Table sem5.dbo.COMPLIANCE_REPORT
Keeps the administrator-defined filters for the Device Control log, the NTP Attacks log, and all the Compliance logs

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
COMPLIANCEFILTER_IDX char 32
USER_ID char 32 ('')
FILTERNAME nvarchar 510 ('')
STARTDATEFROM datetime 16,3 ('19700101') Start date
STARTDATETO datetime 16,3 ('19700101') End date
RELATIVEDATETYPE int 4 ((0)) 0 = past week
1 = past month
2 = past three months
3 = past year
4 = past 24 hours
5 = current month
COMPLIANCE_TYPE tinyint 1 ((0)) 1 = Enforcer Server
2 = Enforcer Client
3 = Enforcer Traffic
4 = Host Compliance
5 = Attack (Firewall logs)
6 = Device Control
SEVERITY int 4  √  (NULL) 1 = Critical (which filters on SEVERITY >= 0 AND SEVERITY <= 3)
5 = Major (which filters on SEVERITY >= 4 AND SEVERITY <= 7)
9 = Minor (which filters on SEVERITY >= 8 AND SEVERITY <= 11)
13 = Info (which filters on SEVERITY >= 12 AND SEVERITY <= 15)
EVENT_ID int 4  √  (NULL) Events for Enforcer Server:
1 = Enforcer registered
2 = Enforcer failed to register
5 = Enforcer downloaded policy
7 = Enforcer downloaded sylink.xml
9 = Server received Enforcer log
12 = Server received Enforcer information
Events for Enforcer Traffic :
17 = Incoming traffic blocked
18 = Outgoing traffic blocked
33 = Incoming traffic allowed
34 = Outgoing traffic allowed
Events for Host compliance:
209 = Host Integrity failed
210 = Host Integrity passed
221 = Host Integrity failed but reported as PASS
237 = Host Integrity custom log entry
Events for Attack (firewall):
207 = Active Response
211 = Active Response disengaged
219 = Active Response canceled
217 = Executable file change accepted
218 = Executable file change denied
220 = Application Hijack
201 = N/A (invalid traffic by rule)
202 = Port Scan
203 = Denial of Service
204 = Trojan
206 = Intrusion Prevention
208 = MAC Spoofing
Events for Device control:
238 = Device control disabled device
BLOCKED tinyint 1  √  (NULL) 0 = Blocked, 1 = Not Blocked
NETWORK_PROTOCOL tinyint 1  √  (NULL) 1 = Other, 2 = TCP, 3 = UDP, 4 = ICMP
TRAFFIC_DIRECTION tinyint 1  √  (NULL) 1 = Inbound, 2 = Outbound, 0 = Unknown
SERVERGROUPLIST nvarchar 510 ('') Comma-separated, wild-carded domain names by which to filter
CLIENTGROUPLIST nvarchar 510 ('') Comma-separated, wild-carded group names by which to filter
PARENTSERVERLIST nvarchar 510 ('') Comma-separated, wild-carded server names by which to filter
COMPUTERLIST nvarchar 1024 ('') Comma separate, wild-carded computer names by which to filter
IPADDRESSLIST nvarchar 510 ('') Comma-separated, wild-carded IP list by which to filter
USERLIST nvarchar 510 ('') Comma-separated, wild-carded user names by which to filter
SITELIST nvarchar 510 ('') Comma-separated, wild-carded site names by which to filter
ENFORCERLIST nvarchar 510 ('') Comma-separated, wild-carded Enforcer names by which to filter
REMOTEHOSTLIST nvarchar 510 ('') Comma-separated, wild-carded remote computer names by which to filter
REMOTEIPLIST nvarchar 510 ('') Comma-separated, wild-carded remote IP list by which to filter
LOCAL_PORT int 4  √  (NULL) Port number
HACK_TYPE int 4  √  (NULL) 0 = Process is not running
1 = Signature is out-of-date
2 = Recovery was attempted
ACTION varchar 32 ('') For Enforcer Client: Authenticated, Disconnected, Passed, Rejected, Failed
ENFORCER_TYPE tinyint 1  √  (NULL) For Enforcer Client: 0 = Gateway Enforcer, 1 = LAN Enforcer, 2 = DHCP Enforcer, 3 = Integrated Enforcer, 4 = NAP Enforcer, 5 = PeerToPeer Enforcer
OS_TYPE int 4  √  (NULL) 600 = Windows Vista and Windows Server 2008
502 = Windows 2003 and Windows XP 64 bit
501 = Windows XP
500 = Windows 2000
400 = Windows NT
000 = Other
SORTORDER varchar 32 ('EVENT_TIME') Log column sort
SORTDIR varchar 5 ('DESC') DESC = Descending, ASC = Ascending
LIMITROWS int 4 ((20)) Number of rows to use for pagination
USERELATIVE char 2 ('on') Use relative dates ('on') or absolute dates
REPORT_IDX int 4 ('0') Not used
REPORTINPUTS nvarchar 128 ('') Special parameters if report needs them
USN bigint 8 ((1)) A USN-based serial number; this ID is not unique.
TIME_STAMP bigint 8 ((0)) Time that the record was modified
DELETED tinyint 1 ((0)) Deleted entry; 0 = Not deleted, 1 = Deleted
FULL_CHARTS varchar 255 ('') Admin-specified list of charts to include in the NTP Full Report

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
USER_ID + FILTERNAME + COMPLIANCE_TYPE Primary key Asc/Asc/Asc PK_COMPLIANCEREPORT