | 4 | ((0)) | Which buckets of system events | ||
SYSTEM_REPORT | SYSTEM_TYPE | tinyint | 1 | ((0)) | 1 = Administrative 2 = Client server activity 3 = Server activity 4 = Client activity 5 = Enforcer Activity |
||
SYSTEM_REPORT | SYSTEMFILTER_IDX | char | 32 | ||||
LOG_CONFIG | TABLE_LIST | varchar | 250 | The name of the tables to switch logs | |||
INVENTORYREPORT | TAMPER_ONOFF | tinyint | 1 | √ | ((127)) | Tamper Protection status: 0 = filter for off, 127 = No filter (all) |
|
SEM_AGENT | TAMPER_ONOFF | tinyint | 1 | ((127)) | Tamper Protection status: 1 = on 2 = Not installed 0 = off 127 = Not reporting status |
||
HISTORY | TARGET | nvarchar | 512 | ('') | Data **See Snapshot data format worksheet for details ** | ||
SEM_COMPLIANCE_CRITERIA | TARGET | nvarchar | 512 | ('') | The target of the criteria, for example, the AV product name, the firewall product name, the file name, the registry key, the registry value, the patch version, the OS version, the process name, or the service name. | ||
SEM_COMPLIANCE_CRITERIA_2 | TARGET | nvarchar | 512 | ('') | |||
DATA_HANDLER | TECH_ID | varchar | 255 | ('') | Technology extension: possible values are AvMan, LuMan, legacy, SEP | ||
AGENT_BEHAVIOR_LOG_1 | TEST_MODE | int | 4 | √ | null | Was this rule run in test mode? 0 = No, Else = Yes |
|
AGENT_BEHAVIOR_LOG_2 | TEST_MODE | int | 4 | √ | null | Was this rule run in test mode? 0 = No, Else = Yes |
|
BEHAVIOR_REPORT | TEST_MODE | tinyint | 1 | √ | (NULL) | 1 = Yes, 0 = No | |
V_AGENT_BEHAVIOR_LOG | TEST_MODE | int | 4 | √ | null | ||
ALERTFILTER | THREATCATEGORY | varchar | 255 | ('') | Not used | ||
THREATREPORT | THREATCATEGORY | varchar | 255 | ('') | = -1 (Unknown) >= 1 (Very low risk) >= 2 (Low risk) >= 3 (Moderate risk) >= 4 (Severe risk) >= 5 (Very severe risk) |
||
THREATREPORT | THREATFILTER_IDX | char | 32 | ||||
THREATREPORT | THREATINCLUDE | int | 4 | ('0') | Whether to include (1) or exclude (0) the risks in the list. (Always set to 1 in SAV 11.0.) | ||
THREATREPORT | THREATLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of risks by which to filter | ||
ALERTFILTER | THREATNAME | nvarchar | 510 | ('') | Not used | ||
SCANREPORT | THREATS | int | 4 | ('0') | Number of risks the scan found | ||
SCANS | THREATS | bigint | 8 | ((0)) | Number of threats that the scan found | ||
THREATREPORT | THREATTYPEINCLUDE | int | 4 | ('0') | Whether to include (1) or exclude (0) the risk types in the list (Always set to 1 in SAV 11.0.) | ||
THREATREPORT | THREATTYPELIST | varchar | 255 | ('%') | Possibilities here are in the VIRUSCATEGORY table--no longer a list but a single item. | ||
LOG_CONFIG | THRESHOLD | int | 4 | ((10000)) | Threshold of the log count | ||
AGENT_BEHAVIOR_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_BEHAVIOR_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_PACKET_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_PACKET_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_SECURITY_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_SECURITY_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_SYSTEM_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_SYSTEM_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_TRAFFIC_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
AGENT_TRAFFIC_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
ALERTFILTER | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
ALERTS | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system or updated in the system (GMT), which is server side time | ||
ANOMALYDETECTION | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
ANOMALYDETECTIONS | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
ANOMALYREMEDIATION | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
ANOMALYREMEDIATIONS | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
AUDIT_REPORT | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
BASIC_METADATA | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict. | |||
BEHAVIOR_REPORT | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
BINARY_FILE | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
COMMAND | TIME_STAMP | bigint | 8 | The time when the command is added into system (GMT), which is server side time | |||
COMMAND_REPORT | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
COMPLIANCE_REPORT | TIME_STAMP | bigint | 8 | ((0)) | Time that the record was modified | ||
COMPUTER_APPLICATION | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
ENFORCER_CLIENT_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
ENFORCER_CLIENT_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
ENFORCER_SYSTEM_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
ENFORCER_SYSTEM_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
ENFORCER_TRAFFIC_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
ENFORCER_TRAFFIC_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
FIREWALL_REPORT | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
GROUP_LAN_SENSOR | TIME_STAMP | bigint | 8 | ||||
GUIPARMS | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
GUP_LIST | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
HISTORYCONFIG | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
HOMEPAGECONFIG | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
HPP_ALERTS | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
HPP_APPLICATION | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
INVENTORYCURRENTRISK1 | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
INVENTORYREPORT | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
LAN_DEVICE_DETECTED | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
LAN_DEVICE_EXCLUDED | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
LEGACY_AGENT | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
LICENSE | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
LICENSE_CHAIN | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
NOTIFICATION | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
NOTIFICATIONALERTS | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
NOTIFICATIONHISTORY | TIME_STAMP | bigint | 8 | ((0)) | |||
PATTERN | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
PROCESS_STATE | TIME_STAMP | bigint | 8 | The time when the data is inserted/updated into system (GMT), which is server side time | |||
REPORTS | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
SCANREPORT | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
SCANS | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
SCFINVENTORY | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
SEM_AGENT | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
SEM_APPLICATION | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
SEM_CLIENT | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
SEM_COMPLIANCE_CRITERIA | TIME_STAMP | bigint | 8 | ((0)) | Time that the record was modified; used to resolve merge conflict | ||
SEM_COMPLIANCE_CRITERIA_2 | TIME_STAMP | bigint | 8 | ((0)) | |||
SEM_COMPUTER | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
SEM_CONTENT | TIME_STAMP | bigint | 8 | ((0)) | Time that the record was modified; used to resolve merge conflict | ||
SEM_JOB | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SEM_OS_INFO | TIME_STAMP | bigint | 8 | ((0)) | Time that the record was modified; used to resolve merge conflict | ||
SEM_SVA | TIME_STAMP | bigint | 8 | ||||
SEM_SVA_CLIENT | TIME_STAMP | bigint | 8 | ||||
SEM_SVA_COMPUTER | TIME_STAMP | bigint | 8 | ||||
SERVER_ADMIN_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_ADMIN_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_CLIENT_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_CLIENT_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_ENFORCER_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_ENFORCER_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_POLICY_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_POLICY_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_SYSTEM_LOG_1 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SERVER_SYSTEM_LOG_2 | TIME_STAMP | bigint | 8 | The time when the event is logged into system (GMT), which is server side time | |||
SYSTEM_REPORT | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
SYSTEM_STATE | TIME_STAMP | bigint | 8 | Time that the record was modified; used to resolve merge conflict | |||
THREATREPORT | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
V_AGENT_BEHAVIOR_LOG | TIME_STAMP | bigint | 8 | ||||
V_AGENT_PACKET_LOG | TIME_STAMP | bigint | 8 | ||||
V_AGENT_SECURITY_LOG | TIME_STAMP | bigint | 8 | ||||
V_AGENT_SYSTEM_LOG | TIME_STAMP | bigint | 8 | ||||
V_AGENT_TRAFFIC_LOG | TIME_STAMP | bigint | 8 | ||||
V_ALERTS | TIME_STAMP | bigint | 8 | ||||
V_CLIENT_CHANGE_LOG | TIME_STAMP | bigint | 8 | √ | null | ||
V_ENFORCER_CLIENT_LOG | TIME_STAMP | bigint | 8 | ||||
V_ENFORCER_SYSTEM_LOG | TIME_STAMP | bigint | 8 | ||||
V_ENFORCER_TRAFFIC_LOG | TIME_STAMP | bigint | 8 | ||||
V_LAN_DEVICE_DETECTED | TIME_STAMP | bigint | 8 | ||||
V_LAN_DEVICE_EXCLUDED | TIME_STAMP | bigint | 8 | ||||
V_SECURITY_VIEW | TIME_STAMP | bigint | 8 | ||||
V_SEM_COMPUTER | TIME_STAMP | bigint | 8 | ||||
V_SEM_CONTENT | TIME_STAMP | bigint | 8 | ||||
V_SERVER_ADMIN_LOG | TIME_STAMP | bigint | 8 | ||||
V_SERVER_CLIENT_LOG | TIME_STAMP | bigint | 8 | ||||
V_SERVER_ENFORCER_LOG | TIME_STAMP | bigint | 8 | ||||
V_SERVER_POLICY_LOG | TIME_STAMP | bigint | 8 | ||||
V_SERVER_SYSTEM_LOG | TIME_STAMP | bigint | 8 | ||||
V_VIRUS | TIME_STAMP | bigint | 8 | ||||
VIRUS | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
VIRUSCATEGORY | TIME_STAMP | bigint | 8 | ((0)) | The time when the event is logged into system (GMT), which is server side time | ||
THREATREPORT | TIMEBASE | varchar | 32 | ('') | Deprecated | ||
SEM_AGENT | TIMEZONE | int | 4 | ((0)) | Time zone offset of the client computer | ||
SEM_SVA | TIMEZONE | int | 4 | ((0)) | |||
OAUTH_ACCESS_TOKEN | TOKEN | varbinary | 1000 | √ | null | ||
OAUTH_REFRESH_TOKEN | TOKEN | varbinary | 1000 | √ | null | ||
OAUTH_ACCESS_TOKEN | TOKEN_ID | varchar | 80 | ||||
OAUTH_REFRESH_TOKEN | TOKEN_ID | varchar | 80 | ||||
V_VIRUS | TOP_THREAT | tinyint | 1 | ||||
VIRUS | TOP_THREAT | tinyint | 1 | ((0)) | 0 = Not a top threat, 1 = top threat | ||
ENFORCER_TRAFFIC_LOG_1 | TOTAL_BYTES | int | 4 | The total length of all packets in the traffic | |||
ENFORCER_TRAFFIC_LOG_2 | TOTAL_BYTES | int | 4 | The total length of all packets in the traffic | |||
V_ENFORCER_TRAFFIC_LOG | TOTAL_BYTES | int | 4 | ||||
SCANS | TOTALFILES | bigint | 8 | ((0)) | Number of files scanned | ||
INVENTORYREPORT | TPM_DEVICE | tinyint | 1 | √ | ((127)) | TPM device installed: 1 = filters on device is installed, 127 = No filter (all) |
|
SEM_COMPUTER | TPM_DEVICE | int | 4 | √ | null | TPM device id | |
SEM_SVA_COMPUTER | TPM_DEVICE | int | 4 | √ | null | ||
V_SEM_COMPUTER | TPM_DEVICE | int | 4 | √ | null | ||
AGENT_PACKET_LOG_1 | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | The direction of traffic. Enum (unknown = 0; inbound = 1; outbound = 2) | |
AGENT_PACKET_LOG_2 | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | The direction of traffic. Enum (unknown = 0; inbound = 1; outbound = 2) | |
AGENT_SECURITY_LOG_1 | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | The direction of traffic. Enum ( unknown = 0; inbound = 1; outbound = 2) | |
AGENT_SECURITY_LOG_2 | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | The direction of traffic. Enum ( unknown = 0; inbound = 1; outbound = 2) | |
AGENT_TRAFFIC_LOG_1 | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | The direction of traffic. Enum ( unknown = 0; inbound = 1; outbound = 2) | |
AGENT_TRAFFIC_LOG_2 | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | The direction of traffic. Enum ( unknown = 0; inbound = 1; outbound = 2) | |
COMPLIANCE_REPORT | TRAFFIC_DIRECTION | tinyint | 1 | √ | (NULL) | 1 = Inbound, 2 = Outbound, 0 = Unknown | |
ENFORCER_TRAFFIC_LOG_1 | TRAFFIC_DIRECTION | tinyint | 1 | The direction of traffic. Enum (unknown = 0; inbound = 1; outbound = 2) | |||
ENFORCER_TRAFFIC_LOG_2 | TRAFFIC_DIRECTION | tinyint | 1 | The direction of traffic. Enum (unknown = 0; inbound = 1; outbound = 2) | |||
V_AGENT_PACKET_LOG | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | ||
V_AGENT_SECURITY_LOG | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | ||
V_AGENT_TRAFFIC_LOG | TRAFFIC_DIRECTION | tinyint | 1 | √ | null | ||
V_ENFORCER_TRAFFIC_LOG | TRAFFIC_DIRECTION | tinyint | 1 | ||||
VIRUSCATEGORY | TRANSLATION | nvarchar | 510 | ('') | Translated name | ||
THREATREPORT | TREATCOMPRESSED | varchar | 32 | ('') | Deprecated | ||
NOTIFICATION | TRIGGERED | bigint | 8 | ((0)) | Time when alert was last triggered | ||
BASIC_METADATA | TYPE | varchar | 256 | Type name of the schema object | |||
BINARY_FILE | TYPE | varchar | 256 | √ | null | Type name of the schema object | |
IDENTITY_MAP | TYPE | varchar | 256 | √ | null | Object Type Name | |
LICENSE | TYPE | char | 1 | License type | |||
LOCAL_METADATA | TYPE | varchar | 256 | √ | null | Type of local_metadata. Only support SemLocalSettings at this moment. |
|
NOTIFICATION | TYPE | varchar | 30 | ('') | VO = Risk outbreak SO = Outbreak on single computers VM = Outbreak by number of computers 1V = Single risk event NV = New risk detected ID = Virus definitions out-of-date AF = Authentication failure AFS = Authentication failure on single server SE = System event CS = Client security alert CSS = Client security alert on single computers CSM = Client security alert by number of computers LA = New learned application CL = Client list changed DF = Server health UM = Unmanaged computers NS = New software package ED = Enforcer is down WL = Forced or Commercial application detected DD = Database down LE = Paid license expiring TLE = Trial license expiring ODC = SEPM is overdeployed with the current license OLE = Upgrade license expiring SVA = Security virtual appliance offline |
||
PROCESS_STATE | TYPE | varchar | 256 | "PROCESS_STATE" is set for processes synchronization. | |||
REPORTS | TYPE | varchar | 256 | Type of report | |||
SYSTEM_STATE | TYPE | varchar | 256 | Type name of the schema object | |||
V_DOMAINS | TYPE | varchar | 256 | √ | null | ||
V_GROUPS | TYPE | varchar | 256 | √ | null | ||
V_SERVERS | TYPE | varchar | 256 | √ | null | ||
V_VIRUS | TYPE | int | 4 | √ | null | ||
VIRUS | TYPE | int | 4 | √ | (NULL) | Threat type: 0 = Viral 1 = Non-Viral malicious 2 = Malicious 3 = Antivirus - Heuristic 4 = Security risk 5 = Hack tool 6 = Spyware 7 = Trackware 8 = Dialer 9 = Remote access 10 = Adware 11 = Jokeware 12 = Client compliancy 13 = Generic load point 14 = Proactive Threat Scan - Heuristic 15 = Cookie |
|
V_VIRUS | TYPE2 | int | 4 | √ | null | ||
VIRUS | TYPE2 | int | 4 | √ | (NULL) | Threat location: 0 = Boot virus 1 = File virus 2 = Mutation virus 3 = Macro virus 4 = File virus 5 = File virus 6 = Memory virus 7 = Memory OS virus 8 = Memory mcb virus 9 = Memory highest virus 11 = Virus behavior 12 = Virus behavior 13 = Compressed file 14 = Heuristic |
|
HISTORYCONFIG | TZ_NAME | varchar | 255 | ('') | Time zone when admin created the notification so that e-mailed reports can display dates in admin's local time zone. | ||
NOTIFICATION | TZ_NAME | varchar | 255 | ('') | Time zone when admin created the notification so that e-mailed reports can display dates in admin's local time zone. | ||
HISTORYCONFIG | TZ_OFFSET | int | 4 | ((0)) | Time zone offset from when the admin created the scheduled report so that data can be formatted to the administrator's local time | ||
NOTIFICATION | TZ_OFFSET | int | 4 | ((0)) | Time zone when admin created the notification so that e-mailed reports can display dates in admin's local time zone. | ||
ENFORCER_CLIENT_LOG_1 | UID_STATUS | char | 32 | √ | null | Indicates UID status whether Authenticated, Failed etc | |
ENFORCER_CLIENT_LOG_2 | UID_STATUS | char | 32 | √ | null | Indicates UID status whether Authenticated, Failed etc | |
V_ENFORCER_CLIENT_LOG | UID_STATUS | char | 32 | √ | null | ||
PROCESS_STATE | UPDATE_OWNER | varchar | 255 | √ | null | Server ID + process name | |
HPP_ALERTS | URL | nvarchar | 512 | ('') | The URL determined from where the image was downloaded from. Default is "". This field belongs to creator for dropper application The creator process of the dropper threat. Default is "". |
||
SEM_CLIENT | USER_DOMAIN_NAME | nvarchar | 512 | √ | null | User login domain name | |
V_CLIENT_CHANGE_LOG | USER_DOMAIN_NAME | nvarchar | 512 | √ | null | ||
ADMIN_GROUP_REFRESH_INFO | USER_ID | char | 32 | ||||
ADMIN_GROUPS | USER_ID | char | 32 | ||||
ADMINUSER | USER_ID | char | 32 | ||||
ALERTFILTER | USER_ID | char | 32 | ('') | User ID | ||
AUDIT_REPORT | USER_ID | char | 32 | ('') | |||
BEHAVIOR_REPORT | USER_ID | char | 32 | ('') | |||
COMMAND_REPORT | USER_ID | char | 32 | ('') | |||
COMPLIANCE_REPORT | USER_ID | char | 32 | ('') | |||
FIREWALL_REPORT | USER_ID | char | 32 | ('') | GUID of the user who created this filter | ||
HISTORYCONFIG | USER_ID | char | 32 | ('') | GUID of user who created this scheduled report | ||
INVENTORYREPORT | USER_ID | char | 32 | ('') | |||
NOTIFICATION | USER_ID | char | 32 | ('') | Admin GUID | ||
OAUTH_ACCESS_TOKEN | USER_ID | varchar | 80 | √ | null | ||
OAUTH_REFRESH_TOKEN | USER_ID | varchar | 80 | √ | null | ||
SCANREPORT | USER_ID | char | 32 | ('') | |||
SYSTEM_REPORT | USER_ID | char | 32 | ('') | |||
THREATREPORT | USER_ID | char | 32 | ('') | |||
ADMINUSER | USER_NAME | nvarchar | 510 | ('') | User name of the admin | ||
AGENT_BEHAVIOR_LOG_1 | USER_NAME | nvarchar | 512 | √ | null | Login user name | |
AGENT_BEHAVIOR_LOG_2 | USER_NAME | nvarchar | 512 | √ | null | Login user name | |
AGENT_SECURITY_LOG_1 | USER_NAME | nvarchar | 512 | √ | null | Login user name | |
AGENT_SECURITY_LOG_2 | USER_NAME | nvarchar | 512 | √ | null | Login user name | |
AGENT_TRAFFIC_LOG_1 | USER_NAME | nvarchar | 512 | √ | null | Login user name | |
AGENT_TRAFFIC_LOG_2 | USER_NAME | nvarchar | 512 | √ | null | Login user name | |
ALERTS | USER_NAME | nvarchar | 128 | ('') | User logged into machine when event took place | ||
HOMEPAGECONFIG | USER_NAME | char | 32 | ('') | Admin GUID | ||
SEM_CLIENT | USER_NAME | nvarchar | 512 | √ | null | User login name | |
SERVER_CLIENT_LOG_1 | USER_NAME | nvarchar | 512 | √ | null | Login user name of the client | |
SERVER_CLIENT_LOG_2 | USER_NAME | nvarchar | 512 | √ | null | Login user name of the client | |
V_AGENT_BEHAVIOR_LOG | USER_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_SECURITY_LOG | USER_NAME | nvarchar | 512 | √ | null | ||
V_AGENT_TRAFFIC_LOG | USER_NAME | nvarchar | 512 | √ | null | ||
V_ALERTS | USER_NAME | nvarchar | 128 | ||||
V_CLIENT_CHANGE_LOG | USER_NAME | nvarchar | 512 | √ | null | ||
V_SERVER_CLIENT_LOG | USER_NAME | nvarchar | 512 | √ | null | ||
ALERTFILTER | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
AUDIT_REPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
BEHAVIOR_REPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
COMMAND_REPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
COMPLIANCE_REPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
FIREWALL_REPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
INVENTORYREPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
SCANREPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
SYSTEM_REPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
THREATREPORT | USERELATIVE | char | 2 | ('on') | Use relative dates ('on') or absolute dates | ||
AUDIT_REPORT | USERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded user names by which to filter | ||
BEHAVIOR_REPORT | USERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded user names by which to filter | ||
COMPLIANCE_REPORT | USERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded user names by which to filter | ||
FIREWALL_REPORT | USERLIST | nvarchar | 510 | ('') | Comma-separated, wild-carded user names by which to filter | ||
INVENTORYREPORT | USERLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of user names by which to filter | ||
SCANREPORT | USERLIST | nvarchar | 510 | ('%') | Comma-separated, wild-carded list of users by which to filter | ||
SYSTEM_REPORT | USERLIST | nvarchar | 510 | ('') | Comma-separated, wild-card user names by which to filter | ||
AGENT_BEHAVIOR_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_BEHAVIOR_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_PACKET_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_PACKET_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_SECURITY_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_SECURITY_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_SYSTEM_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_SYSTEM_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_TRAFFIC_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
AGENT_TRAFFIC_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
ALERTFILTER | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
ALERTS | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
ANOMALYDETECTION | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
ANOMALYDETECTIONS | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
ANOMALYREMEDIATION | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
ANOMALYREMEDIATIONS | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique | ||
AUDIT_REPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
BASIC_METADATA | USN | bigint | 8 | Update serial number; used by replication | |||
BEHAVIOR_REPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
BINARY_FILE | USN | bigint | 8 | Update serial number; used by replication | |||
COMMAND | USN | bigint | 8 | Update serial number; used by replication | |||
COMMAND_REPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
COMPLIANCE_REPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
COMPUTER_APPLICATION | USN | bigint | 8 | Update serial number; used by replication | |||
ENFORCER_CLIENT_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
ENFORCER_CLIENT_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
ENFORCER_SYSTEM_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
ENFORCER_SYSTEM_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
ENFORCER_TRAFFIC_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
ENFORCER_TRAFFIC_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
FIREWALL_REPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
GROUP_LAN_SENSOR | USN | bigint | 8 | ||||
GUIPARMS | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
GUP_LIST | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
HISTORYCONFIG | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
HOMEPAGECONFIG | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
HPP_ALERTS | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
HPP_APPLICATION | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
INVENTORYCURRENTRISK1 | USN | bigint | 8 | ((1)) | Update serial number; used to detect data change. | ||
INVENTORYREPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
LAN_DEVICE_DETECTED | USN | bigint | 8 | Update serial number; used by replication | |||
LAN_DEVICE_EXCLUDED | USN | bigint | 8 | Update serial number; used by replication | |||
LEGACY_AGENT | USN | bigint | 8 | Update serial number; used by replication | |||
LICENSE | USN | bigint | 8 | Update serial number; used to detect data change | |||
LICENSE_CHAIN | USN | bigint | 8 | Update serial number; used to detect data change | |||
NOTIFICATION | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
NOTIFICATIONALERTS | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
NOTIFICATIONHISTORY | USN | bigint | 8 | ((1)) | |||
PATTERN | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
REPORTS | USN | bigint | 8 | Update serial number; used by replication | |||
SCANREPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
SCANS | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
SCFINVENTORY | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
SEM_AGENT | USN | bigint | 8 | Update serial number; used by replication | |||
SEM_APPLICATION | USN | bigint | 8 | Update serial number; used by replication | |||
SEM_CLIENT | USN | bigint | 8 | Update serial number; used by replication | |||
SEM_COMPLIANCE_CRITERIA | USN | bigint | 8 | ((1)) | Update serial number; used by replication | ||
SEM_COMPLIANCE_CRITERIA_2 | USN | bigint | 8 | ((1)) | |||
SEM_COMPUTER | USN | bigint | 8 | Update serial number; used by replication | |||
SEM_CONTENT | USN | bigint | 8 | ((1)) | Update serial number; used by replication | ||
SEM_JOB | USN | bigint | 8 | Update serial number; used by replication | |||
SEM_OS_INFO | USN | bigint | 8 | ((1)) | Update serial number; used by replication | ||
SEM_SVA | USN | bigint | 8 | ||||
SEM_SVA_CLIENT | USN | bigint | 8 | ||||
SEM_SVA_COMPUTER | USN | bigint | 8 | ||||
SERVER_ADMIN_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_ADMIN_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_CLIENT_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_CLIENT_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_ENFORCER_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_ENFORCER_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_POLICY_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_POLICY_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_SYSTEM_LOG_1 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SERVER_SYSTEM_LOG_2 | USN | bigint | 8 | A USN-based serial number; this ID is not unique. | |||
SYSTEM_REPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
SYSTEM_STATE | USN | bigint | 8 | Update serial number; used by replication | |||
THREATREPORT | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
V_AGENT_BEHAVIOR_LOG | USN | bigint | 8 | ||||
V_AGENT_PACKET_LOG | USN | bigint | 8 | ||||
V_AGENT_SECURITY_LOG | USN | bigint | 8 | ||||
V_AGENT_SYSTEM_LOG | USN | bigint | 8 | ||||
V_AGENT_TRAFFIC_LOG | USN | bigint | 8 | ||||
V_ALERTS | USN | bigint | 8 | ||||
V_ENFORCER_CLIENT_LOG | USN | bigint | 8 | ||||
V_ENFORCER_SYSTEM_LOG | USN | bigint | 8 | ||||
V_ENFORCER_TRAFFIC_LOG | USN | bigint | 8 | ||||
V_LAN_DEVICE_DETECTED | USN | bigint | 8 | ||||
V_LAN_DEVICE_EXCLUDED | USN | bigint | 8 | ||||
V_SEM_COMPUTER | USN | bigint | 8 | ||||
V_SEM_CONTENT | USN | bigint | 8 | ||||
V_SERVER_ADMIN_LOG | USN | bigint | 8 | ||||
V_SERVER_CLIENT_LOG | USN | bigint | 8 | ||||
V_SERVER_ENFORCER_LOG | USN | bigint | 8 | ||||
V_SERVER_POLICY_LOG | USN | bigint | 8 | ||||
V_SERVER_SYSTEM_LOG | USN | bigint | 8 | ||||
V_VIRUS | USN | bigint | 8 | ||||
VIRUS | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
VIRUSCATEGORY | USN | bigint | 8 | ((1)) | A USN-based serial number; this ID is not unique. | ||
SEM_REPLICATION_STATE | USN_LIFETIME | bigint | 8 | Caches USN life time. | |||
GUIPARMS | VALUE | nvarchar | 510 | ('') | Parameter value | ||
HOMEPAGECONFIG | VALUE | nvarchar | 510 | ('') | Parameter value | ||
AGENT_BEHAVIOR_LOG_1 | VAPI_NAME | nvarchar | 512 | √ | null | What API was blocked | |
AGENT_BEHAVIOR_LOG_2 | VAPI_NAME | nvarchar | 512 | √ | null | What API was blocked | |
V_AGENT_BEHAVIOR_LOG | VAPI_NAME | nvarchar | 512 | √ | null | ||
ALERTS | VBIN_ID | bigint | 8 | ((0)) | Client-side ID of the quarantined threat if quarantined | ||
V_ALERTS | VBIN_ID | bigint | 8 | ||||
DATA_HANDLER | VERSION | tinyint | 1 | ((0)) | Handler version | ||
PATTERN | VERSION | varchar | 255 | ('') | Version number for this content | ||
SEM_APPLICATION | VERSION | varchar | 256 | √ | null | File version of the application binary | |
V_IPS | VERSION | varchar | 255 | ||||
V_MR_CLEAN | VERSION | varchar | 255 | ||||
V_SONAR | VERSION | varchar | 255 | ||||
VERSION | VERSION | char | 10 | Version of Reporting | |||
AGENTSTATUS | VERSION_BUILD | varchar | 20 | ('00.00.00') | Version/build (major.minor.build) of agent | ||
V_VIRUS | VID | bigint | 8 | ||||
VIRUS | VID | bigint | 8 | ((0)) | Unique identifier for a virus set by Security Response | ||
NOTIFICATION | VIRUS | nvarchar | 510 | ('%') | Name of virus(es) to which this notification applies (Comma-separated list, wild-cards allowed) | ||
V_VIRUS | VIRUSNAME | nvarchar | 510 | ||||
VIRUS | VIRUSNAME | nvarchar | 510 | ('') | Name of virus / threat | ||
ALERTS | VIRUSNAME_IDX | char | 32 | ('') | Pointer to table 'virus' | ||
INVENTORYCURRENTRISK1 | VIRUSNAME_IDX | char | 32 | ('') | Foreign key to VIRUS table | ||
V_ALERTS | VIRUSNAME_IDX | char | 32 | ||||
V_VIRUS | VIRUSNAME_IDX | char | 32 | ||||
VIRUS | VIRUSNAME_IDX | char | 32 | ||||
SEM_SVA | VSIC_CACHE_SIZE | int | 4 | ((0)) | |||
SEM_SVA | VSIC_REQUESTS_NUM | int | 4 | ((0)) | |||
SCANS | VSIC_SCAN | tinyint | 1 | ((0)) | |||
SEM_AGENT | VSIC_STATUS | tinyint | 1 | ((127)) | |||
SEM_SVA | VSIC_SUBMITS_NUM | int | 4 | ((0)) | |||
SEM_SVA | VSIC_VERSION | nvarchar | 128 | √ | null | ||
LICENSE | WARN_DATE | bigint | 8 | √ | null | The date to start the warning window, computed based on end date and warn policy ( end date - warn days) | |
LICENSE_CHAIN | WARN_DATE | bigint | 8 | √ | null | The date to start the warning window, computed based on end date and warn policy (end date - warn days) | |
LICENSE | WARN_POLICY | bigint | 8 | number of days, prior to end, to start the warning. read from license file | |||
AGENTCONFIG | WARNAFTER_UNIT | varchar | 10 | ('') | Unit for Warnafter_value (minutes, hours or days) | ||
AGENTCONFIG | WARNAFTER_VALUE | int | 4 | ((0)) | Time of agent inactivity after which a warning will be raised | ||
HPP_ALERTS | WEB_DOMAIN | nvarchar | 126 | ('') | Web domain | ||
THREATREPORT | WEB_DOMAIN | nvarchar | 126 | ('%') | Risk report filter for Web domain name | ||
THREATREPORT | WEB_DOMAIN_INCLUDE | int | 4 | ((0)) | Whether the Web domain filter is in use or not for this particular saved filter. This is not currently used. | ||
OAUTH_CLIENT_DETAILS | WEB_SERVER_REDIRECT_URI | nvarchar | 4000 | √ | null | ||
HPP_ALERTS | WHITELIST_REASON | int | 4 | ((0)) | 0 = Not on the permitted application list 100 = Symantec permitted application list 101 = Administrator permitted application list 102 = User permitted application list |
||
SEM_COMPUTER | WINS_SERVER1 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | WINS_SERVER1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | WINS_SERVER1 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | WINS_SERVER1_TEXT | varchar | 123 | √ | null | ||
SEM_COMPUTER | WINS_SERVER2 | bigint | 8 | √ | null | ||
SEM_SVA_COMPUTER | WINS_SERVER2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | WINS_SERVER2 | bigint | 8 | √ | null | ||
V_SEM_COMPUTER | WINS_SERVER2_TEXT | varchar | 123 | √ | null | ||
INVENTORYREPORT | WORSTINFECTION_IDX | int | 4 | √ | ((-1)) | Not used | |
SEM_AGENT | WORSTINFECTION_IDX | int | 4 | ((9999)) | Worst detection: 0 = (Severity 0) Viral 1 = (Severity 1) Non-Viral malicious 2 = (Severity 2) Malicious 3 = (Severity 3) Antivirus - Heuristic 5 = (Severity 5) Hack tool 6 = (Severity 6) Spyware 7 = (Severity 7) Trackware 8 = (Severity 8) Dialer 9 = (Severity 9) Remote access 10 = (Severity 10) Adware 11 = (Severity 11) Jokeware 12 = (Severity 12) Client compliancy 13 = (Severity 13) Generic load point 14 = (Severity 14) Proactive Threat Scan - Heuristic 15 = (Severity 15) Cookie 9999 = No detections |
||
NOTIFICATION | XMINUTES | int | 4 | ((0)) | Time window in which ntimes events must occur to trigger the notification |