Table sem5.dbo.ANOMALYDETECTIONS
Keeps the client to detection event mappings

Generated by
SchemaSpy
Legend:
Primary key columns
Columns with indexes
Implied relationships
Excluded column relationships
< n > number of related tables
 
Column Type Size Nulls Auto Default Children Parents Comments
ALERT_EVENT_IDX char 32 Foreign key to ALERTS.IDX
ANOMALY_DETECTION_IDX char 32 Pointer to table 'anomalydetection'
STATUS int 4 Scan detection status. Currently always 1 to mean "successful detection performed". Other values are reserved for future use.
LOG_SESSION_GUID char 32 ('') This is an ID used by the client to keep track of related threat events.
USN bigint 8 ((1)) A USN-based serial number; this ID is not unique.
TIME_STAMP bigint 8 ((0)) The time when the event is logged into system (GMT), which is server side time
DELETED tinyint 1 ((0)) Deleted row: 0 = not deleted, 1 = deleted
ID char 32

Analyzed at Mon Oct 29 12:07 PDT 2012

Indexes:
Column(s) Type Sort Constraint Name
ID Primary key Asc PK_ANOMALYDETECTIONS
ALERT_EVENT_IDX + ANOMALY_DETECTION_IDX Performance Asc/Asc I_ANOMALYDETECTIONS_ALERT_EVENT_IDX_PLUS
LOG_SESSION_GUID + ALERT_EVENT_IDX Performance Asc/Asc I_ANOMALYDETECTIONS_LOG_SESSION_GUID_PLUS