Overview of the Repository Views Related to Real-time Monitoring Features
The following views exist to allow access to Real-time Monitoring data.
View: mgmt$ccc_all_observations
Description: This view returns all observations that have occurred. Any query against this view should ensure that filtering is done on appropriate fields with action_time being the first to take advantage of partitions.
Fields:
Field | Description |
---|---|
OBSERVATION_ID |
Unique ID given to the observation when detected by the agent |
BUNDLE_ID |
Bundle to which this observation belongs based on rule bundle settings |
TARGET |
Target this observation was found against |
TARGET_TYPE |
Type of the target |
ENTITY_TYPE |
Entity type of the entity that had an action against it |
ACTION |
Action that was observed |
ACTION_TIME |
Time the action occurred |
USER_TYPE |
Type of user that performed the action (for example, OS user versus DB user) |
USER_PERFORMING_ACTION |
Name of the user that performed the action |
ORIGINAL_USER_NAME |
Previous user name in the case of a SU/SUDO action (only applicable to some entity types) |
AFFECTED_ENTITY_NAME |
Name of the entity that was affected by this action (file name, and so on) |
AFFECTED_ENTITY_PREVIOUS_NAME |
Name of the entity prior to the action. For instance for file rename actions, this would be the old file name. |
SOURCE_HOST_IP |
Source IP of a connection when an action comes from another host (only applicable to some entity types) |
ACTION_PROCESS_ID |
PID of the process that performed the action (only applicable to some entity types) |
ACTION_PROCESS_NAME |
Name of the process that performed the action (only applicable to some entity types) |
ACTION_PARENT_PROCESS_ID |
PID of the parent process of the process that performed the action (only applicable to some entity types) |
ACTION_PARENT_PROCESS_NAME |
Name of the parent process of the process that performed the action (only applicable to some entity types) |
ENTITY_PREVIOUS_VALUE |
Previous value of the entity (only applicable to some entity types) |
ENTITY_NEW_VALUE |
New value of the entity (only applicable to some entity types) |
FILE_ENTITY_PREVIOUS_MD5_HASH |
Previous MD5 hash value of the entity (only applicable to some entity types) |
FILE_ENTITY_NEW_MD5_HASH |
New MD5 hash value of the entity (only applicable to some entity types |
AUDIT_STATUS |
Current audit status of the observation (unaudited, authorized, unauthorized, and so on) |
AUDIT_STATUS_SET_DATE |
Date the most recent audit status was set |
AUDIT_STATUS_SET_BY_USER |
User who set the most recent audit status |
View: mgmt$ccc_all_obs_bundles
Description: This view returns a summary of all observations bundles. Any query against this view should ensure that filtering is done on appropriate fields with bundle_start_time being the first to take advantage of partitions.
Fields:
Field | Description |
---|---|
BUNDLE_ID |
Bundle to which this observation belongs based on rule bundle settings |
TARGET |
Target this observation was found against |
TARGET_TYPE |
Type of the target |
RULE_NAME |
Name of the Real-time Monitoring Compliance Standard Rule |
ENTITY_TYPE |
Entity type of the entity that had an action against it |
USER_PERFORMING_ACTION |
Name of the user that performed the action |
BUNDLE_IN_VIOLATION |
Boolean value if the bundle currently is in violation. This means at least one observation in the bundle is unauthorized. True indicates the bundle is in violation. |
BUNDLE_START_TIME |
Date of the first observation in this bundle |
BUNDLE_CLOSE_TIME |
Date when this bundle was closed |
BUNDLE_CLOSE_REASON |
Explanation of why this bundle was closed |
DISTINCT_OBS_COUNT |
Total number of observations in this bundle |
AUTHORIZED_OBS_COUNT |
Number of observations in this bundle that are currently authorized |
UNAUTHORIZED_OBS_COUNT |
Number of observations in this bundle that are currently unauthorized |
UNAUTH_CLEARED_OBS_COUNT |
Number of observations in this bundle that are currently cleared (that were at one point unauthorized) |
UNAUDITED_OBS_COUNT |
Number of observations in this bundle that are currently unaudited. They have not been evaluated manually or with Change Management integration to determine audit status. |
View: mgmt$ccc_all_violations
Description: This view returns all real-time monitoring violations caused by an observation bundle having at least one unauthorized observation in it.
Fields:
Field | Description |
---|---|
ROOT_CS_ID |
Root Compliance Standard GUID. This is used for internal representation of the violation context. |
RQS_ID |
Runtime compliance standard GUID. This is used for internal representation of the violation context. |
RULE_ID |
Rule GUID. Internal ID of the rule having a violation. |
TARGET_ID |
Target GUID. Internal ID of the target having a violation. |
ROOT_TARGET_ID |
Root Target GUID. Internal ID of target hierarchy. |
RULE_TYPE |
Type of rule (Repository, Weblogic Server Signature, Real-time Monitoring) |
SEVERITY |
Severity Level of the rule (Info, Warning, Critical) |
BUNDLE_ID |
Internal ID of the Observation Bundle that is in violation. This observation bundle has one or more unauthorized observations in it |
BUNDLE_START_TIME |
Time the Observation Bundle started |
BUNDLE_CLOSE_TIME |
Time the Observation Bundle closed |
TARGET_TYPE |
Target Type of the Observation Bundle and all observations inside that bundle. |
ENTITY_TYPE |
Entity Type of the Observation Bundle and all observations inside that bundle. |
USER_NAME |
User name that performed the actions in this bundle |
AUTHORIZED_OBS_COUNT |
Number of Authorized observations in the observation bundle involved in this violation. |
UNAUTHORIZED_OBS_COUNT |
Number of Unauthorized observations in the observation bundle involved in this violation. |
UNAUDITED_OBS_COUNT |
Number of unaudited observations in the observation bundle involved in this violation. |
RULE_NAME |
Rule Name this violation is against. |
COMPLIANCE_STANDARD_NAME |
Compliance Standard Name this violation is against. |
TARGET |
Target Name this violation is against. |
View: mgmt$compliant_targets
Description: This view returns all evaluation and violation details for all targets. This is the same data that is shown in the Compliance Summary dashboard regions for targets.
Fields:
Field | Description |
---|---|
TARGET_ID |
Internal representation of the Target |
TARGET_NAME |
Name of the Target |
TARGET_TYPE |
Target Type of the Target |
TARTGET_TYPE_INAME |
Internal representation of the Target Type |
CRIT_EVALS |
Number of Critical-level Evaluations |
WARN_EVALS |
Number of Warning-level Evaluations |
COMPLIANT_EVALS |
Number of Compliant Evaluations |
CRIT_VIOLATIONS |
Number of Critical-level Violations |
WARN_VIOLATIONS |
Number of Warning-level Violations |
MWARN_VIOLATIONS |
Number of Minor Warning-level Violations |
COMPLIANCE_SCORE |
Current Compliance Score for the target |
View: mgmt$compliance_summary
Description: This view returns all evaluation and violation details for Compliance Standards and Frameworks. This is the same data that is shown in the Compliance Summary dashboard regions for Standards and Frameworks.
Fields:
Field | Description |
---|---|
ELEMENT_NAME |
Display name of the Compliance Standard or Compliance Framework |
ELEMENT_ID |
Internal ID of the compliance standard or compliance framework |
FRAMEWORK_ID |
Internal ID of the Compliance Framework |
CRIT_EVALS |
Number of Critical-level Evaluations |
WARN_EVALS |
Number of Warning-level Evaluations |
COMPLIANT_EVALS |
Number of Compliant Evaluations |
CRIT_VIOLATIONS |
Number of Critical-level Violations |
WARN_VIOLATIONS |
Number of Warning-level Violations |
MWARN_VIOLATIONS |
Number of Minor Warning-level Violations |
COMPLIANCE_SCORE |
Current compliance score for the standard or framework |
NON_COMPLIANT_SCORE |
Current non-compliant score for the standard or framework |
ELEMENT_TYPE |
Type of element (1=Compliance Standard, 4=Compliance Framework) |
AUTHOR |
Author of the standard or framework |
VERSION |
Version of the standard or framework |
ELEMENT_INAME |
Internal representation of the standard or framework |
View: mgmt$compliance_trend
Description: This view returns the last 31 days compliance trend information for compliance frameworks and standards. This is the same data that is shown in the Compliance Summary dashboard trend regions for Standards and Frameworks.
Fields:
Field | Description |
---|---|
ELEMENT_ID |
Internal ID representation of the standard or framework |
FRAMEWORK_ID |
Internal ID representation of the compliance framework |
ELEMENT_NAME |
Display name of the Compliance Standard or Compliance Framework |
ELEMENT_INAME |
Internal representation of the standard or framework |
AVG_COMPLIANCE_SCORE |
Average compliance score over last 31 days |
DAILY_AVG_VIOLATIONS |
Average number of violations per day over last 31 days |
SNAPSHOT_TS |
The snapshot timestamp |
TOTAL_EVALS |
Total evaluations over last 31 days |
ELEMENT_TYPE |
Type of element (1=Compliance Standard, 4=Compliance Framework) |