User manual NOVELL IDENTITY AUDIT 1.0 GUIDE

[. . . ] novdocx (en) 22 June 2009 AUTHORIZED DOCUMENTATION Guide Novell® 1. 0 October 27, 2008 Identity Audit www. novell. com Identity Audit Guide novdocx (en) 22 June 2009 Legal Notices Novell, Inc. , makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. , makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. [. . . ] 2 Open the file /etc/init. d/boot. local for editing. 3 Add the following command near the end of the bootup process: iptables -A PREROUTING -t nat -p protocol --dport incoming port -j DNAT -to-destination IP:rerouted port where protocol is tcp or udp, incoming port is the port on which the messages are arriving, and IP:rerouted port are the IP address of the local machine and an available port above 1024 4 Save the changes. If you cannot reboot immediately, run the iptables command above from a command line. 5. 3. 2 Client Authentication Event sources send their data over an SSL connection, and the Client authentication setting for the Identity Audit server determines what kind of authentication is performed for the certificates from the s on the event sources. 42 Identity Audit Guide novdocx (en) 22 June 2009 Open: No authentication is required. Identity Audit does not request, require, or validate a certificate from the event source. Loose: A valid X. 509 certificate is required from the event source, but the certificate is not validated. It does not have to be signed by a Certificate Authority. Strict: A valid X. 509 certificate is required from the event source, and it must be signed by a trusted Certificate Authority. If the event source does not present a valid certificate, Identity Audit does not accept its event data. "Creating a Truststore" on page 43 "Importing a Truststore" on page 43 "Server Key Pair" on page 44 Creating a Truststore For strict authentication, you must have a truststore that contains either the event source's certificate or the certificate for the Certificate Authority (CA) that signed the event source's certificate. After you have a DER or PEM certificate, you can create the truststore by using the CreateTruststore utility that comes with Identity Audit. 1 Log in to the Identity Audit server as novell. 2 Go to /opt/novell/identity_audit_1. 0_x86/data/updates/done. 3 Unzip the file audit_connector. zip. unzip audit_connector. zip 4 Either copy TruststoreCreator. sh or TruststoreCreator. bat to the machine with the certificates or copy the certificates to the machine with the TruststoreCreator utility. 5 Run the TruststoreCreator. sh utility. TruststoreCreator. sh -keystore /tmp/my. keystore -password password1 -certs /tmp/cert1. pem, /tmp/cert2. pem In this example, the TruststoreCreator utility creates a keystore file called my. keystore that contains two certificates (cert1. pem and cert2. pem) in it. It is protected by the password password1. Importing a Truststore For strict authentication, the administrator can import a truststore by using the Import button. This helps ensure that only authorized event sources are sending data to Identity Audit. The truststore must include either the event source's certificate or the certificate of the Certificate Authority that signed it. The following procedure must be run on the machine that has the truststore on it. You can open a Web browser on the machine with the truststore or move the truststore to any machine with a Web browser. To import a truststore: 1 Log into Identity Audit as an administrator. 2 Click the Collection link at the top of the screen. [. . . ] Custom Value 1 - 10 Reserved for use by Customer, typically for association of Business relevant data CV01 - 10 integer Novell Identity Audit Database Views for PostgreSQL Server 101 novdocx (en) 22 June 2009 Column Name Datatype Comment CV11 - 20 timestamp with time zone Custom Value 11 - 20 Reserved for use by Customer, typically for association of Business relevant data CV21 - 29 character varying(255) Custom Value 21 ­ 29 Reserved for use by Customer, typically for association of Business relevant data CV30 - 34 character varying(4000) Custom Value 30 ­ 34 Reserved for use by Customer, typically for association of Business relevant data CV35 - 100 character varying(255) Custom Value 35 ­ 100 Reserved for use by Customer, typically for association of Business relevant data C. 1. 55 EVENTS_RPT_V3 Column Name Datatype Comment Event_ID Resource_Name Sub_Resource Severity Event_Parse_Time Event_datetime Event_Device_Time Sentinel_Process_Time Begin_Time End_Time repeat_count Target_Service_Port Event_Time Init_Asset_id Target_Asset_id Target_IP Target_IP_Dotted Target_Host_Name uuid character varying(255) character varying(255) integer timestamp with time zone timestamp with time zone timestamp with time zone timestamp with time zone timestamp with time zone timestamp with time zone integer integer character varying(255) bigint bigint integer character varying(16) character varying(255) Event identifier Resource name Subresource name Event severity Event time Event date time Event device time Sentinel process time Events begin time Events end time Repeat count Target service port Event time Initiator asset identifier Target asset identifier Target IP address in numeric format Target IP address in dotted format Target host name 102 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment Init_User_Name Target_User_Name File_Name Extended_Info Init_User_ Id Init_Usr_Identity Target_User_Id Target_User_Identity Effective_User_Name Effective_User_Sys_Id Effective_User_Domain Target_Trust_Name Target_Trust_Sys_Id Target_Trust_Domain Observer_Ip Reporter_Ip Observer_Host_Domain Reporter_Host_Domain Observer_Asset_Id Reporter_Asset_Id Init_Service_Comp Target_Service_Comp Custom_Tag_1 Custom_Tag_2 Custom_Tag_3 Reserved_Tag_1 Reserved_Tag_2 Reserved_Tag_3 Vulnarability_Rating Criticality_Rating Date_Created Date_Modified character varying(255) character varying(255) character varying(1000) character varying(1000) character varying(255) uuid character varying(255) uuid character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) integer integer character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) integer character varying(255) character varying(255) integer integer integer timestamp with time zone timestamp with time zone Initiator user name Target user name File name Extened information Initiator user ID Initiator user identity Target user ID Target user identity Effective user name Effective user ID Effective user domain Target trust name Target trust ID Target trust domain Observer IP address in numeric format Reporter IP address in numeric format Observer host domain Reporter host domain Observer asset identifier Reporter asset identifier Initiator service component Target service component Customer Tag 1 Customer Tag 2 Customer Tag 3 Date the entry was created Date the entry was modified Novell Identity Audit Database Views for PostgreSQL Server 103 novdocx (en) 22 June 2009 Column Name Datatype Comment Created_By Modified_By RV01 Event_Metric Data_Tag_Id RV04-RV10 RV11-RV20 RV21-RV28 Init_IP_Country Target_IP_Country RV31 RV33 RV36 RV40 RV43 RV46 RV49 Init_Threat_Level Init_User_Domain Init_Function Init_Operational_Cotext Target_Host_Domain Target_Threat_Level Target_User_Domain Target_Function Target_Operational_Cotext Taxonomy_id Reference_id_1 XDAS_Taxonomy_Id Reference_id_2-Reference_id_20 CV01-CV10 CV11-CV20 integer integer integer integer integer integer timestamp with time zone character varying(255) character varying(255) character varying(255) character varying(255) User who created object User who last modified object Event metric Data tag ID Initiator country Target country character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) bigint bigint bigint Initiator threat level Initiator user domain Initiator function Initiator operational cotext Target host domain Target threat level Target user domain Target function Target operational cotext Taxonomy identifier XDAS Taxonomy identifier integer timestamp with time zone 104 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment CV21-CV29 CV30-CV34 CV35-CV100 Customer_Var_101Customer_Var_110 Customer_Var_111Customer_Var_120 Customer_Var_121Customer_Var_130 Customer_Var_131Customer_Var_140 Customer_Var_141Customer_Var_150 character varying(255) character varying(4000) character varying(255) integer timestamp with time zone uuid integer character varying(255) C. 1. 56 EVT_AGENT_RPT_V View references EVT_AGENT table that stores information about Collectors. Column Name Datatype Comment Agent_ID CUST_ID Agent Port Report_Name Product_Name Sensor_Name Sensor_Type bigint bigint character varying(64) character varying(64) character varying(255) character varying(255) character varying(255) character varying(5) Collector identifier Customer identifier Collector name Collector port Reporter name Product name Sensor name Sensor type: H - host-based N - network-based V - virus O - other Device_Category Source_UUID DATE_CREATED DATE_MODIFIED character varying(255) uuid timestamp with time zone timestamp with time zone Device category Source component Universal Unique Identifier (UUID) Date the entry was created Date the entry was modified Novell Identity Audit Database Views for PostgreSQL Server 105 novdocx (en) 22 June 2009 Column Name Datatype Comment CREATED_BY MODIFIED_BY integer integer User who created object User who last modified object C. 1. 57 EVT_AGENT_RPT_V3 Column Name Datatype Comment Agent_ID Cust_ID Agent Port Reporter_Host_Name Sensor_Type bigint bigint character varying(64) character varying(64) character varying(255) character varying(5) Collector identifier Customer identifier Collector Port Reporter host name Sensor type: H - host-based N - network-based V - virus O - other Device_Category Source_UUID DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY character varying(255) uuid timestamp with time zone timestamp with time zone integer integer Device category Source component Universal Unique Identifier (UUID) Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 58 EVT_ASSET_RPT_V View references EVT_ASSET table that stores asset information. Column Name Datatype Comment Event_Asset_ID CUST_ID Asset_Name Physical_Asset_Name bigint bigint character varying(255) character varying(255) Event asset identifier Customer identifier Asset name Physical asset name 106 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment Reference_Asset_IDcharacter varying(100) Mac_Address Rack_Number Room_Name Building_Name City State Country Zip_Code Asset_Category_Name Network_Identity_Name Environment_Identity_Name Asset_Value_Name Criticality_Name Sensitivity_Name Contact_Name_1 Contact_Name_2 Organization_Name_1 Organization_Name_2 Organization_Name_3 Organization_Name_4 DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY Reference asset identifier, links to Reference_Asset_IDcharacter source asset management varying(100) system. character varying(100) character varying(50) character varying(100) character varying(255) character varying(100) character varying(100) character varying(100) character varying(50) character varying(100) character varying(255) character varying(255) character varying(50) character varying(50) character varying(50) character varying(255) character varying(255) character varying(100) character varying(100) character varying(100) character varying(100) timestamp with time zone timestamp with time zone integer integer MAC address Rack number Room name Building name City State Country Zip code Asset category name Asset network identity name Environment name Asset value name Asset criticality name Asset sensitivity name Name of contact person/ organization 1 Name of contact person/ organization 2 Asset owner organization level 1 Asset owner organization level 2 Asset owner organization level 3 Asset owner organization level 4 Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 59 EVT_ASSET_RPT_V3 Asset_Department character varying(100) Asset department DATE_CREATED timestamp with time zone Date the entry was created Novell Identity Audit Database Views for PostgreSQL Server 107 novdocx (en) 22 June 2009 Asset_Department character varying(100) Asset department DATE_MODIFIED CREATED_BY MODIFIED_BY timestamp with time zone integer integer Date the entry was modified User who created object User who last modified object C. 1. 60 EVT_DEST_EVT_NAME_SMRY_1_RPT_V View summarizes event count by destination, taxonomy, event name, severity and event time. Column Name Datatype Comment Destination_IP Destination_Event_Asset_ID Taxonomy_ID Event_Name_ID Severity CUST_ID Event_Tme Event_Count Date_Created Date_Modified Created_By Modified_By Destination_Host_Name integer bigint bigint bigint integer bigint timestamp with time zone integer timestamp with time zone timestamp with time zone integer integer character varying(255) Destination IP address Event asset identifier Taxonomy identifier Event name identifier Event severity Customer identifier Event time Event count Date the entry was created Date the entry was modified User who created object User who last modified object Destination host name C. 1. 61 EVT_DEST_SMRY_1_RPT_V View contains event destination summary information. Column Name Datatype Comment Destination_IP Destination_Event_Asset_ID Destination_Port Destination_Usr_ID Taxonomy_ID Event_Name_ID Resource_ID integer bigint character varying(32) bigint bigint bigint bigint Destination IP address Event asset identifier Destination port Destination user identifier Taxonomy identifier Event name identifier Resource identifier 108 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment Agent_ID Protocol_ID Severity CUST_ID Event_Time XDAS_Taxonomy_id Target_User_Identity Event_Count Date_Created Date_Modified Created_By Modified_By Destination_Host_Name bigint bigint integer bigint timestamp with time zone bigint uuid integer timestamp with time zone timestamp with time zone integer integer character varying(255) Collector identifier Protocol identifier Event severity Customer identifier Event time XDAS taxonomy identifier Target user identity Event count Date the entry was created Date the entry was modified User who created object User who last modified object Destination host name C. 1. 62 EVT_DEST_TXNMY_SMRY_1_RPT_V View summarizes event count by destination, taxonomy, severity and event time. Column Name Datatype Comment Destination_IP Destination_Event_Asset_ID Taxonomy_ID Severity CUST_ID Event_Time XDAS_Taxonomy_id Event_Count Date_Created Date_Modified Created_By Modified_By Destination_Host_Name integer bigint bigint integer bigint Destination IP address Event asset identifier Taxonomy identifier Event severity Customer identifier timestamp with time zone Event time bigint integer XDAS taxonomy identifier Event count timestamp with time zone Date the entry was created timestamp with time zone Date the entry was modified integer integer character varying(255) User who created object User who last modified object Destination host name Novell Identity Audit Database Views for PostgreSQL Server 109 novdocx (en) 22 June 2009 C. 1. 63 EVT_NAME_RPT_V View references EVT_NAME table that stores event name information. Column Name Datatype Comment Event_Name_ID Event_Name DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY bigint character varying(255) timestamp with time zone timestamp with time zone integer integer Event name identifier Event name Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 64 EVT_PORT_SMRY_1 Column Name Datatype Comment DEST_PORT SEV CUST_ID EVT_TIME EVT_CNT DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY character varying(32) integer bigint timestamp with time zone integer timestamp with time zone timestamp with time zone integer integer Destination port Severity Customer identifier Event time Event count Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 65 EVT_PORT_SMRY_1_RPT_V View summarizes event count by destination port, severity and event time. Column Name Datatype Comment Destination_Port Severity Cust_ID Event_Time Event_Count Date_Created character varying(32) integer bigint timestamp with time zone integer timestamp with time zone Destination port Event severity Customer identifier Event time Event count Date the entry was created 110 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment Date_Modified Created_By Modified_By timestamp with time zone integer integer Date the entry was modified User who created object User who last modified object C. 1. 66 EVT_PRTCL_RPT_V View references EVT_PRTCL table that stores event protocol information. Column Name Datatype Comment Protocol_ID Protocol_Name DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY bigint character varying(255) timestamp with time zone timestamp with time zone integer integer Protocol identifier Protocol name Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 67 EVT_RSRC_RPT_V View references EVT_RSRC table that stores event resource information. Column Name Datatype Comment Resource_ID CUST_ID Resource_Name Sub_Resource_Name DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY bigint bigint character varying(255) character varying(255) timestamp with time zone timestamp with time zone integer integer Resource identifier Customer identifier Resource name Subresource name Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 68 EVT_SEV_SMRY_1_RPT_V View summarizes event count by severity and event time. Column Name Datatype Comment Severity CUST_ID integer bigint Event severity Customer identifier Novell Identity Audit Database Views for PostgreSQL Server 111 novdocx (en) 22 June 2009 Column Name Datatype Comment Event_Time Event_Count Date_Created Date_Modified Created_By Modified_By timestamp with time zone integer Event time Event count timestamp with time Date the entry was created zone timestamp with time zone integer integer Date the entry was modified User who created object User who last modified object C. 1. 69 EVT_SRC_COLLECTOR_RPT_V Column Name Datatype Comment EVT_SRC_COLLECTOR_ID SENTINEL_PLUGIN_ID EVT_SRC_MGR_ID EVT_SRC_COLLECTOR_NAME STATE_IND EVT_SRC_COLLECTOR_PROPS MAP_FILTER CREATED_BY MODIFIED_BY DATE_CREATED DATE_MODIFIED uuid uuid uuid character varying(255) boolean text text integer integer timestamp with time zone timestamp with time zone Event source collector identifier Sentine plugin identifier Event source manager identifier Event source collector name State indicator Event source collector prop Map filter Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 70 EVT_SRC_GRP_RPT_V Column Name Datatype Comment EVT_SRC_GRP_ID EVT_SRC_COLLECTOR_ID SENTINEL_PLUGIN_ID EVT_SRC_SRVR_ID EVT_SRC_GRP_NAME uuid uuid uuid uuid character varying(255) Event source group identifier Event source collector identifier Sentinel plugin identifier Event source server identifier Event source group name 112 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment STATE_IND MAP_FILTER EVT_SRC_DEFAULT_CONFIG CREATED_BY MODIFIED_BY DATE_CREATED DATE_MODIFIED boolean text text integer integer timestamp with time zone timestamp with time zone State indicator Map filter Event source default configuration Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 71 EVT_SRC_MGR_RPT_V Column Name Datatype Comment EVT_SRC_MGR_ID SENTINEL_ID SENTINEL_HOST_ID EVT_SRC_MGR_NAME STATE_IND EVT_SRC_MGR_CONFIG CREATED_BY MODIFIED_BY DATE_CREATED DATE_MODIFIED uuid uuid uuid character varying(255) boolean text integer integer timestamp with time zone timestamp with time zone Event source manager identifier Sentinel identifier Sentinel host identifier Event source manager name State indicator Event source manager configu Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 72 EVT_SRC_OFFSET_RPT_V Column Name Datatype Comment EVT_SRC_ID OFFSET_VAL OFFSET_TIMESTAMP CREATED_BY MODIFIED_BY DATE_CREATED uuid text timestamp with time zone integer integer timestamp with time zone Event source identifier Offset value Offset timestamp User who created object User who last modified object Date the entry was created Novell Identity Audit Database Views for PostgreSQL Server 113 novdocx (en) 22 June 2009 Column Name Datatype Comment DATE_MODIFIED timestamp with time zone Date the entry was modified C. 1. 73 EVT_SRC_RPT_V Column Name Datatype Comment EVT_SRC_ID EVT_SRC_NAME EVT_SRC_GRP_ID STATE_IND MAP_FILTER EVT_SRC_CONFIG CREATED_BY MODIFIED_BY DATE_CREATED DATE_MODIFIED uuid character varying(255) uuid boolean text text integer integer timestamp with time zone timestamp with time zone Event source identifier Event source name Event source group identifier State indicator Map filter Event source config User who created object User who last modified object Date the entry was created Date the entry was modified C. 1. 74 EVT_SRC_SMRY_1_RPT_V View contains event source and destination summary information. Column Name Datatype Comment Source_IP Source_Event_Asset_ID Source_Port Source_User_ID Taxonomy _ID Event_Name_ID Resource_ID Agent_ID Protocol _ID Severity CUST_ID Event_Time integer bigint character varying(32) bigint bigint bigint bigint bigint bigint integer bigint timestamp with time zone Source IP address Event asset identifier Source port User identifier Taxonomy identifier Event name identifier Resource identifier Collector identifier Protocol identifier Event severity Customer identifier Event time 114 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment XDAS_Taxonomy_id Init_User_Identity Event_Count Date_Created Date_Modified Created_By Modified_By Source_Host_Name bigint uuid integer timestamp with time zone timestamp with time zone integer integer character varying(255) XDAS taxonomy id Initiator user identity Event count Date the entry was created Date the entry was modified User who created object User who last modified object Source host name C. 1. 75 EVT_SRC_SRVR_RPT_V Column Name Datatype Comment EVT_SRC_SRVR_ID EVT_SRC_SRVR_NAME EVT_SRC_MGR_ID SENTINEL_PLUGIN_ID STATE_IND EVT_SRC_SRVR_CONFIG CREATED_BY MODIFIED_BY DATE_CREATED DATE_MODIFIED uuid character varying(255) uuid uuid boolean text integer integer Event source server identifier Event source server name Event source manager identifier Sentinel plugin identifier State indicator Event source server configuration User who created object User who last modified object timestamp with time zone Date the entry was created timestamp with time zone Date the entry was modified C. 1. 76 EVT_TXNMY_RPT_V View references EVT_TXNMY table that stores event taxonomy information. Column Name Datatype Comment Taxonomy _ID Taxonomy _ Level _1 Taxonomy _ Level _2 Taxonomy _ Level _3 Taxonomy _ Level _4 Device_Category bigint character varying(100) character varying(100) character varying(100) character varying(100) character varying(255) Taxonomy identifier Taxonomy level 1 Taxonomy level 2 Taxonomy level 3 Taxonomy level 4 Novell Identity Audit Database Views for PostgreSQL Server 115 novdocx (en) 22 June 2009 Column Name Datatype Comment DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY timestamp with time zone timestamp with time zone integer integer Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 77 EVT_USR_RPT_V View references EVT_USR table that stores event user information. Column Name Datatype Comment User_ID User_Name User_Domain CUST_ID DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY bigint character varying(255) character varying(255) bigint timestamp with time zone timestamp with time zone integer integer User identifier User name Customer identifier Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 78 EVT_XDAS_TXNMY_RPT_V Column Name Datatype Comment XDAS_TXNMY_NAME XDAS_OUTCOME_NAME Xdas_Registry Xdas_Provider Xdas_Class Xdas_Identifier Xdas_Outcome Xdas_Detail Xdas_Taxonomy_Id DATE_CREATED DATE_MODIFIED CREATED_BY character varying(255) character varying(255) integer integer integer integer integer integer bigint timestamp with time zone timestamp with time zone integer XDAS taxonomy name XDAS outcome name XDAS registry XDAS provider XDAS class XDAS identifier XDAS outcome XDAS detail XDAS taxonomy identifier Date the entry was created Date the entry was modified User who created object 116 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment MODIFIED_BY integer User who last modified object C. 1. 79 EXTERNAL_DATA_RPT_V View references EXTERNAL_DATA table that stores external data. Column Name Datatype Comment EXTERNAL_DATA_ID SOURCE_NAME SOURCE_DATA_ID EXTERNAL_DATA EXTERNAL_DATA_TYPE DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY integer character varying(50) character varying(255) text character varying(10) timestamp with time zone timestamp with time zone integer integer External data identifier Source name Source data identifier External data External data type Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 80 HIST_CORRELATED_EVENTS Column Name Datatype Comment PARENT_EVT_ID CHILD_EVT_ID PARENT_EVT_TIME CHILD_EVT_TIME DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY uuid uuid timestamp with time zone timestamp with time zone timestamp with time zone timestamp with time zone integer integer Event Universal Unique Identifier (UUID) of parent event Event Universal Unique Identifier (UUID) of child event Parent event created time Child event created time Date the entry was created Date the entry was modified User who created object User who last modified object Novell Identity Audit Database Views for PostgreSQL Server 117 novdocx (en) 22 June 2009 C. 1. 81 HIST_CORRELATED_EVENTS_RPT_V (legacy view) This view is provided for backward compatibility. New reports should use CORRELATED_EVENTS_RPT_V1. C. 1. 82 HIST_EVENTS Column Name Datatype Comment EVT_ID EVT_TIME CUST_ID SRC_ASSET_ID DEST_ASSET_ID TXNMY_ID PRTCL_ID AGENT_ID ARCH_ID DEVICE_EVT_TIME SENTINEL_PROCESS_TIME BEGIN_TIME END_TIME REPEAT_CNT DP_integer SP_integer RES SRES SEV EVT ET SIP SHN SP DIP DHN DP uuid Event Universal Unique Identifier (UUID) timestamp with time zone Event time bigint bigint bigint bigint bigint bigint bigint timestamp with time zone Device Event Time timestamp with time zone Sentinel Process Time timestamp with time zone Events begin time timestamp with time zone Events end time integer integer integer character varying(255) character varying(255) integer character varying(255) character varying(255) integer character varying(255) character varying(32) integer character varying(255) character varying(32) Severity Events Resolution Events repeat count Customer identifier Source Asset ID Destination Asset ID Taxonomy ID Protocol ID Collector Identifier 118 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment SUN DUN FN VULN CT1 CT2 CT3 RT1 RT2 RT3 CRIT MSG EI INIT_USR_SYS_ID INIT_USR_IDENTITY_GUID TRGT_USR_SYS_ID TRGT_USR_IDENTITY_GUID EFFECTIVE_USR_NAME EFFECTIVE_USR_SYS_ID EFFECTIVE_USR_DOMAIN TRGT_TRUST_NAME TRGT_TRUST_SYS_ID TRGT_TRUST_DOMAIN OBSRVR_IP RPTR_IP OBSRVR_HOST_DOMAIN RPTR_HOST_DOMAIN OBSRVR_ASSET_ID RPTR_ASSET_ID INIT_SRVC_COMP TARGET_SRVC_COMP EVT_GRP_ID character varying(255) character varying(255) character varying(1000) integer character varying(255) character varying(255) integer character varying(255) character varying(255) integer integer character varying(4000) character varying(1000) character varying(255) uuid character varying(255) uuid character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) integer integer character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) character varying(255) Message Vulnerability Novell Identity Audit Database Views for PostgreSQL Server 119 novdocx (en) 22 June 2009 Column Name Datatype Comment DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY RV01-RV10 RV11-RV20 RV21-RV25 RV26-RV38 RV40-RV49 RV101-RV120 RV121-RV130 RV131-RV140 RV141-RV150 RID01-RID20 CV01-CV10 CV11-CV20 CV21-CV29 CV35-CV100 CV30-CV34 CV101-CV110 CV131-CV140 CV111-CV120 CV121-CV130 CV141-CV147 timestamp with time zone Date the entry was created timestamp with time zone Date the entry was modified integer integer integer timestamp with time zone uuid character varying(255) User who created object User who last modified object timestamp with time zone uuid integer character varying(255) bigint integer timestamp with time zone character varying(255) character varying(4000) integer timestamp with time zone uuid character varying(255) C. 1. 83 HIST_EVENTS_RPT_V (legacy view) This view is provided for backward compatibility. New reports should use EVENTS_RPT_V2. C. 1. 84 IMAGES_RPT_V View references IMAGES table that stores system overview image information. Column Name Datatype Comment NAME character varying(128) Image name 120 Identity Audit Guide novdocx (en) 22 June 2009 Column Name Datatype Comment TYPE DATA DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY character varying(64) text timestamp with time zone timestamp with time zone integer integer Image type Image data Date the entry was created Date the entry was modified User who created object User who last modified object C. 1. 85 INCIDENTS_ASSETS_RPT_V View references INCIDENTS_ASSETS table that stores information about the assets that makeup incidents created in the Sentinel Console. Column Name Datatype Comment INC_ID ASSET_ID DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY integer uuid Incident identifier ­ sequence number Asset Universal Unique Identifier (UUID) timestamp with time Date the entry was created zone timestamp with time Date the entry was modified zone integer integer User who created object User who last modified object C. 1. 86 INCIDENTS_EVENTS_RPT_V View references INCIDENTS_EVENTS table that stores information about the events that makeup incidents created in the Sentinel Console. Column Name Datatype Comment INC_ID EVT_ID EVT_TIME DATE_CREATED DATE_MODIFIED CREATED_BY MODIFIED_BY integer uuid timestamp with time zone timestamp with time zone timestamp with time zone integer integer Incident identifier ­ sequence number Event Universal Unique Identifier (UUID) Event time Date the entry was created Date the entry was modified User who created object User who last modified object Novell Identity Audit Database Views for PostgreSQL Server 121 novdocx (en) 22 June 2009 C. 1. 87 INCIDENTS_RPT_V View references INCIDENTS table that stores information describing the details of incidents created in the Sentinel Console. Column Name Datatype Comment INC_ID NAME INC_CAT INC_DESC INC_PRIORITY INC_RES SEVERITY STT_ID SEVERITY_RATING VULNERABILITY_RATING integer character varying(255) character varying(255) character varying(4000) integer character varying(4000) integer integer character varying(32) character varying(32) Incident identifier ­ sequence number Incident name Incident category Incident description Incident priority Incident resolution Incident severity Incident State ID Average of all the event severities that comprise an incident. [. . . ]