Table sem5.dbo.ALERTS
Keeps the risk and Proactive Threat Protection (TruScan) events

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
IDX char 32
ALERT_IDX int 4 ((0)) Pointer to table ALERTMSG
COMPUTER_IDX char 32 ('') Foreign key to SEM_COMPUTER.COMPUTER_ID
SOURCE varchar 50 ('') Hard-coded English string used as lookup key for scan types:
"Scheduled Scan"
"Manual Scan"
"Real Time Scan"
"Integrity Shield"
"Definition downloader"
"System"
"Startup Scan"
"DefWatch"
"Manual Quarantine"
"Reboot Processing"
"Heuristic Scan"
VIRUSNAME_IDX char 32 ('') Pointer to table 'virus'
NOOFVIRUSES int 4 ((1)) Number of events for aggregated event record. This can be due to client-side aggregation, server-side compression, or both.
FILEPATH nvarchar 510 ('') File path of attacked file
DESCRIPTION nvarchar 510 ('')
ACTUALACTION_IDX int 4 ((0)) Pointer to table 'actualaction'; this is the action taken on the risk
REQUESTEDACTION_IDX int 4 ((0)) Pointer to table 'actualaction'; this is the action requested by the policy
SECONDARYACTION_IDX int 4 ((0)) Pointer to table 'actualaction'; this is the secondary action requested by the policy
ALERTDATETIME datetime 16,3 ('19700101') Time of event occurrences
ALERTINSERTTIME datetime 16,3 ('19700101') Time at which event was inserted in to the database
SERVERGROUP_IDX char 32 ('') Pointer to table 'identity_map'; this is the SEPM domain GUID
USER_NAME nvarchar 128 ('') User logged into machine when event took place
PARENTSERVER_IDX char 32 ('') Pointer to table 'identity_map'; this is the SEPM server GUID
CLIENTGROUP_IDX char 32 ('') Pointer to table 'identity_map'; this is the SEPM group GUID
SOURCE_COMPUTER_NAME nvarchar 128 ('') This is the source of the threat. This is logged when threat tracer is enabled in the AV policy.
SOURCE_COMPUTER_IP bigint 8 ((0)) This is the source of the threat. This is logged when threat tracer is enabled in the AV policy.
MOTHER_IDX char 32 ('') Pointer to the related compressed event in the ALERTS table. This is the compressed event created by database maintenance. A value here means this event has been aggregated server-side and is a child event.
LAST_LOG_SESSION_GUID char 32 ('') This is an ID used by the client to keep track of related threat events.
ALERTENDDATETIME datetime 16,3 ('19700101') Time at which event ended. This is the end of the aggregated event time.
HPP_APP_IDX varchar 32 ('') Pointer to hpp_application table
SITE_IDX char 32  √  (NULL) Pointer to table 'identity_map'; this is the SEPM site GUID
VBIN_ID bigint 8 ((0)) Client-side ID of the quarantined threat if quarantined
SCAN_ID bigint 8 ((0)) Pointer to scan table event that picked up this event
USN bigint 8 ((1)) A USN-based serial number; this ID is not unique.
TIME_STAMP bigint 8 ((0)) The time when the event is logged into system or updated in the system (GMT), which is server side time
DELETED tinyint 1 ((0)) Deleted row: 0 = not deleted, 1 = deleted
LOCAL_HOST_IP bigint 8  √  ((0)) Local host IP
AV_PRODUCT varchar 256  √  (NULL) AV product name
AV_PRODUCT_VERSION varchar 64  √  (NULL) AV product version
STATUS varchar 6  √  (NULL)

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
IDX Primary key Asc PK_ALERTS
MOTHER_IDX + DELETED Performance Asc/Asc A_ALERTS_MOTHER_IDX_PLUS
ACTUALACTION_IDX + MOTHER_IDX Performance Asc/Asc I_ALERTS_ACTUALACTION_IDX_PLUS
ALERT_IDX Performance Asc I_ALERTS_ALERT_IDX
ALERTDATETIME + DELETED Performance Asc/Asc I_ALERTS_ALERTDATETIME_DEL
ALERTDATETIME + MOTHER_IDX + DELETED + ALERT_IDX Performance Asc/Asc/Asc/Asc I_ALERTS_ALERTDATETIME_PLUS
ALERTINSERTTIME Performance Asc I_ALERTS_ALERTINSERTTIME
CLIENTGROUP_IDX Performance Asc I_ALERTS_CLIENTGROUP_IDX
COMPUTER_IDX Performance Asc I_ALERTS_COMPUTER_IDX
HPP_APP_IDX Performance Asc I_ALERTS_HPP_APP_IDX
LAST_LOG_SESSION_GUID Performance Asc I_ALERTS_LAST_LOG_SESSION_GUID_PLUS
MOTHER_IDX Performance Asc I_ALERTS_MOTHER_IDX
PARENTSERVER_IDX Performance Asc I_ALERTS_PARENTSERVER_IDX
REQUESTEDACTION_IDX Performance Asc I_ALERTS_REQUESTEDACTION_IDX
SERVERGROUP_IDX Performance Asc I_ALERTS_SERVERGROUP_IDX
SOURCE + ALERT_IDX Performance Asc/Asc I_ALERTS_SOURCE
SOURCE + ALERT_IDX + MOTHER_IDX + ALERTDATETIME + DELETED + COMPUTER_IDX Performance Asc/Asc/Asc/Asc/Asc/Asc I_ALERTS_SOURCE_ALERT_IDX
SOURCE + DELETED + ALERTDATETIME + MOTHER_IDX Performance Asc/Asc/Asc/Asc I_ALERTS_SOURCE_PLUS