technical reference guide - ibm€¦ · technical reference guide version 2.0, ... command and...

®

Technical ReferenceGuide

Version 2.0, Service Pack 5

Internet Security Systems, Inc.6303 Barfield RoadAtlanta, Georgia 30328-4233United States(404) 236-2600http://www.iss.net

© Internet Security Systems, Inc. 1994-2005. All rights reserved worldwide. Customers may make reasonable numbers of copies of this publication for internal use only. This publication may not otherwise be copied or reproduced, in whole or in part, by any other person or entity without the express prior written consent of Internet Security Systems, Inc.

Patent pending.

Internet Security Systems, System Scanner, Wireless Scanner, SiteProtector, ADDME, AlertCon, ActiveAlert, FireCell, FlexCheck, Secure Steps, SecurePartner, SecureU, and X-Press Update are trademarks and service marks, and the Internet Security Systems logo, X-Force, SAFEsuite, Internet Scanner, Database Scanner, Online Scanner, Proventia, and RealSecure registered trademarks, of Internet Security Systems, Inc. Network ICE, ICEpac, and ICEcap are trademarks, and BlackICE is a licensed trademark, of Network ICE Corporation, a wholly owned subsidiary of Internet Security Systems, Inc. SilentRunner is a registered trademark of Raytheon Company. Acrobat and Adobe are registered trademarks of Adobe Systems Incorporated. Certicom is a trademark and Security Builder is a registered trademark of Certicom Corp. Check Point, FireWall-1, OPSEC, Provider-1, and VPN-1 are registered trademarks of Check Point Software Technologies Ltd. or its affiliates. Cisco and Cisco IOS are registered trademarks of Cisco Systems, Inc. HP-UX and OpenView are registered trademarks of Hewlett-Packard Company. IBM and AIX are registered trademarks of IBM Corporation. Intel and Pentium are registered trademarks of Intel. Lucent is a trademark of Lucent Technologies, Inc. ActiveX, Microsoft, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation. Net8, Oracle, Oracle8, SQL*Loader, and SQL*Plus are trademarks or registered trademarks of Oracle Corporation. Seagate Crystal Reports, Seagate Info, Seagate, Seagate Software, and the Seagate logo are trademarks or registered trademarks of Seagate Software Holdings, Inc. and/or Seagate Technology, Inc. Secure Shell and SSH are trademarks or registered trademarks of SSH Communications Security. iplanet, Sun, Sun Microsystems, the Sun Logo, Netra, SHIELD, Solaris, SPARC, and UltraSPARC are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Adaptive Server, SQL, SQL Server, and Sybase are trademarks of Sybase, Inc., its affiliates and licensers. Tivoli is a registered trademark of Tivoli Systems Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. All other trademarks are the property of their respective owners and are used here in an editorial context without intent of infringement. Specifications are subject to change without notice.

Disclaimer: The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than ISS or the X-Force. Use of this information constitutes acceptance for use in an “AS IS” condition, without warranties of any kind, and any use of this information is at the user’s own risk. ISS and the X-Force disclaim all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall ISS or the X-Force be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if ISS or the X-Force has been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Internet Security Systems, Inc. The views and opinions of authors expressed herein do not necessarily state or reflect those of Internet Security Systems, Inc., and shall not be used for advertising or product endorsement purposes.

Links and addresses to Internet resources are inspected thoroughly prior to release, but the ever-changing nature of the Internet prevents Internet Security Systems from guaranteeing the content or existence of the resource. When possible, the reference contains alternate sites or keywords that could be used to acquire the information by other methods. If you find a broken or inappropriate link, please send an email with the topic name, link, and its behavior to [email protected].

December 08, 2004

http://www.iss.net

mailto:[email protected]

Contents

Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vHow to use SiteProtector Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viConventions Used in this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiGetting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

Chapter 1: Diagnostic and Debugging SetupOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Running the Sensor Controller as a Java Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Setting up Run-time Logging for the Sensor Controller Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Setting up Run-Time Logging for the Application Server Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Chapter 2: Log File DiagnosticsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Section A: Miscellaneous Logging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Application Server Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Database Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Installation Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23X-Press Update Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Active Directory Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Section B: Log4j Logging Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Log4j Application Server and Sensor Controller Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Changing Log4j Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Section C: Sensor Controller Logging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Sensor Controller Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Sensor Controller SiteProtector Database Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Sensor Controller SiteProtector Core Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Sensor Controller Event Collector Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Sensor Controller Agent Manager Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Sensor Controller Internet Scanner Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Sensor Controller Internet Scanner Databridge Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Sensor Controller A-Series Appliance Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Sensor Controller G-Series Appliance Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Sensor Controller RealSecure Network Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Sensor Controller RealSecure Network Gigabit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Sensor Controller Server Sensor Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Sensor Controller SiteProtector Third Party Module Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Section D: Agent Manager Logging Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Agent Manager Desktop Protection Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Desktop Controller M-Series Appliance Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

iiiTechnical Reference Guide Version 2.0, SP5

Contents

Appendix A: Database SchemaOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Application Security Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Auditing and Diagnostics Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Command and Control Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Grouping Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57ITRSO Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Metrics Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Sensor Data Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Site Analysis Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Site Filters Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Staging and Rejects Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Statistics Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64X-Force Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Complete Database Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

iv

Preface

Overview

Introduction The SiteProtector Technical Reference Guide describes the diagnostic capabilities of SiteProtector, and also gives recommendations for some of the issues you may encounter as you use SiteProtector.

Scope The Technical Reference Guide contains information about diagnostic and debugging setup, log files, and database schematics. Chapter one explains the options for setting up the Sensor Controller Diagnostics console and how to activate run-time debugging for the sensor controller and the application server. Chapter two includes most of the SiteProtector log files, which can help you identify and correct problems with components or agents. Although the chapter is not a comprehensive list of all SiteProtector log files, it contains those files that will most likely be of use for your implementation. The Appendix contains the SiteProtector database schematics.

Audience This guide is for network administrators, security administrators, or any other individuals who are responsible for installing SiteProtector and managing network security.

vTechnical Reference Guide Version 2.0, SP5

Preface

How to Use SiteProtector Documentation

Using this guide This guide includes some of the issues that you may encounter when working with SiteProtector, but it is not a troubleshooting guide.

Reference: For the most up-to-date list of SiteProtector issues, see the ISS Knowledgebase at http://www.iss.net/support/knowledgebase/. If the Knowledgebase does not help you resolve your issue, email ISS Customer Support at [email protected] or call ISS Customer Support at (1) (888) 447-4861.

Related publications The following table describes other SiteProtector user documents:

Document Contents

SiteProtector Installation Guide

Provides the tasks for installing SiteProtector components and optional modules. It includes information about advanced configuration tasks such as hardening third-party software security, securing database communication, configuring firewalls for SiteProtector traffic, and configuring failover Event Collectors.

SiteProtector Best Practices Guide

Contains the following:

• combines the various contexts of each ISS product (Internet Scanner, Network sensor, Server, System Scanner, BlackICE agents) into a unified protection strategy

• shows security professionals how to deploy ISS products, maintain protection, and tune, expand and update their protection over time using security best practices

• simplifies the process of planning and assessment by providing four protection models that managers can easily tailor to their environment

• presents information that is high level and modular enough to accommodate product changes without significant maintenance

SiteProtector Help Contains all the procedures that you need to use SiteProtector, including advanced procedures that may not be available in a printed user document.

SiteProtector User Guide for Security Managers

Contains the information a Security Manager needs to configure, update, and maintain SiteProtector.

Table 1: Description of SiteProtector user documents

vi

http://www.iss.net/support/knowledgebase/

http://www.iss.net/support/knowledgebase/

Conventions Used in this Guide

Conventions Used in this Guide

Introduction This topic explains the typographic conventions used in this guide to make information in procedures and commands easier to recognize.

In procedures The typographic conventions used in procedures are shown in the following table:

Command conventions

The typographic conventions used for command lines are shown in the following table:

Convention What it Indicates Examples

Bold An element on the graphical user interface.

Type the computer’s address in the IP Address box.Select the Print check box. Click OK.

SMALL CAPS A key on the keyboard. Press ENTER.Press the PLUS SIGN (+).

Constant width

A file name, folder name, path name, or other information that you must type exactly as shown.

Save the User.txt file in the Addresses folder.Type IUSR__SMA in the Username box.

Constant width italic

A file name, folder name, path name, or other information that you must supply.

Type Version number in the Identification information box.

A sequence of commands from the taskbar or menu bar.

From the taskbar, select Start Run.On the File menu, select Utilities Compare Documents.

Table 2: Typographic conventions for procedures

Convention What it Indicates Examples

Constant width bold

Information to type in exactly as shown.

md ISS

Italic Information that varies according to your circumstances.

md your_folder_name

[ ] Optional information. dir [drive:][path] [filename] [/P][/W] [/D]

| Two mutually exclusive choices.

verify [ON|OFF]

{ } A set of choices from which you must choose one.

% chmod {u g o a}=[r][w][x] file

Table 3: Typographic conventions for commands

viiTechnical Reference Guide Version 2.0, SP5

Preface

Getting Technical Support

Introduction ISS provides technical support through its Web site and by email or telephone.

The ISS Web site The Internet Security Systems (ISS) Resource Center Web site (http://www.iss.net/support/) provides direct access to frequently asked questions (FAQs), white papers, online user documentation, current versions listings, detailed product literature, and the Technical Support Knowledgebase (http://www.iss.net/support/knowledgebase/).

Support levels ISS offers three levels of support:

● Standard

● Select

● Premium

Each level provides you with 24-7 telephone and electronic support. Select and Premium services provide more features and benefits than the Standard service. Contact Client Services at [email protected] if you do not know the level of support your organization has selected.

Hours of support The following table provides hours for Technical Support at the Americas and other locations:

Contact information The following table provides electronic support information and telephone numbers for technical support requests:

Location Hours

Americas 24 hours a day

All other locations

Monday through Friday, 9:00 A.M. to 6:00 P.M. during their local time, excluding ISS published holidays

Note: If your local support office is located outside the Americas, you may call or send an email to the Americas office for help during off-hours.

Table 4: Hours for technical support

Regional Office

Electronic Support Telephone Number

North America Connect to the MYISS section of our Web site:

www.iss.net

Standard:(1) (888) 447-4861 (toll free)

(1) (404) 236-2700

Select and Premium:Refer to your Welcome Kit or call your Primary Designated Contact for this information.

Latin America [email protected] (1) (888) 447-4861 (toll free)

(1) (404) 236-2700

Table 5: Contact information for technical support

viii

http://www.iss.net/support/

http://www.iss.net/support/

http://www.iss.net/support/knowledgebase


http://www.iss.net


Getting Technical Support

Europe, Middle East, and Africa

[email protected] (44) (1753) 845105

Asia-Pacific, Australia, and the Philippines

[email protected] (1) (888) 447-4861 (toll free)

(1) (404) 236-2700

Japan [email protected] Domestic: (81) (3) 5740-4065

Regional Office

Electronic Support Telephone Number

Table 5: Contact information for technical support (Continued)

ixTechnical Reference Guide Version 2.0, SP5




Preface

x

Chapter 1

Diagnostic and Debugging Setup

Overview

Introduction This chapter explains the options for setting up the Sensor Controller Diagnostics console and how to activate run-time debugging for the sensor controller and the application server.

Options for running the sensor controller

By default, the sensor controller runs as a service without the Sensor Controller Diagnostics console. When you run the Sensor Controller Diagnostics console, you can run the sensor controller either as a service or as a Java application.

● If you are only logging agent data, you can use either method.

● If you are unable to start the sensor controller as a service, you can start it as a Java application. Starting the sensor controller as a Java application is also quicker.

Log information For information about the debug logs for the sensor controller and the application server, see the following:

● “Changing Log4j Logging Levels” on page 29

● “Log4j Application Server and Sensor Controller Logs” on page 28

Where to find the Sensor Controller Diagnostics console

The Sensor Controller Diagnostics console is installed with the sensor controller and the application server. The instructions for setting up the Sensor Controller Diagnostics console reference the default installation paths. If you installed SiteProtector components to other paths, you must use those instead.

In this chapter This chapter contains the following topics:

Section Page

Running the Sensor Controller as a Java Application 2

Setting up Run-time Logging for the Sensor Controller Service 3

Setting up Run-Time Logging for the Application Server Service 5

1Technical Reference Guide Version 2.0, SP5

Chapter 1: Diagnostic and Debugging Setup

Running the Sensor Controller as a Java Application

Introduction When you run the sensor controller as a Java application, you start the Sensor Controller Diagnostics console and the run-time debug log together from a command prompt window.

Note: When you set up the Sensor Controller Diagnostics console, you also activate the run-time debug logs for the sensor controller.

Procedure To run the sensor controller as a Java application:

1. Access the Services utility on your computer.

2. Select the SiteProtector Sensor Controller service, and then click Stop.

3. Access the Command Prompt.

4. Change directories to \Program Files\ISS\RealSecure SiteProtector\Application Server\bin.

5. Type ccengine –debug, and then press ENTER.

Logging information is displayed, and the Sensor Controller Diagnostics console appears.

2

Setting up Run-time Logging for the Sensor Controller Service

Setting up Run-time Logging for the Sensor Controller Service

Introduction When you use the Sensor Controller Diagnostics console with the sensor controller as a service, the run-time debug log appears in a separate Command Prompt window.

Process overview Starting the Sensor Controller Diagnostics console with the Sensor Controller Service is a four-task process:

Procedure To start run-time logging with the sensor controller as a service:

1. Click Start on the taskbar, and then select Settings Control Panel.

2. Double-click the Administrative Tools icon, and then double-click the Services icon.

3. Select RealSecure SiteProtector Sensor Controller Service, and then click Stop.

4. Right-click RealSecure SiteProtector Sensor Controller Service, and then select Properties from the pop-up menu.

5. Select the Log On tab, select the Allow service to interact with desktop check box, and then click OK.

Tip: Do not close the Services window.

6. Select Start on the taskbar, and then select Run.

7. Type regedit, and then press ENTER.

The Registry Editor appears.

8. In the left pane, select HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services issSPSenCtlService Parameters.

9. In the right pane, double-click ConsoleTrace, type Y in the Value data box, and then click OK.

10. In Services, select RealSecure SiteProtector Sensor Controller Service, and then click Start.

11. Access the Services utility on your computer.

12. Select the RealSecure SiteProtector Sensor Controller Service, and then click Stop.

13. Access the Command Prompt.

Task Description

1. Stop the Sensor Controller Service

Use the Services Administrative Tool to stop the RealSecure SiteProtector Sensor Controller Service.

2. Edit the properties of the service

From the Log On tab, select the Allow service to interact with desktop check box.

3. Change the registry setting Change the setting of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\issSPSenCtlService\Parameters\ConsoleTrace registry key from N to Y.

4. Change directories From the Command Prompt, change directories to \Program Files\ISS\RealSecure SiteProtector\Application Server\bin, and then run the ccengine -debug command.

Table 6: Starting the Sensor Controller Diagnostics console



14. Change directories to \Program Files\ISS\RealSecure SiteProtector\Application Server\bin.

15. Type ccengine –debug, and then press ENTER.

16. Logging information is displayed, and the Sensor Controller Diagnostics console appears.

4

Setting up Run-Time Logging for the Application Server Service

Setting up Run-Time Logging for the Application Server Service

Introduction When you enable run-time logging for the application server, it continues to run as a service. The run-time logging information appears in a separate Command Prompt window.

Procedure To set up run-time logging for the application server:

1. Click Start on the taskbar, and then select Settings Control Panel.

2. Double-click the Administrative Tools icon, and then double-click the Services icon.

3. Select RealSecure SiteProtector Application Server, and then click Stop.

4. Right-click RealSecure SiteProtector Application Server, and then select Properties from the pop-up menu.

5. Select the Log On tab, select the Allow service to interact with desktop check box, and then click OK.

Tip: Do not close the Services window.

6. Click Start on the taskbar, and then select Run.

7. Type regedit, and then press ENTER.

The Registry Editor appears.

8. In the left pane, select HKEY_LOCAL_MACHINE SYSTEMCurrentControlSet Services issSPAppService Parameters.

9. In the right pane, double-click ConsoleTrace, type Y in the Value data box, and then click OK.

10. In Services, select RealSecure SiteProtector Application Server, and then click Start.



6

Chapter 2

Log File Diagnostics

Overview

Introduction Log files can help you identify and correct problems with components or agents. This chapter provides the following types of information:

● the path of the file

● file contents

● how to change logging levels

● how to view the log

Viewing logs Most log files are text files that you can open with a standard text file editor. If a different method is needed for a particular log file, it is explained with the description of that log.

Important: Be sure to use a text editor that can handle large files.

In this chapter This chapter contains the following sections:

Topic Page

Miscellaneous Logging Information 19

Log4j Logging Information 27

Sensor Controller Logging Information 31

Agent Manager Logging Information 47


Chapter 2: Log File Diagnostics

18

SECTION A: Miscellaneous Logging Information

Overview

Introduction This section gives logging information related to various SiteProtector processes and components.

In this section This section contains the following topics:

Topic Page

Application Server Logs 20

Database Logs 22

Installation Logs 23

X-Press Update Logs 25

Active Directory Logs 26



Application Server Logs

Introduction This topic describes the log and configuration files that the application server uses:

● application server log files

● issDaemon logs

How log files are created on the application server

When you issue a command that displays or modifies a property, response, or policy file for an agent or core component, SiteProtector sends log files to the computer where the application server is running.

Location of application server logs

The path of the application server log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\AppServer.

Setting logging levels

The logging level determines the type and amount of system information that SiteProtector stores. To set logging levels for the application server logs:

● In the Sensor Controller Diagnostics console, right-click the SiteProtector Core component in the Sensor window.

Important: The application server does not use dynamic logging, so changes to the logging levels do not take effect until you restart the Application Server service.

Characteristics of application server logs

The following characteristics apply to all application server log files:

● The system overwrites a log file each time you restart the sensor controller.

● The amount of detail collected depends on the current trace level.

Note: The log files can quickly become very large when the logging level is high.

Description of log files

Table 7 describes the application server logs:

Location of issDaemon logs

Logging information is available for each issDaemon with which the application server communicates. The path is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]

Note: The issDaemon log files are always available regardless of the trace level.

File name Description

Issdk.txt Logs high-level activity detailing application server interaction with all issDaemons

IssdkComm.txt Logs low-level communication activity between the application server and issDaemons

IssdkInterface.txt Logs low-level application server activity

Table 7: Application Server logs

20

Application Server Logs


Table 8 describes the issDaemon log files:

File Name Description

[email protected] Copy of iss.access located at specified IP address

[email protected] Copy of common.policy located at specified IP address

[email protected] Copy of issDaemon.policy located at specified IP address

Table 8: issDaemon and application server communication logs



Database Logs

Introduction Database log information, such as errors, number of rows loaded, number of rows rejected, and reasons for rows rejected, is logged to the messagelog table in the SiteProtector database.

Viewing database logs

Use Microsoft SQL Server Enterprise Manager or Query Analyzer to view the messagelog table.

Default logging level The default logging level is set to Warnings. This level logs a limited set of significant events.

Changing the logging level

You can use the Sensor Details feature in the SiteProtector Console to change the logging level.

Recommendations for increased logging detail

Increasing the logging levels for an extended period of time can quickly fill the database. Use the following recommendations when increasing logging detail:

● Increase the logging levels (i.e., set the logging level to Full) for short intervals as needed to gather detailed information.

● Reset the trace level to Warnings after you finish collecting detailed information.

Truncate this table after extended debugging, as well as during normal tracing, if the table becomes too large.

22

Installation Logs

Installation Logs

Introduction The SiteProtector installation process generates a log file for each SiteProtector component you install. It also creates a detailed log file for each bulk copy of data loaded into a particular table on the SiteProtector database. The log files contain a line of text for each action taking place.

Location of log files Table 9 provides the path of the log files on the computer where each component is installed:

Log files created during installation

The log files created during installation depend on the type of installation (Basic or Custom). Table 10 contains the installation log files that may be generated during installation:

Log Files Folder

Component log files for installation \temp\iss

SiteProtector database table bulk copy log files

\temp\iss\bulk copy logs

Table 9: Location of general and SiteProtector database log files

This log file... Is created by...

Application_Server_Setup_Log.txt Application Server installation

Console_Setup_Log.txt Console installation

Site_Database_Setup_Log.txt Database installation

Event_Collector_Setup_Log.txt Event Collector installation

Desktop_Controller_Setup_Log.txt Desktop Controller installation

Deployment_Manager_setup_log.txt Deployment Manager installation

DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for a Basic installation from CD

DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for a Basic installation

DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for installation of the Console

DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for part 1 of the Custom installation

DMInstallAgent_YYYYMMDD_HHMMSS.txt DMInstallAgent program for part 2 of the Custom installation

All_Components_Log.txt User clicking Yes to the “Do you want to view the log file?” prompt on the message box.

Table 10: Log files that may be created at installation



Component log files for uninstallation

Log files are always created when you uninstall SiteProtector. The names of the log files are the same as those created during installation, but the contents are overwritten with the uninstallation process information if the original log files still exist.

Note: If error or warning messages occur during the installation process, and you want to save these messages for troubleshooting purposes, then rename the log files before you uninstall the application.

Viewing the component log files

If an error or warning occurs during the installation or uninstallation process in normal mode, the View Log File check box on the Finish window at the end of the process will be checked by default. This enables you to easily view the log file contents to determine the reason for the error or warning.

To view the component installation logs:

1. Click OK on the Finish window.

The Finish window closes and Notepad opens, displaying the contents of the installation/uninstallation log file.

2. View the errors and/or warnings in the log file to determine how to resolve the problem.

SiteProtector database table bulk copy log files

Approximately 50 pairs of log files are generated for each bulk copy that is created and populated for the SiteProtector database. Table 11 describes those pairs of log files:

Note: Statistics for the number of rows copied for every bulk copy file that was installed or uninstalled are included in the Enterprise_Database_Setup_Log.txt file. This file provides a single source for you to quickly determine which error messages or warnings have occurred.

Table Name Description

tablename_ Table_BulkCopy_Log.txt

Statistics related to bulk copy process used to create the database table (e.g., source, destination, number of rows copied, duration)

tablename_Table_BulkCopy_ErrorLog.txt

File is empty unless errors have occurred

Table 11: SiteProtector database log descriptions

24

X-Press Update Logs

X-Press Update Logs

Introduction You can generate log files to track the details of X-Press Update (XPU) activities for the application server and the sensor controller.

Contents of the log The X-Press Update log file contains details of X-Press Update downloading activity and the overall X-Press Update status.

● This high-level log file contains details about XPU activity.

● The file is overwritten each time the application server or the sensor controller restarts.

● The amount of detail depends on current trace level.

Note: This file can quickly become large when logging level is high.

Location of log files Table 12 provides the paths of the X-Press Update log files:

Setting the X-Press Update logging level

To change the logging level for the X-Press Update log file:

1. On the Options menu, select XPU Logging Level.

2. Select the logging level you want to use.

Component X-Press Update log file path and name

application server \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\AppServer\Xpu.txt

sensor controller \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Xpu.txt

Table 12: X-Press Update log file locations



Active Directory Logs

Introduction The SiteProtector application generates Active Directory log files that can give you information about specific jobs and help you troubleshoot issues with your SiteProtector Active Directory listing.

Location of log files You can find the Active Directory log files in the following location:

\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\SP [email protected]\Job_job number

Note: If you are using the Custom Installation, the Active Directory log files are located on your application server.


Table 13 provides the names and descriptions of the Active Directory log files:

Setting the Active Directory logging level

The Active Directory Update job sets its logging level from the SiteProtector Core logging level. To set the Active Directory logging level:

1. On the Sensors tab, right-click SiteProtector Core, and then select SiteProtector Core Edit Properties from the pop-up menu.

The SiteProtector Core Properties window opens.

2. Click Advanced.

The Advanced SiteProtector Core Properties window appears.

3. In the Set sensor controller trace level drop-down list, select the logging level you want.

4. Click OK.

5. Click OK.

Log file name Description

warnings.csv • lists hosts that were not added to the SiteProtector Active Directory listing

• provides information about why a host was not added to the SiteProtector Active Directory listing

• generated only when logging is set to Warn or higher

JobLog.txt • lists system-related information

• generated with any logging level, except None

• generated when a system error occurs

Table 13: Active Directory log file locations

26

SECTION B: Log4j Logging Information

Overview

Introduction This section provides log4j logging information, and also gives information about using the log4j tool to set logging levels.


Topic Page

Log4j Application Server and Sensor Controller Logs 28

Changing Log4j Logging Levels 29



Log4j Application Server and Sensor Controller Logs

Introduction You can view the application server and sensor controller log4j logs in the following ways:

● as a text file in a standard text editor

● in the Windows 2000 Event Viewer Application Log

● in a run-time debug log on a Command Prompt window

Location of log files Table 14 provides the paths of the run-time logs on the computer that hosts the application server and sensor controller.

Viewing from a text file

To view the log:

● Open the log file for application server (app_server.log) or the sensor controller (sensor_ctl.log) with any text file editor that can edit large files.

Viewing from the event viewer

Events generated by the application server and the sensor controller are logged to the Application Log in the Windows 2000 Event Viewer. The Source names for the events are issSPAppService and issSPSenCtlService.

To view the events from the Windows 2000 Event Viewer Application Log:

1. Click Start on the taskbar, and then select Programs Administrative Tools.

2. Double-click the Event Viewer icon.

3. In the left pane, select the application log.

4. In the right pane of the Source column, look for issSPAppService and issSPSenCtlService.

Tip: Click the Source column to sort the list.

Viewing run-time debug logs

To view run-time debug log:

● Locate the Command Prompt window that contains the debug log.

Important: You must first configure the application server and the sensor controller to enable run-time logging.

Component Properties File Path and File Name

Application server \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\app_server.time_stamp.log

Sensor controller \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\sensor_ctl.time_stamp.log

Table 14: Log4j log file locations

28

Changing Log4j Logging Levels

Changing Log4j Logging Levels

Introduction This topic describes logging levels for log4j logs. These logging levels are separate and distinct from the logging levels on the Sensor Controller Diagnostics console’s Set Logging Level menu.

Note: Methods for viewing the log4j logs are explained in “Log4j Application Server and Sensor Controller Logs” on page 28.

Logging levels The log4j tool provides five priority levels of logging detail. (See non-ISS documentation at http://jakarta.apache.org/log4j/docs/manual.html.) The default logging level is set to fatal, which only logs very serious errors.

Priority levels, in decreasing order of logging detail, are as follows:

● DEBUG

● INFO

● WARN

● ERROR

● FATAL

Recommendations for logging detail

Increasing the logging levels for an extended period of time can quickly fill the log file. Follow these recommendations when increasing logging detail:

● Increase the logging levels for short intervals as needed to gather detailed information.

● Delete the log files at any time, as they can quickly become large.

■ Delete the app_server.log, and then restart the application server.

■ Delete the sensor_ctl.log, and then restart the sensor controller.

● Check the log4j documentation for procedures that automatically roll the logs into manageable sizes.

Where the logging level is set

The logging level is set in a properties file for each component. The properties file path and file name for the application server are as follows:

\Program Files\ISS\RealSecure SiteProtector\Application Server\config\log.properties

Important: The file must be present before any logging takes place.

Changing the logging level

To change the logging level:

1. In Notepad or an equivalent text editor, open the properties file for the application server (log.properties).

2. Find the line that contains the following:

log4j.rootLogger=logging_level

Note: The logging_level value is one of the five possible logging levels.


http://jakarta.apache.org/log4j/docs/manual.html

http://jakarta.apache.org/log4j/docs/manual.html


3. Replace the logging level with another available logging level.

Example: Change the logging level from FATAL to DEBUG.

4. Save the file.

Note: You must restart the application server before the logging change takes effect.

30

SECTION C: Sensor Controller Logging Information

Overview

Introduction This section lists SiteProtector logging information for components that are managed with the sensor controller.


Topic Page

Sensor Controller Logs 32

Sensor Controller SiteProtector Database Logs 33

Sensor Controller SiteProtector Core Logs 34

Sensor Controller Event Collector Logs 35

Sensor Controller Agent Manager Logs 37

Sensor Controller Internet Scanner Logs 39

Sensor Controller Internet Scanner Databridge Logs 40

Sensor Controller A-Series Appliance Logs 41

Sensor Controller G-Series Appliance Logs 42

Sensor Controller RealSecure Network Logs 43

Sensor Controller RealSecure Network Gigabit Logs 44

Sensor Controller Server Sensor Logs 45

Sensor Controller SiteProtector Third Party Module Logs 46



Sensor Controller Logs

Introduction This topic introduces log and configuration files that the sensor controller uses:

● the log files for the sensor controller

● the configuration and log files for the agents and SiteProtector components with which the sensor controller communicates

How sensor controller logging works

When you issue a command that displays or modifies a property, response, or policy file for an agent or core component, SiteProtector sends log files to the computer where the sensor controller is running.

Location of log files The path of the files is as follows:

Program Files\ISS\RealSecure SiteProtector\Application Server\temp

Dynamic logging levels

Changes to the logging levels are dynamic. You do not have to restart the sensor controller service for the changes to go into effect.

Common characteristics

The following common characteristics apply to all sensor controller log files:

● The log file is overwritten each time you restart the sensor controller, but only if the logging level is not full. If the logging level is full, then SiteProtector appends the file.

● The amount of detail collected depends on current trace level.

Note: The log files can quickly become large when the logging level is high.


Table 15 describes the log files for the sensor controller:

Changing logging levels for agents

To change the logging levels:

1. In the Sensors window, right-click the agent, and then select Details from the pop-up menu.

2. Select the desired logging level in the Sets new sensor logging level drop-down list.

3. Click OK.

Log File Name Description

Issdk.txt Logs high-level activity detailing sensor controller interaction with all agents and core components

IssdkComm.txt Logs low-level communication activity between the sensor controller and agents

IssdkInterface.txt Logs low-level sensor controller activity

Table 15: Sensor controller dynamic log files

32

Sensor Controller SiteProtector Database Logs

Sensor Controller SiteProtector Database Logs

Introduction The SiteProtector database files contain information related to the SiteProtector database located at the given IP address. The path of the log file is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Site Protector [email protected].

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the SiteProtector database is:

\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Site Protector [email protected]\Job_job_number


Table 16 describes the SiteProtector database log file:


Site Protector [email protected]

• low-level log file detailing sensor controller interaction with SiteProtector database component (i.e., XPU activity)

• overwritten each time sensor controller restarts

• amount of detail depends on current logging level

Table 16: SiteProtector database log files



Sensor Controller SiteProtector Core Logs

Introduction The SiteProtector Core log files contain information related to the sensor controller located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp.

Note: If the trace level is set to 0 and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the SiteProtector Core is:

\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\sensor_ctl.time_stamp.log


4. Table 17 describes the SiteProtector Core log files


sensor_ctl.time_stamp.log • generated file containing runtime debug information

• overwritten each time sensor controller service restarts


Table 17: SiteProtector Core log files

34

Sensor Controller Event Collector Logs

Sensor Controller Event Collector Logs

Introduction The default path of configuration files for the event collector at the given IP address is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The default installation path of the event collector is \Program Files\ISS\RealSecure SiteProtector\Event Collector.

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the event collector is:

\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]\Job_job_number


Table 18 describes the event collector log files:

Log File Names Description

EventCollector_ [email protected]

• copy of common.policy located at specified IP address

• always available

• independent of logging level


• copy of issDaemon.policy located at specified IP address




• copy of current.policy located at specified IP address




• copy of ec_status.policy (located at specified IP address) that details the Event Collector control list and status information




• generated file containing runtime configuration information

• overwritten each time sensor controller restarts but is independent of logging level


• cached file of user modifications to properties


Table 18: Event collector log files




• generated file containing runtime debug information detailing interaction between sensor controller and event collector




Table 18: Event collector log files (Continued)

36

Sensor Controller Agent Manager Logs

Sensor Controller Agent Manager Logs

Introduction The default path of configuration files for the Agent Manager (formerly Desktop Controller) at the given IP address is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The default installation path of the Agent Manager is \Program Files\ISS\RealSecure SiteProtector\Desktop Controller.

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the Desktop Controller is:

\Program Files\ISS\RealSecure SiteProtector\Desktop Controller\Job_job_number


Table 19 describes the Agent Manager log files:


DesktopController_ [email protected]

• copy of common.policy located at specified IP address




• copy of issDaemon.policy located at specified IP address








• copy of the Agent Manager status policy file (located at specified IP address) that details the Agent Manager control list and status information






[email protected]



Table 19: Agent Manager log files




• generated file containing runtime debug information detailing interaction between sensor controller and Agent Manager




Table 19: Agent Manager log files (Continued)

38

Sensor Controller Internet Scanner Logs

Sensor Controller Internet Scanner Logs

Introduction The path of the configuration and log files for the Internet Scanner located at the given IP address is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The default installation path for Internet Scanner 6.2.1 is \Program Files\ISS\Scanner6. The default installation path for Internet Scanner 7.0 is \Program Files\ISS\issSensors\Scanner_1.

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the Internet Scanner is:

Location of Internet Scanner job-specific log files

The path of the log files related to specific jobs for Internet Scanner is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The files are located in subfolders according to the job name. By default, the path for Internet Scanner 6.2.1 configuration files is \Program Files\ISS\Scanner6 on the computer the Internet Scanner is hosted. The general form is as follows:

● Job_x – folder containing files related to job number “x”

Note: Internet Scanner 7.0 does not use files with the .cfg extension. However, Internet Scanner 7.0 log files are located by default in \Program Files\ISS\issSensors\scanner_1\log.

Description of Internet Scanner job-specific log files

Table 21 describes the job-specific log files:

Version Path

6.2.1 \Program Files\ISS\Scanner6\Job_job_number

7.0 \Program Files\ISS\Scanner_1\log\Job_job_number>

Table 20: Location of Internet Scanner logs


hosts.hst IP range of hosts to be scanned

iss.key license key that limits IP range that can be scanned

*.policy policy file used by Internet Scanner during scan (e.g., L1 Inventory.policy)

Table 21: Internet Scanner job-specific log files



Sensor Controller Internet Scanner Databridge Logs

Introduction The path of the log files for the Internet Scanner Databridge at the given IP address is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected]. The default installation path for the Internet Scanner Databridge is \Program Files\ISS\issSensors\Internet_Scanner_DataBridge.

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the Internet Scanner Databridge is:

\Program Files\ISS\issSensors\Internet_Scanner_DataBridge\Job_job_number


Table 22 describes the Internet Scanner Databridge log files:

File Names Description

[email protected]




[email protected]


• overwritten each time sensor controller restarts, but independent of logging level

[email protected]



[email protected]

• generated file containing runtime debug information detailing interaction between sensor controller and Internet Scanner Databridge



Table 22: Internet Scanner Databridge log files

40

Sensor Controller A-Series Appliance Logs

Sensor Controller A-Series Appliance Logs

Introduction The A-Series appliance log files contain information related to the A-Series appliance located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the A-Series appliance is:

\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Proventia_Amodel_number\Job_job_number


Table 23 describes the A-Series appliance log files:


[email protected]




[email protected]



[email protected]



[email protected]

• generated file containing runtime debug information



Table 23: A-Series appliance log files



Sensor Controller G-Series Appliance Logs

Introduction The G-Series appliance log files contain information related to the G-Series appliance located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the G-Series appliance is:

\Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\Proventia_Gmodel_number\Job_job_number


Table 24 describes the G-Series appliance log files:


[email protected]




[email protected]



[email protected]



[email protected]

• generated file containing runtime debug information



Table 24: G-Series appliance log files

42

Sensor Controller RealSecure Network Logs

Sensor Controller RealSecure Network Logs

Introduction The RealSecure Network log files contain information related to the RealSecure Network agent located at the given IP address. The path of the log files is \ProgramFiles\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the RealSecure Network agent is:



Table 25 describes the RealSecure Network agent log files:

Note: All logging is saved for successful jobs, unless the logging level is turned off.


[email protected]




[email protected]



[email protected]



[email protected]

• generated file containing runtime debug information detailing interaction between sensor controller and network sensor



Table 25: RealSecure Network agent log files



Sensor Controller RealSecure Network Gigabit Logs

Introduction The RealSecure Network Gigabit log files contain information related to the RealSecure Network Gigabit agent located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the RealSecure Network Gigabit is:



Table 26 describes the RealSecure Network Gigabit log files:


[email protected]




[email protected]



[email protected]



[email protected]

• generated file containing runtime debug information detailing interaction between sensor controller and network sensor



Table 26: RealSecure Network Gigabit log files

44

Sensor Controller Server Sensor Logs

Sensor Controller Server Sensor Logs

Introduction The Server Sensor log files contain information related to the Server Sensor located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Application Server\temp\Sensor Controller\[email protected].

Note: If the trace level is set to 0, and the job is completed, then the system deletes the Job folder. Otherwise, the default location of command job log files for the RealSecure Server Sensor is:



Table 27 describes the Server Sensor log files:


[email protected]




[email protected]



[email protected]



[email protected]

• generated file containing runtime debug information detailing interaction between sensor controller and Server Sensor



Table 27: Server Sensor log files



Sensor Controller SiteProtector Third Party Module Logs

Introduction The Third Party Module log files contain information related to the Third Party Module located at the given IP address. The paths to the log files are as follows:

CheckPoint log files Table 28 describes the CheckPoint Third Party Module log files:

Cisco PIX log files Table 29 describes the Cisco PIX Third Party Module log files:

Firewall Log file path

CheckPoint \ISS\issSensors\ThirdPartyModule_Checkpoint_1\Logs

Cisco PIX \ISS\issSensors\ThirdPartyModule_Cisco_1\Logs


sensor_health.policy • copy of current.policy located at specified IP address



LeaTraceLog.txt • generated file containing runtime debug information



TpmLog.txt

TPMTraceLog.txt

Table 28: CheckPoint Third Party Module log files


sensor_health.policy • copy of current.policy located at specified IP address



TpmLog.txt, • generated file containing runtime debug information



TPMTraceLog.txt

Table 29: Cisco PIX Third Party Module log files

46

SECTION D: Agent Manager Logging Information

Overview

Introduction This section lists SiteProtector logging information for components that are managed with the Agent Manager (formerly Desktop Controller).


Topic Page

Agent Manager Desktop Protection Logs 48

Desktop Controller M-Series Appliance Logs 50



Agent Manager Desktop Protection Logs

Introduction The Desktop Protection log files contain information related to the Agent Manager located at the given IP address. The path of the log files is \Program Files\ISS\RealSecure SiteProtector\Desktop Controller\Logs.

Logging levels If you are experiencing problems with your Agent Manager applications, you should adjust logging levels to help troubleshoot the issues. You set logging levels in the rsspdc.ini file, which is located in the following directory on the Agent Manager computer:

\Program Files\ISS\RealSecure SiteProtector\Desktop Controller

Setting and clearing logging levels

To set a logging level:

1. In the rsspdc.ini file, cut the logging level you want from the dcLog.clear line, and then paste it into the dcLog.set line.

To clear a logging level, cut it from the dcLog.set line, and then paste it into the dcLog.clear line.

2. Save, and then close the files.

3. From the SiteProtector Console, stop, and then start the Agent Manager service.

Important: ISS strongly recommends that you perform this procedure only with guidance from ISS Technical Support.

Logging level parameters

The following table lists the logging level parameters:

Logging level Description

EXCEPTION Error level logging including both fatal and non-fatal. These errors may indicate expected failure situations (such as connectivity loss or out of memory errors) or unexpected problems from the outside the Desktop Controller (such as malformed XML policies or unexpected events from agents).

ASSERTION Debug assertion logging that indicates a bug in the Desktop Controller code. These errors indicate abnormal conditions, and if seen, they should be reported to ISS Technical Support.

WARNING Warning logging for non-critical/recoverable conditions in the Desktop Controller, such as DB connectivity loss.

INFORMATION Information logging of general activity in the Desktop Controller.

HTTPRESPONSE Logging of HTTP response data to agents from the Desktop Controller.

HTTPEVENT Logging of incoming HTTP event/heartbeat data from agents.

FIREWALL Logging of firewall rule-setting during policy loading.

AGENTDOWNLOAD Logging of HTTP request information when agents download files from the Desktop Controller (including configuration files or upgrade packages).

WEBSERVER Logging of Web server activity in the Desktop Controller.

Table 30: Desktop Protection logging level parameters

48

Agent Manager Desktop Protection Logs

SYSMON General logging level for system type events, such as thread startup and shutdown.

ALERT Logging of alert/response information for SMTP, Pager, and SNMP alerts.

METRICS Traces incoming event counts.

VERBOSE Logging of repeated informational traces such as polling thread activity and policy/property file loading.

Logging level Description

Table 30: Desktop Protection logging level parameters



Desktop Controller M-Series Appliance Logs

Introduction The M-Series log file contains information related to the M-Series appliance located at the given IP address. The path to the log file is /var/log/messages.

Local Management Interface

The easiest way to access the log file is by using the Local Management Interface (LMI) on the M-Series appliance. For information about how to access the log file using the LMI, see the Proventia M-Series Appliances User Guide.

Description of log file

Table 31 describes the M-Series log file:

Log file parameter Description

Date/Time The date and time that the event was detected.

Event Type The type of event that was detected. The event types are:

• anti-virus

• firewall

• intrusion protection module

• system

Other event details Besides Date, Time, and Event Type, the following event information can be included in the M-Series log file:

• generated error message

• source/destination IP address

• source/destination port

• host name

Table 31: M-Series log file

50

®

Appendix

Appendix A

Database Schema

Overview

Introduction This appendix provides the SiteProtector database schematics.

In this appendix This appendix contains the following topics:

Topic Page

Application Security Schema 54

Auditing and Diagnostics Schema 55

Command and Control Schema 56

Grouping Schema 57

ITRSO Schema 58

Metrics Schema 59

Sensor Data Schema 60

Site Analysis Schema 61

Site Filters Schema 62

Staging and Rejects Schema 63

Statistics Schema 64

X-Force Schema 65

Complete Database Schema 66


Appendix A: Database Schema

Application Security Schema

Schema The following diagram displays the Application Security Schema.

Gro

ups

Gro

upID

: in

t ID

EN

TIT

Y (

AK

1.2

)

Gro

upN

am

e: nvarc

har(

80)

NO

T N

ULL

Gro

upD

esc: nvarc

har(

255)

NU

LL

Role

ID: in

t N

ULL (

FK

)

Pare

ntG

roupID

: in

t N

ULL (

AK

1.1

,IE

1.1

)

Gro

upV

iew

ID: in

t N

ULL (

FK

)

Dele

ted: tinyin

t N

ULL

SiteID

: in

t N

ULL (

FK

)

Gro

upT

ypeID

: in

t N

ULL (

FK

)

SP

Gro

upID

: in

t N

ULL

Rule

ID: in

t N

ULL (

FK

)

GU

ID: varc

har(

36)

NU

LL

Sites S

iteID

: in

t ID

EN

TIT

Y(2

,1)

Nam

e: nvarc

har(

60)

NO

T N

ULL

Descr:

nvarc

har(

255)

NU

LL

IpA

ddre

ss: varc

har(

47)

NO

T N

ULL

Port

: in

t N

OT

NU

LL

LastD

ata

LoadA

t: d

ate

tim

e N

ULL

Dele

ted: tinyin

t N

ULL

Users U

sers

ID: in

t ID

EN

TIT

Y

Login

: nvarc

har(

50)

NO

T N

ULL

Dom

ain

: nvarc

har(

255)

NO

T N

ULL

SID

: varc

har(

50)

NO

T N

ULL (

AK

2.1

)

LastL

ogin

: date

tim

e N

ULL

LastL

ogin

Failu

re: date

tim

e N

ULL

NT

Gro

up: nvarc

har(

30)

NO

T N

ULL

Users

Gro

ups

Users

ID: in

t N

OT

NU

LL (

FK

)

Gro

upID

: in

t N

OT

NU

LL (

FK

)

Users

Sites

Users

ID: in

t N

OT

NU

LL (

FK

)

SiteID

: in

t N

OT

NU

LL (

FK

)

Role

Role

ID: in

t N

OT

NU

LL

Role

Nam

e: varc

har(

60)

NO

T N

ULL

Pro

ductID

: in

t N

ULL (

FK

)

Cla

ssN

am

e: varc

har(

255)

NO

T N

ULL (

AK

1.1

)

Nam

espace: varc

har(

255)

NU

LL

Defa

ultLoggin

gLevel: tin

yin

t N

ULL

Defa

ultS

tatu

s: tinyin

t N

ULL

Defa

ultO

ptionF

lags: tinyin

t N

ULL

Support

sE

C: tinyin

t N

OT

NU

LL

Support

sG

roupP

olic

y: tinyin

t N

OT

NU

LL

Gro

upV

iew

Gro

upV

iew

ID: in

t ID

EN

TIT

Y (

IE1.1

)

Gro

upV

iew

Nam

e: nvarc

har(

64)

NO

T N

ULL

Dele

ted: tinyin

t N

ULL

Gro

upT

ypes

Gro

upT

ypeID

: in

t ID

EN

TIT

Y

Nam

e: nvarc

har(

64)

NU

LL (

AK

1.1

)

Descr:

nvarc

har(

255)

NU

LL

54

Auditing and Diagnostics Schema

Auditing and Diagnostics Schema

Schema The following diagram displays the Auditing and Diagnostics schema:

Au

ditIn

fo

Au

ditIn

foID

: in

t ID

EN

TIT

Y

Au

ditT

railI

D:

int

NU

LL

(F

K)

Pa

ram

Na

me

: n

va

rch

ar(

10

0)

NU

LL

Pa

ram

Va

lue

: n

va

rch

ar(

50

0)

NU

LL

Pa

ram

Da

taT

yp

e:

nva

rch

ar(

60

) N

UL

L

Pa

ram

De

sig

na

tor:

nva

rch

ar(

10

) N

UL

L

Au

ditT

rail

Au

ditT

railI

D:

int

IDE

NT

ITY

Au

ditE

ve

ntC

MD

ID:

int

NU

LL

(F

K)

Use

rNa

me

: n

va

rch

ar(

75

) N

UL

L

Au

ditT

ime

: d

ate

tim

e N

UL

L

Au

ditE

ve

ntC

MD

Au

ditE

ve

ntC

MD

ID:

int

IDE

NT

ITY

Eve

ntD

esc:

nva

rch

ar(

10

0)

NU

LL

DB

Su

bC

om

po

ne

nt

DB

Su

bC

om

po

ne

ntI

D:

sm

alli

nt

IDE

NT

ITY

DB

Co

mp

on

en

tID

: sm

alli

nt

NU

LL

(F

K)

Pro

cN

am

e:

va

rch

ar(

30

) N

UL

L

Sta

te:

tin

yin

t N

UL

L

Sta

teD

ate

Tim

e:

da

tetim

e N

UL

L

Sta

teD

escrip

tio

n:

va

rch

ar(

10

0)

NU

LL

DB

Co

mp

on

en

t

DB

Co

mp

on

en

tID

: sm

alli

nt

IDE

NT

ITY

Na

me

: va

rch

ar(

30

) N

UL

L

Sta

te:

tin

yin

t N

UL

L

Sta

teD

escrip

tio

n:

va

rch

ar(

10

0)

NU

LL

Err

orM

essa

ge

Err

orN

um

be

r: in

t N

OT

NU

LL

Se

ve

rity

ID:

sm

alli

nt

NU

LL

(F

K)

Me

ssa

ge

Te

xt:

nva

rch

ar(

30

0)

NU

LL

Ve

rsio

n

Att

rib

ute

Na

me

: n

va

rch

ar(

40

) N

UL

L

Att

rib

ute

Va

lue

: n

va

rch

ar(

10

0)

NU

LL

Err

orS

eve

rity

Se

ve

rity

ID:

sm

alli

nt

NO

T N

UL

L

Na

me

: n

va

rch

ar(

20

) N

OT

NU

LL

De

scrip

tio

n:

nva

rch

ar(

80

) N

UL

L

Re

po

rtT

oC

alle

r: t

inyin

t N

OT

NU

LL

SQ

LS

eve

rity

: ch

ar(

2)

NU

LL

Lo

gg

ing

Le

ve

l: t

inyin

t N

UL

L

Me

ssa

ge

Lo

g

Me

ssa

ge

Lo

gID

: in

t ID

EN

TIT

Y

Wh

en

Occu

rre

d:

da

tetim

e N

OT

NU

LL

Se

ve

rity

ID:

sm

alli

nt

NO

T N

UL

L (

FK

)

Err

orN

um

be

r: in

t N

OT

NU

LL

Me

ssa

ge

: n

va

rch

ar(

30

0)

NU

LL

Pro

ce

du

reN

am

e:

nva

rch

ar(

60

) N

UL

L

Re

late

sT

oE

rro

rID

: in

t N

UL

L

Ve

rsio

nU

pd

ate

s

Up

da

teT

ag

: ch

ar(

40

) N

UL

L

Up

da

teT

yp

e:

tin

yin

t N

OT

NU

LL

Ma

jorV

ers

ion

: in

t N

OT

NU

LL

Min

orV

ers

ion

: in

t N

OT

NU

LL

Ye

arP

oin

tRe

lea

se

: in

t N

OT

NU

LL

Bu

ildN

um

be

r: in

t N

OT

NU

LL

Up

da

teC

md

Lin

e:

va

rch

ar(

25

5)

NU

LL

Up

da

teF

ile:

va

rch

ar(

26

0)

NU

LL

De

lete

d:

tin

yin

t N

OT

NU

LL

Up

da

teS

tatu

s

Up

da

teS

tatu

sID

: in

t ID

EN

TIT

Y

Na

me

: va

rch

ar(

10

0)

NO

T N

UL

L

Sta

rtT

ime

: d

ate

tim

e N

OT

NU

LL

Sta

tus:

va

rch

ar(

30

) N

UL

L

Actio

nJo

bID

: in

t N

UL

L

To

talS

tep

s:

int

NU

LL

Up

da

teO

pe

ratio

nS

tatu

s

Up

da

teO

pe

ratio

nS

tatu

sID

: in

t ID

EN

TIT

Y

Ta

rge

tNa

me

: va

rch

ar(

10

0)

NO

T N

UL

L

Sta

tus:

va

rch

ar(

30

) N

UL

L

Up

da

teS

tatu

sID

: in

t N

UL

L (

FK

)

Du

ratio

n:

sm

alld

ate

tim

e N

UL

L

PctC

om

ple

te:

sm

alli

nt

NU

LL

Up

da

teS

tep

Sta

tus

Up

da

teS

tep

Sta

tusID

: in

t ID

EN

TIT

Y

Ste

pN

br:

in

t N

UL

L

Ta

skN

am

e:

va

rch

ar(

50

) N

UL

L

De

scrip

tio

n:

va

rch

ar(

10

00

) N

UL

L

PctC

om

ple

te:

sm

alli

nt

NO

T N

UL

L

DB

Tim

e:

da

tetim

e N

OT

NU

LL

Co

mp

on

en

tTim

e:

da

tetim

e N

UL

L

Sta

tus:

va

rch

ar(

30

) N

UL

L

Up

da

teO

pe

ratio

nS

tatu

sID

: in

t N

UL

L (

FK

)

Ma

inte

na

nce

Lo

g

Ma

inte

na

nce

Lo

gID

: b

igin

t ID

EN

TIT

Y

Wh

en

Occu

rre

d:

da

tetim

e N

UL

L

Me

ssa

ge

: n

va

rch

ar(

12

00

) N

UL

L

Pro

ce

du

reN

am

e:

nva

rch

ar(

24

0)

NU

LL

RS

DB

Op

tio

ns

Op

tio

nN

am

e:

va

rch

ar(

10

0)

NO

T N

UL

L

Pa

ram

De

sc:

va

rch

ar(

50

) N

UL

L

Pa

ram

Va

lue

: n

va

rch

ar(

10

0)

NO

T N

UL

L

De

fau

ltV

alu

e:

nva

rch

ar(

10

0)

NO

T N

UL

L

La

stM

od

ifie

dB

y:

nva

rch

ar(

60

) N

OT

NU

LL

La

stM

od

ifie

dA

t: d

ate

tim

e N

OT

NU

LL

Syste

m_

Usr:

nva

rch

ar(

60

) N

OT

NU

LL

An

aly

sis

Lo

g

Qu

ery

ID:

int

IDE

NT

ITY

Sta

rtT

ime

: d

ate

tim

e N

UL

L

Typ

e:

ch

ar(

1)

NU

LL

SP

ID:

int

NU

LL

Du

ratio

n:

int

NU

LL

Use

rID

: in

t N

UL

L

SQ

LS

tmt:

te

xt

NU

LL

RP

C:

text

NU

LL

Err

orI

D:

int

NU

LL



Command and Control Schema

Schema The following diagram displays the Command and Control schema:

Bin

ary

Da

ta

Bin

ary

Da

taID

: in

t ID

EN

TIT

Y

Bin

ary

Da

taT

yp

e:

tin

yin

t N

UL

L (

FK

)

Va

lue

: im

ag

e N

UL

L

Ch

eckS

um

: in

t N

UL

L (

IE1

.1)

File

Na

me

: n

va

rch

ar(

25

5)

NU

LL

La

stM

od

ifie

dA

t: d

ate

tim

e N

UL

L

De

lete

Re

fCo

un

t: in

t N

UL

L

Ro

le

Ro

leID

: in

t N

OT

NU

LL

Ro

leN

am

e:

va

rch

ar(

60

) N

OT

NU

LL

Pro

du

ctI

D:

int

NU

LL

(F

K)

Cla

ssN

am

e:

va

rch

ar(

25

5)

NO

T N

UL

L (

AK

1.1

)

Na

me

sp

ace

: va

rch

ar(

25

5)

NU

LL

De

fau

ltL

og

gin

gL

eve

l: t

inyin

t N

UL

L

De

fau

ltS

tatu

s:

tin

yin

t N

UL

L

De

fau

ltO

ptio

nF

lag

s:

tin

yin

t N

UL

L

Su

pp

ort

sE

C:

tin

yin

t N

OT

NU

LL

Su

pp

ort

sG

rou

pP

olic

y:

tin

yin

t N

OT

NU

LL

Co

mp

on

en

t

Co

mp

on

en

tID

: in

t ID

EN

TIT

Y

Ro

leID

: in

t N

UL

L (

FK

) (I

E2

.3)

La

stP

ush

ed

Po

licyID

: in

t N

UL

L (

FK

)

Pro

pe

rtyF

ileID

: in

t N

UL

L (

FK

)

Ho

stI

D:

int

NU

LL

(F

K)

(IE

2.1

)

Prio

rity

: n

um

eric N

OT

NU

LL

Sta

tus:

nu

me

ric N

OT

NU

LL

La

stM

od

ifie

dB

y:

nva

rch

ar(

60

) N

UL

L

La

stM

od

ifie

dA

t: d

ate

tim

e N

UL

L

De

lete

d:

nu

me

ric N

OT

NU

LL

Eve

ntS

ou

rce

Po

rt:

int

NU

LL

Eve

ntP

ort

: in

t N

UL

L

Ve

rsio

n:

va

rch

ar(

40

) N

UL

L

Se

nso

rNa

me

: n

va

rch

ar(

10

0)

NU

LL

(IE

2.2

)

Po

licy:

nva

rch

ar(

43

4)

NU

LL

Ma

ste

r: v

arc

ha

r(3

0)

NU

LL

Ava

ilab

leX

PU

: va

rch

ar(

40

) N

UL

L

La

stI

nsta

lled

XP

U:

va

rch

ar(

40

) N

UL

L

Lo

gg

ing

Le

ve

l: t

inyin

t N

UL

L

Lic

en

se

Sta

te:

sm

alli

nt

NU

LL

XP

US

tate

: sm

alli

nt

NU

LL

Sta

teD

escrip

tio

n:

nva

rch

ar(

50

0)

NU

LL

Un

exp

ecte

dC

on

fig

Ch

an

ge

: tin

yin

t N

UL

L

Mo

difie

dB

yS

en

so

rCo

ntr

olle

r: t

inyin

t N

OT

NU

LL

Da

em

on

Po

rt:

int

NU

LL

Eve

ntL

og

Op

tio

n:

tin

yin

t N

UL

L

Site

ID:

int

NU

LL

(F

K)

La

stP

ush

ed

Re

sp

on

se

ID:

int

NU

LL

(F

K)

XP

UD

ate

: d

ate

tim

e N

UL

L

Re

sp

on

se

: n

va

rch

ar(

43

4)

NU

LL

Po

licyG

rou

pID

: in

t N

UL

L (

FK

)

La

stH

ea

rtB

ea

t: d

ate

tim

e N

UL

L

GU

ID:

va

rch

ar(

36

) N

UL

L (

IE1

.1)

Lic

en

se

ID:

int

NU

LL

(F

K)

Po

licyC

ha

ng

ed

Fla

g:

tin

yin

t N

OT

NU

LL

FC

PE

ve

ntP

ort

: in

t N

UL

L

FC

PE

ve

ntS

ou

rce

Po

rt:

int

NU

LL

EC

Sta

tus:

tin

yin

t N

UL

L

EC

Sta

teD

escrip

tio

n:

nva

rch

ar(

50

0)

NU

LL

Op

tio

nF

lag

s:

int

NU

LL

Eve

ntC

olle

cto

rID

: in

t N

UL

L (

FK

)

Ale

rtE

ve

ntP

ort

: in

t N

UL

L

Ale

rtE

ve

ntS

ou

rce

Po

rt:

int

NU

LL

Mo

de

lDe

sc:

va

rch

ar(

10

00

) N

UL

L

Gro

up

s

Gro

up

ID:

int

IDE

NT

ITY

(A

K1

.2)

Gro

up

Na

me

: n

va

rch

ar(

80

) N

OT

NU

LL

Gro

up

De

sc:

nva

rch

ar(

25

5)

NU

LL

Ro

leID

: in

t N

UL

L (

FK

)

Pa

ren

tGro

up

ID:

int

NU

LL

(A

K1

.1,I

E1

.1)

Gro

up

Vie

wID

: in

t N

UL

L (

FK

)

De

lete

d:

tin

yin

t N

UL

L

Site

ID:

int

NU

LL

(F

K)

Gro

up

Typ

eID

: in

t N

UL

L (

FK

)

SP

Gro

up

ID:

int

NU

LL

Ru

leID

: in

t N

UL

L (

FK

)

GU

ID:

va

rch

ar(

36

) N

UL

L

Gro

up

Ho

stL

inks

Gro

up

ID:

int

NO

T N

UL

L (

FK

)

Ho

stI

D:

int

NO

T N

UL

L (

FK

)

Sch

ed

ule

Sch

ed

ule

ID:

int

IDE

NT

ITY

De

scrip

tio

n:

va

rch

ar(

10

00

) N

UL

L

En

ab

led

: n

um

eric N

OT

NU

LL

Fre

qT

yp

e:

nu

me

ric N

OT

NU

LL

Fre

qIn

terv

al: n

um

eric N

OT

NU

LL

Fre

qS

ub

Typ

e:

nu

me

ric N

UL

L

Fre

qS

ub

Inte

rva

l: n

um

eric N

OT

NU

LL

Fre

qR

ela

tive

Int:

nu

me

ric N

OT

NU

LL

Fre

qR

ecu

rFa

cto

r: n

um

eric N

UL

L

Active

Sta

rtD

ate

: n

um

eric N

UL

L

Active

En

dD

ate

: n

um

eric N

UL

L

Active

Sta

rtT

OD

: n

um

eric N

UL

L

Active

En

dT

OD

: n

um

eric N

UL

L

Nu

mS

ch

ed

Sca

ns:

nu

me

ric N

UL

L

De

lete

d:

nu

me

ric N

OT

NU

LL

Tim

eZ

on

e:

va

rch

ar(

40

) N

UL

L

Actio

nJo

b

Actio

nJo

bID

: in

t ID

EN

TIT

Y

Actio

nD

eta

ilsID

: in

t N

OT

NU

LL

(F

K)

Co

mp

on

en

tID

: in

t N

UL

L (

FK

)

Sta

rtD

ate

Tim

e:

da

tetim

e N

OT

NU

LL

Actio

nS

tate

: n

um

eric N

OT

NU

LL

Re

su

lt:

va

rch

ar(

30

0)

NU

LL

Actio

nJo

bIn

fo:

va

rch

ar(

10

0)

NU

LL

La

stM

od

ifie

dA

t: d

ate

tim

e N

OT

NU

LL

Actio

nD

eta

ils

Actio

nD

eta

ilsID

: in

t ID

EN

TIT

Y

Ite

mID

: in

t N

UL

L

Ho

stI

D:

int

NU

LL

(F

K)

Co

mp

on

en

tID

: in

t N

UL

L (

FK

)

Ho

stG

rou

pID

: in

t N

UL

L (

IE1

.1)

Sch

ed

ule

ID:

int

NU

LL

(F

K)

Actio

nT

yp

e:

nu

me

ric N

OT

NU

LL

(IE

2.1

)

Ro

leID

: in

t N

UL

L (

FK

)

Sch

ed

ule

dB

y:

nva

rch

ar(

60

) N

OT

NU

LL

La

stM

od

ifie

dB

y:

nva

rch

ar(

60

) N

UL

L

La

stM

od

ifie

dA

t: d

ate

tim

e N

UL

L

Ne

xtR

un

Da

te:

da

tetim

e N

UL

L (

IE3

.1)

Su

sp

en

de

d:

nu

me

ric N

OT

NU

LL

De

lete

d:

nu

me

ric N

OT

NU

LL

Co

mp

on

en

tGro

up

ID:

int

NU

LL

(F

K)

Arg

um

en

ts:

nte

xt

NU

LL

Co

ntr

olle

rID

: in

t N

UL

L

Po

licy Po

licyID

: in

t ID

EN

TIT

Y

Na

me

: n

va

rch

ar(

15

0)

NO

T N

UL

L

De

scrip

tio

n:

nva

rch

ar(

80

) N

UL

L

File

Na

me

: n

va

rch

ar(

25

5)

NU

LL

Ve

rsio

n:

va

rch

ar(

10

0)

NU

LL

Ro

leID

: in

t N

UL

L (

FK

)

Bin

ary

Da

taID

: in

t N

UL

L (

FK

)

De

lete

d:

nu

me

ric N

OT

NU

LL

La

stM

od

ifie

dA

t: d

ate

tim

e N

UL

L

La

stM

od

ifie

dB

y:

nva

rch

ar(

60

) N

UL

L

Re

ad

On

ly:

tin

yin

t N

UL

L

Ed

ito

rKe

y:

va

rch

ar(

50

) N

OT

NU

LL

Va

lid:

tin

yin

t N

OT

NU

LL

Ho

sts H

ostI

D:

int

IDE

NT

ITY

Ho

stI

pA

dd

ress:

va

rch

ar(

47

) N

UL

L

Ho

stD

NS

Na

me

: N

VA

RC

HA

R(2

54

) N

UL

L

Ho

stN

BN

am

e:

NV

AR

CH

AR

(16

) N

UL

L

Ho

stN

BD

om

ain

: n

va

rch

ar(

16

) N

UL

L

Ho

stO

SN

am

e:

nva

rch

ar(

64

) N

UL

L

Ho

stO

SV

ers

ion

: n

va

rch

ar(

32

) N

UL

L

Ho

stO

SR

evis

ion

Le

ve

l: v

arc

ha

r(3

2)

NU

LL

Ho

stO

wn

er:

nva

rch

ar(

50

) N

UL

L

Da

teH

ostA

dd

ed

: d

ate

tim

e N

OT

NU

LL

GU

ID:

va

rch

ar(

36

) N

UL

L

Ho

stI

PN

br:

nu

me

ric(1

0)

NO

T N

UL

L (

IE1

.1)

Ma

cA

dd

ress:

ch

ar(

17

) N

UL

L

Da

teH

ostU

pd

ate

d:

da

tetim

e N

OT

NU

LL

(IE

1.2

)

OS

Gro

up

ID:

int

NU

LL

(F

K)

ISS

ca

nD

ate

: d

ate

tim

e N

UL

L (

IE2

.1)

Sta

tNa

me

ID:

int

NU

LL

(IE

2.2

)

Pro

du

cts

Pro

du

ctI

D:

int

NO

T N

UL

L

Pro

dN

am

e:

nva

rch

ar(

40

) N

UL

L

Re

sp

on

se

Re

sp

on

se

ID:

int

IDE

NT

ITY

Na

me

: n

va

rch

ar(

15

0)

NO

T N

UL

L

De

scrip

tio

n:

nva

rch

ar(

80

) N

UL

L

File

Na

me

: n

va

rch

ar(

25

5)

NU

LL

Ve

rsio

n:

va

rch

ar(

10

0)

NU

LL

Ro

leID

: in

t N

UL

L (

FK

)

Bin

ary

Da

taID

: in

t N

UL

L (

FK

)

De

lete

d:

nu

me

ric N

OT

NU

LL

La

stM

od

ifie

dA

t: d

ate

tim

e N

UL

L

La

stM

od

ifie

dB

y:

nva

rch

ar(

60

) N

UL

L

Re

ad

On

ly:

tin

yin

t N

UL

L

Ed

ito

rKe

y:

va

rch

ar(

50

) N

OT

NU

LL

Va

lid:

tin

yin

t N

OT

NU

LL

Lic

en

se

Lic

en

se

ID:

int

IDE

NT

ITY

Na

me

: n

va

rch

ar(

50

) N

UL

L

Bin

ary

Da

taID

: in

t N

UL

L (

FK

)

Fe

atu

res:

nva

rch

ar(

50

) N

UL

L

Fe

atu

reD

escrip

tio

n:

nva

rch

ar(

10

0)

NU

LL

De

vic

eC

ou

nt:

in

t N

UL

L

Ma

inte

na

nce

Da

te:

va

rch

ar(

40

) N

UL

L

Exp

ire

Da

te:

va

rch

ar(

40

) N

UL

L

Sta

te:

tin

yin

t N

UL

L

Sta

teD

escrip

tio

n:

va

rch

ar(

51

2)

NU

LL

Lic

en

se

Typ

e:

tin

yin

t N

OT

NU

LL

Ke

yS

trin

g:

va

rch

ar(

50

) N

UL

L

Sta

tNa

me

ID:

int

NU

LL

(F

K)

Lic

Co

nta

ctI

nfo

GU

ID:

nva

rch

ar(

40

) N

UL

L (

FK

)

Lic

GU

ID:

nva

rch

ar(

40

) N

UL

L

De

scrip

tio

n:

nva

rch

ar(

10

0)

NU

LL

Ne

wL

ice

nse

ID:

int

NU

LL

(F

K)

Site

s Site

ID:

int

IDE

NT

ITY

(2,1

)

Na

me

: n

va

rch

ar(

60

) N

OT

NU

LL

De

scr:

nva

rch

ar(

25

5)

NU

LL

IpA

dd

ress:

va

rch

ar(

47

) N

OT

NU

LL

Po

rt:

int

NO

T N

UL

L

La

stD

ata

Lo

ad

At:

da

tetim

e N

UL

L

De

lete

d:

tin

yin

t N

UL

L

GU

ID:

va

rch

ar(

51

2)

NU

LL

Jo

bT

yp

es

Jo

bT

yp

eID

: in

t ID

EN

TIT

Y

De

scr:

va

rch

ar(

80

) N

OT

NU

LL

Ta

sks Ta

skID

: in

t ID

EN

TIT

Y

Jo

bT

yp

eID

: in

t N

OT

NU

LL

(F

K)

Na

me

: va

rch

ar(

60

) N

UL

L

De

scr:

va

rch

ar(

25

5)

NU

LL

Lo

ad

Ta

ble

Na

me

: va

rch

ar(

60

) N

UL

L

Lo

ad

Sto

red

Pro

cN

am

e:

va

rch

ar(

60

) N

UL

L

Fo

rma

tFile

: te

xt

NO

T N

UL

L

Lo

ad

SQ

LS

tate

me

nt:

va

rch

ar(

40

00

) N

UL

L

Bin

ary

Da

taT

yp

e

Bin

ary

Da

taT

yp

e:

tin

yin

t N

OT

NU

LL

Bin

ary

Da

taT

yp

eD

esc:

nva

rch

ar(

60

) N

OT

NU

LL

De

skto

pA

ge

ntV

ers

ion

GU

ID:

va

rch

ar(

36

) N

OT

NU

LL

Ve

rsio

n:

va

rch

ar(

40

) N

OT

NU

LL

Re

ad

me

File

ID:

int

NU

LL

(F

K)

Ro

leID

: in

t N

UL

L (

FK

)

Po

licyV

ers

ion

Ro

leID

: in

t N

OT

NU

LL

(F

K)

Ve

rsio

n:

va

rch

ar(

10

0)

NO

T N

UL

L

Dis

pla

yV

ers

ion

: va

rch

ar(

10

0)

NU

LL

Re

sp

on

se

Ve

rsio

n

Ro

leID

: in

t N

OT

NU

LL

(F

K)

Ve

rsio

n:

va

rch

ar(

10

0)

NO

T N

UL

L

Dis

pla

yV

ers

ion

: va

rch

ar(

10

0)

NU

LL

Co

mp

on

en

tDo

cu

me

nt

Co

mp

on

en

tID

: in

t N

OT

NU

LL

(F

K)

Na

me

sp

ace

ID:

sm

alli

nt

NO

T N

UL

L (

FK

)

Bin

ary

Da

taID

: in

t N

OT

NU

LL

(F

K)

Ve

rsio

n:

va

rch

ar(

10

0)

NU

LL

En

ab

led

: b

it N

OT

NU

LL

Gro

up

Do

cu

me

nt

Gro

up

ID:

int

NO

T N

UL

L (

FK

)

Na

me

sp

ace

ID:

sm

alli

nt

NO

T N

UL

L (

FK

)

Ve

rsio

n:

va

rch

ar(

10

0)

NO

T N

UL

L

Bin

ary

Da

taID

: in

t N

OT

NU

LL

(F

K)

En

ab

led

: b

it N

OT

NU

LL

Re

po

rtIn

sta

nce

Re

po

rtIn

sta

nce

ID:

int

NO

T N

UL

L (

FK

)

Te

mp

late

File

Na

me

: n

va

rch

ar(

25

5)

NU

LL

(IE

1.2

)

Re

po

rtC

ate

go

ry:

nva

rch

ar(

25

5)

NU

LL

Re

po

rtN

am

e:

nva

rch

ar(

25

5)

NU

LL

Re

po

rtF

ileP

ath

: n

va

rch

ar(

10

00

) N

UL

L

Da

teC

rea

ted

: d

ate

tim

e N

OT

NU

LL

Use

rID

: in

t N

UL

L (

IE1

.3)

Sh

are

d:

tin

yin

t N

OT

NU

LL

Gro

up

ID:

int

NU

LL

(IE

1.1

)

Re

cu

rsio

n:

tin

yin

t N

OT

NU

LL

Arg

um

en

ts:

nte

xt

NU

LL

La

stM

od

ifie

dA

t: d

ate

tim

e N

OT

NU

LL

La

stM

od

ifie

dB

y:

nva

rch

ar(

25

5)

NU

LL

56

Grouping Schema

Grouping Schema

Schema The following diagram displays the Grouping schema:

Site

Ra

ng

e

Site

Ra

ng

eID

: sm

alli

nt

IDE

NT

ITY

Sta

rtIP

Nb

r: n

um

eric(1

0)

NU

LL

En

dIP

Nb

r: n

um

eric(1

0)

NU

LL

De

scrip

tio

n:

nva

rch

ar(

64

) N

UL

L

De

lete

d:

tin

yin

t N

OT

NU

LL

Ro

le

Ro

leID

: in

t N

OT

NU

LL

Ro

leN

am

e:

va

rch

ar(

60

) N

OT

NU

LL

Pro

du

ctI

D:

int

NU

LL

(F

K)

Cla

ssN

am

e:

va

rch

ar(

25

5)

NO

T N

UL

L (

AK

1.1

)

Na

me

sp

ace

: va

rch

ar(

25

5)

NU

LL

De

fau

ltL

og

gin

gL

eve

l: t

inyin

t N

UL

L

De

fau

ltS

tatu

s:

tin

yin

t N

UL

L

De

fau

ltO

ptio

nF

lag

s:

tin

yin

t N

UL

L

Su

pp

ort

sE

C:

tin

yin

t N

OT

NU

LL

Su

pp

ort

sG

rou

pP

olic

y:

tin

yin

t N

OT

NU

LL

Co

mp

on

en

t

Co

mp

on

en

tID

: in

t ID

EN

TIT

Y

Ro

leID

: in

t N

UL

L (

FK

) (I

E2

.3)

La

stP

ush

ed

Po

licyID

: in

t N

UL

L (

FK

)

Pro

pe

rtyF

ileID

: in

t N

UL

L (

FK

)

Ho

stI

D:

int

NU

LL

(F

K)

(IE

2.1

)

Prio

rity

: n

um

eric N

OT

NU

LL

Sta

tus:

nu

me

ric N

OT

NU

LL

La

stM

od

ifie

dB

y:

nva

rch

ar(

60

) N

UL

L

La

stM

od

ifie

dA

t: d

ate

tim

e N

UL

L

De

lete

d:

nu

me

ric N

OT

NU

LL

Eve

ntS

ou

rce

Po

rt:

int

NU

LL

Eve

ntP

ort

: in

t N

UL

L

Ve

rsio

n:

va

rch

ar(

40

) N

UL

L

Se

nso

rNa

me

: n

va

rch

ar(

10

0)

NU

LL

(IE

2.2

)

Po

licy:

nva

rch

ar(

43

4)

NU

LL

Ma

ste

r: v

arc

ha

r(3

0)

NU

LL

Ava

ilab

leX

PU

: va

rch

ar(

40

) N

UL

L

La

stI

nsta

lled

XP

U:

va

rch

ar(

40

) N

UL

L

Lo

gg

ing

Le

ve

l: t

inyin

t N

UL

L

Lic

en

se

Sta

te:

sm

alli

nt

NU

LL

XP

US

tate

: sm

alli

nt

NU

LL

Sta

teD

escrip

tio

n:

nva

rch

ar(

50

0)

NU

LL

Un

exp

ecte

dC

on

fig

Ch

an

ge

: tin

yin

t N

UL

L

Mo

difie

dB

yS

en

so

rCo

ntr

olle

r: t

inyin

t N

OT

NU

LL

Da

em

on

Po

rt:

int

NU

LL

Eve

ntL

og

Op

tio

n:

tin

yin

t N

UL

L

Site

ID:

int

NU

LL

(F

K)

La

stP

ush

ed

Re

sp

on

se

ID:

int

NU

LL

(F

K)

XP

UD

ate

: d

ate

tim

e N

UL

L

Re

sp

on

se

: n

va

rch

ar(

43

4)

NU

LL

Po

licyG

rou

pID

: in

t N

UL

L (

FK

)

La

stH

ea

rtB

ea

t: d

ate

tim

e N

UL

L

GU

ID:

va

rch

ar(

36

) N

UL

L (

IE1

.1)

Lic

en

se

ID:

int

NU

LL

(F

K)

Po

licyC

ha

ng

ed

Fla

g:

tin

yin

t N

OT

NU

LL

FC

PE

ve

ntP

ort

: in

t N

UL

L

FC

PE

ve

ntS

ou

rce

Po

rt:

int

NU

LL

EC

Sta

tus:

tin

yin

t N

UL

L

EC

Sta

teD

escrip

tio

n:

nva

rch

ar(

50

0)

NU

LL

Op

tio

nF

lag

s:

int

NU

LL

Eve

ntC

olle

cto

rID

: in

t N

UL

L (

FK

)

Ale

rtE

ve

ntP

ort

: in

t N

UL

L

Ale

rtE

ve

ntS

ou

rce

Po

rt:

int

NU

LL

Mo

de

lDe

sc:

va

rch

ar(

10

00

) N

UL

L

Gro

up

Vie

w

Gro

up

Vie

wID

: in

t ID

EN

TIT

Y (

IE1

.1)

Gro

up

Vie

wN

am

e:

nva

rch

ar(

64

) N

OT

NU

LL

De

lete

d:

tin

yin

t N

UL

L

Gro

up

s

Gro

up

ID:

int

IDE

NT

ITY

(A

K1

.2)

Gro

up

Na

me

: n

va

rch

ar(

80

) N

OT

NU

LL

Gro

up

De

sc:

nva

rch

ar(

25

5)

NU

LL

Ro

leID

: in

t N

UL

L (

FK

)

Pa

ren

tGro

up

ID:

int

NU

LL

(A

K1

.1,I

E1

.1)

Gro

up

Vie

wID

: in

t N

UL

L (

FK

)

De

lete

d:

tin

yin

t N

UL

L

Site

ID:

int

NU

LL

(F

K)

Gro

up

Typ

eID

: in

t N

UL

L (

FK

)

SP

Gro

up

ID:

int

NU

LL

Ru

leID

: in

t N

UL

L (

FK

)

GU

ID:

va

rch

ar(

36

) N

UL

L

Gro

up

Ho

stL

inks

Gro

up

ID:

int

NO

T N

UL

L (

FK

)

Ho

stI

D:

int

NO

T N

UL

L (

FK

)

Ho

sts H

ostI

D:

int

IDE

NT

ITY

Ho

stI

pA

dd

ress:

va

rch

ar(

47

) N

UL

L

Ho

stD

NS

Na

me

: N

VA

RC

HA

R(2

54

) N

UL

L

Ho

stN

BN

am

e:

NV

AR

CH

AR

(16

) N

UL

L

Ho

stN

BD

om

ain

: n

va

rch

ar(

16

) N

UL

L

Ho

stO

SN

am

e:

nva

rch

ar(

64

) N

UL

L

Ho

stO

SV

ers

ion

: n

va

rch

ar(

32

) N

UL

L

Ho

stO

SR

evis

ion

Le

ve

l: v

arc

ha

r(3

2)

NU

LL

Ho

stO

wn

er:

nva

rch

ar(

50

) N

UL

L

Da

teH

ostA

dd

ed

: d

ate

tim

e N

OT

NU

LL

GU

ID:

va

rch

ar(

36

) N

UL

L

Ho

stI

PN

br:

nu

me

ric(1

0)

NO

T N

UL

L (

IE1

.1)

Ma

cA

dd

ress:

ch

ar(

17

) N

UL

L

Da

teH

ostU

pd

ate

d:

da

tetim

e N

OT

NU

LL

(IE

1.2

)

OS

Gro

up

ID:

int

NU

LL

(F

K)

ISS

ca

nD

ate

: d

ate

tim

e N

UL

L (

IE2

.1)

Sta

tNa

me

ID:

int

NU

LL

(IE

2.2

)

Pro

du

cts

Pro

du

ctI

D:

int

NO

T N

UL

L

Pro

dN

am

e:

nva

rch

ar(

40

) N

UL

L

Site

s Site

ID:

int

IDE

NT

ITY

(2,1

)

Na

me

: n

va

rch

ar(

60

) N

OT

NU

LL

De

scr:

nva

rch

ar(

25

5)

NU

LL

IpA

dd

ress:

va

rch

ar(

47

) N

OT

NU

LL

Po

rt:

int

NO

T N

UL

L

La

stD

ata

Lo

ad

At:

da

tetim

e N

UL

L

De

lete

d:

tin

yin

t N

UL

L

Gro

up

Typ

es

Gro

up

Typ

eID

: in

t ID

EN

TIT

Y

Na

me

: n

va

rch

ar(

64

) N

UL

L (

AK

1.1

)

De

scr:

nva

rch

ar(

25

5)

NU

LL

Ho

stC

ou

nts

Co

un

tDa

te:

da

tetim

e N

OT

NU

LL

Gro

up

ID:

int

NO

T N

UL

L (

FK

)

Ho

stC

ou

nt:

in

t N

OT

NU

LL

Gro

up

sP

are

ntC

hild

Pa

ren

tID

: in

t N

UL

L (

FK

)

Ch

ildID

: in

t N

OT

NU

LL

(F

K)

Gro

up

Ru

le

Ru

leID

: in

t ID

EN

TIT

Y

Ru

leT

yp

e:

tin

yin

t N

OT

NU

LL

(F

K)

Ru

leV

alu

e:

nte

xt

NO

T N

UL

L

De

scrip

tio

n:

nva

rch

ar(

25

4)

NU

LL

La

stM

od

ifie

dA

t: d

ate

tim

e N

UL

L

Gro

up

Po

licy

Gro

up

ID:

int

NO

T N

UL

L (

FK

)

Ro

leID

: in

t N

OT

NU

LL

(F

K)

Po

licyID

: in

t N

OT

NU

LL

(F

K)

Gro

up

Ru

leT

yp

e

Ru

leT

yp

e:

tin

yin

t N

OT

NU

LL

De

scrip

tio

n:

nva

rch

ar(

60

) N

OT

NU

LL

Un

Gro

up

ed

Ho

sts

Ho

stI

D:

int

NO

T N

UL

L (

FK

)

Un

Gro

up

ed

Sta

tus:

tin

yin

t N

UL

L (

FK

)

Un

Gro

up

ed

De

tails

: n

va

rch

ar(

25

4)

NU

LL

La

stM

od

ifie

dA

t: d

ate

tim

e N

UL

L

Un

Gro

up

ed

Sta

tus

Un

Gro

up

ed

Sta

tus:

tin

yin

t N

OT

NU

LL

Un

Gro

up

ed

Sta

tusD

esc:

nva

rch

ar(

60

) N

UL

L



ITRSO Schema

Schema The following diagram displays the ITRSO schema:

Ra

tin

gS

et

Ra

tin

gID

: in

t N

OT

NU

LL

(F

K)

Ra

tin

gA

ttrib

ute

ID:

int

NO

T N

UL

L (

FK

)

Ra

tin

gO

rde

r: in

t N

OT

NU

LL

Ra

tin

gA

ttrib

ute

Ra

tin

gA

ttrib

ute

ID:

int

NO

T N

UL

L

Ra

tin

gA

ttrib

ute

Co

de

ID:

int

NO

T N

UL

L (

FK

)

Att

rib

ute

Va

lue

: va

rch

ar(

80

) N

UL

L

Ra

tin

gA

ttrib

ute

Co

de

Ra

tin

gA

ttrib

ute

Co

de

ID:

int

NO

T N

UL

L

Att

rib

ute

Na

me

: n

va

rch

ar(

80

) N

OT

NU

LL

Ch

eckP

rod

ucts

Ch

eckP

rod

uctI

D:

int

NO

T N

UL

L

Se

cC

hkID

: in

t N

OT

NU

LL

(F

K)

Pro

dV

erI

D:

int

NO

T N

UL

L (

FK

)

Co

mm

en

t: v

arc

ha

r(4

00

0)

NU

LL

Fa

lse

Ne

ga

tive

: n

text

NU

LL

Fa

lse

Po

sitiv

e:

nte

xt

NU

LL

Pro

du

ctC

he

ckN

am

e:

va

rch

ar(

12

0)

NU

LL

Alg

orith

mID

: in

t N

UL

L (

FK

)

Vu

lnS

tatu

s:

bit N

UL

L

Alg

orith

mR

atin

g

Alg

orith

mID

: in

t N

OT

NU

LL

(F

K)

Ra

tin

gID

: in

t N

OT

NU

LL

(F

K)

Alg

orith

m

Alg

orith

mID

: in

t N

OT

NU

LL

Alg

orith

mN

um

: in

t N

OT

NU

LL

Na

me

Sp

ace

: ch

ar(

10

) N

UL

L

Ra

tin

g Ra

tin

gID

: in

t N

OT

NU

LL

Co

rre

latio

nIn

fo

RS

Ch

eckP

rod

uctI

D:

int

NO

T N

UL

L (

FK

)

Sca

nn

erP

rod

uctI

D:

int

NO

T N

UL

L (

FK

)

Ro

leN

um

be

r: in

t N

OT

NU

LL

Se

cu

rity

Ch

ecks

Se

cC

hkID

: in

t N

OT

NU

LL

Ta

gN

am

e:

va

rch

ar(

60

) N

OT

NU

LL

Ch

kN

am

e:

va

rch

ar(

40

) N

OT

NU

LL

Ch

kB

rie

fDe

sc:

NV

AR

CH

AR

(25

5)

NU

LL

Ch

kD

eta

ilDe

sc:

nte

xt

NU

LL

Ch

kD

ate

Re

po

rte

d:

da

tetim

e N

UL

L

Ch

kD

ate

En

tere

d:

da

tetim

e N

UL

L

Ch

kD

ate

Ch

an

ge

d:

da

tetim

e N

UL

L

Ite

mA

ffe

cte

d:

nva

rch

ar(

25

5)

NU

LL

Dis

co

ve

rer:

nva

rch

ar(

25

5)

NU

LL

Co

nse

qN

am

e:

va

rch

ar(

20

) N

UL

L

Co

nse

qB

rie

fDe

sc:

nva

rch

ar(

25

5)

NU

LL

Co

nse

qD

eta

ilDe

sc:

nte

xt

NU

LL

Ob

so

lete

: b

it N

OT

NU

LL

Re

pla

ce

dB

y:

int

NU

LL

Vu

lnS

tatu

s:

bit N

OT

NU

LL

58

Metrics Schema

Metrics Schema

Schema The following diagram displays the Metrics schema:

Gro

up

s

Gro

up

ID:

int

IDE

NT

ITY

(A

K1

.2)

Gro

up

Na

me

: n

va

rch

ar(

80

) N

OT

NU

LL

Gro

up

De

sc:

nva

rch

ar(

25

5)

NU

LL

Ro

leID

: in

t N

UL

L (

FK

)

Pa

ren

tGro

up

ID:

int

NU

LL

(A

K1

.1,I

E1

.1)

Gro

up

Vie

wID

: in

t N

UL

L (

FK

)

De

lete

d:

tin

yin

t N

UL

L

Site

ID:

int

NU

LL

(F

K)

Gro

up

Typ

eID

: in

t N

UL

L (

FK

)

SP

Gro

up

ID:

int

NU

LL

Ru

leID

: in

t N

UL

L (

FK

)

GU

ID:

va

rch

ar(

36

) N

UL

L

Vu

lnS

tatu

s

Vu

lnS

tatu

s:

tin

yin

t N

OT

NU

LL

Vu

lnS

tatu

sD

esc:

nva

rch

ar(

60

) N

UL

L

So

rtID

: in

t N

OT

NU

LL

Se

ve

rity

Se

ve

rity

ID:

tin

yin

t N

OT

NU

LL

Se

ve

rity

De

sc:

nva

rch

ar(

10

) N

UL

L

Me

tric

s

Gro

up

ID:

int

NO

T N

UL

L (

FK

)

Se

ve

rity

ID:

tin

yin

t N

OT

NU

LL

(F

K)

Me

tric

sT

yp

eID

: in

t N

OT

NU

LL

(F

K)

Da

yID

: in

t N

OT

NU

LL

(F

K)

Vu

lnS

tatu

s:

tin

yin

t N

OT

NU

LL

(F

K)

Se

cC

hkID

: in

t N

UL

L

Co

un

ts:

int

NO

T N

UL

L

Me

tric

sD

ay

Da

yID

: in

t N

OT

NU

LL

Cu

rre

ntD

ate

: d

ate

tim

e N

OT

NU

LL

(A

K1

.1)

Da

yN

br:

sm

alli

nt

NO

T N

UL

L

Da

yO

fWe

ek:

nva

rch

ar(

20

) N

OT

NU

LL

Mo

nth

: sm

alli

nt

NO

T N

UL

L

Qu

art

er:

sm

alli

nt

NO

T N

UL

L

Ye

ar:

sm

alli

nt

NO

T N

UL

L

We

ekE

nd

Fla

g:

sm

alli

nt

NO

T N

UL

L

Me

tric

sT

yp

e

Me

tric

sT

yp

eID

: in

t N

OT

NU

LL

De

scr:

nva

rch

ar(

30

) N

UL

L

Ho

stC

ou

nts

Co

un

tDa

te:

da

tetim

e N

OT

NU

LL

Gro

up

ID:

int

NO

T N

UL

L (

FK

)

Ho

stC

ou

nt:

in

t N

OT

NU

LL

Re

jectM

etr

ics

Site

ID:

int

NU

LL

SP

Gro

up

ID:

int

NO

T N

UL

L

Se

cC

hkID

: in

t N

OT

NU

LL

Se

ve

rity

ID:

int

NO

T N

UL

L

Me

tric

sT

yp

eID

: in

t N

OT

NU

LL

Me

tric

sD

ay:

da

tetim

e N

OT

NU

LL

Vu

lnS

tatu

s:

int

NO

T N

UL

L

Co

un

ts:

int

NO

T N

UL

L



Sensor Data Schema

Schema The following diagram displays the Sensor Data schema:S

enso

rData

1

Row

ID: big

int ID

EN

TIT

Y

Senso

rData

ID: big

int N

OT

NU

LL (

IE8.4

)

Ale

rtN

am

e: nva

rchar(

60)

NU

LL

Ale

rtD

ate

Tim

e: date

time N

ULL (

IE8.2

)

Ale

rtID

: ch

ar(

26)

NU

LL

Senso

rNam

e: nva

rchar(

100)

NU

LL

Pro

duct

ID: sm

alli

nt N

ULL

Ale

rtT

ypeID

: sm

alli

nt N

ULL

Ale

rtP

riority

: tin

yint N

ULL

Ale

rtF

lags:

int N

ULL

Senso

rAddre

ssIn

t: n

um

eric(

10)

NU

LL

Src

Addre

ssIn

t: n

um

eric(

10)

NU

LL

Dest

Addre

ssIn

t: n

um

eric(

10)

NU

LL

Pro

toco

lID: sm

alli

nt N

ULL

Sourc

eP

ort

: in

t N

ULL

Sourc

eP

ort

Nam

e: nva

rchar(

60)

NU

LL

Dest

Port

Nam

e: nva

rchar(

60)

NU

LL

Use

rNam

e: nva

rchar(

60)

NU

LL

Pro

cess

ingF

lag: tin

yint N

ULL (

IE7.1

)

Cle

are

d: ch

ar(

1)

NU

LL (

IE8.3

)

Host

GU

ID: va

rchar(

36)

NU

LL

Host

DN

SN

am

e: nva

rchar(

254)

NU

LL

Host

NB

Nam

e: nva

rchar(

20)

NU

LL

Host

NB

Dom

ain

: nva

rchar(

255)

NU

LL

Host

OS

Nam

e: nva

rchar(

64)

NU

LL

Host

OS

Vers

ion: nva

rchar(

32)

NU

LL

Host

OS

Revi

sionLeve

l: va

rchar(

32)

NU

LL

Obse

rvance

ID: big

int N

ULL (

IE8.1

)

Vuln

Sta

tus:

tin

yint N

ULL

Ale

rtC

ount: in

t N

ULL

Obje

ctN

am

e: nva

rchar(

2000)

NU

LL

Obje

ctT

ype: tin

yint N

ULL

OS

Gro

upID

: tin

yint N

ULL

Com

ponentID

: in

t N

ULL

Senso

rGU

ID: va

rchar(

36)

NU

LL

Lic

Module

: va

rchar(

100)

NU

LL

VLan: nva

rchar(

64)

NU

LL

Virtu

alS

enso

rNam

e: nva

rchar(

64)

NU

LL

Senso

rData

AV

P1

Senso

rData

ID: big

int N

OT

NU

LL (

IE1.1

)

Attribute

Nam

e: nva

rchar(

50)

NU

LL

Attribute

Data

Typ

e: tin

yint N

ULL

Attribute

Valu

e: nva

rchar(

2000)

NU

LL

Attribute

Blo

b: nte

xt N

ULL

Senso

rData

Resp

onse

1

Senso

rData

ID: big

int N

OT

NU

LL (

IE1.1

)

Resp

onse

Typ

eN

am

e: va

rchar(

32)

NU

LL

Resp

onse

Nam

e: nva

rchar(

32)

NU

LL

Senso

rData

Le

gacy

Senso

rData

ID: big

int N

OT

NU

LL

Ale

rtD

ata

ID: in

t N

OT

NU

LL

Ale

rtF

orm

atV

ers

ion: in

t N

ULL

Ale

rtN

am

eT

ype: in

t N

ULL

Ale

rtN

am

e: nva

rchar(

60)

NU

LL

Ale

rtD

ate

Tim

e: date

time N

ULL (

IE8.2

)

Loca

lTim

ezo

neO

ffse

t: in

t N

ULL

Ale

rtT

imeP

reci

sion: in

t N

ULL

Ale

rtT

imeS

eqID

: in

t N

ULL

Ale

rtID

: ch

ar(

26)

NU

LL

Senso

rAddre

ss: va

rchar(

60)

NU

LL

Senso

rNam

e: nva

rchar(

100)

NU

LL

Pro

duct

ID: in

t N

ULL

Ale

rtT

ypeID

: in

t N

ULL

Ale

rtP

riority

: in

t N

ULL

Ale

rtF

lags:

int N

ULL

Senso

rAddre

ssIn

t: n

um

eric(

10)

NU

LL

Src

Addre

ssN

am

e: V

AR

CH

AR

(60)

NU

LL

Src

Addre

ssIn

t: n

um

eric(

10)

NU

LL

Dest

Addre

ssN

am

e: V

AR

CH

AR

(60)

NU

LL

Dest

Addre

ssIn

t: n

um

eric(

10)

NU

LL

Pro

toco

lID: in

t N

ULL

Sourc

eP

ort

: in

t N

ULL

Obje

ctN

am

e: nva

rchar(

2000)

NU

LL

Obje

ctT

ype: tin

yint N

ULL

Sourc

eP

ort

Nam

e: nva

rchar(

60)

NU

LL

Dest

Port

Nam

e: nva

rchar(

60)

NU

LL

Attack

Succ

ess

ful:

tinyi

nt N

ULL

Attack

Fra

gm

ente

d: tin

yint N

ULL

Attack

Origin

: nva

rchar(

60)

NU

LL

Reso

urc

eID

: in

t N

ULL

Reso

urc

eS

ubID

: va

rchar(

60)

NU

LL

Applic

atio

n: nva

rchar(

60)

NU

LL

Use

rNam

e: nva

rchar(

60)

NU

LL

Pro

cess

ingF

lag: in

t N

ULL (

IE7.1

)

Cle

are

d: ch

ar(

1)

NU

LL (

IE8.3

)

Host

GU

ID: va

rchar(

36)

NU

LL

Sta

rtT

ime: date

time N

ULL

Sto

pT

ime: date

time N

ULL

Host

DN

SN

am

e: nva

rchar(

254)

NU

LL

Host

NB

Nam

e: nva

rchar(

20)

NU

LL

Host

NB

Dom

ain

: nva

rchar(

255)

NU

LL

Host

OS

Nam

e: nva

rchar(

64)

NU

LL

Host

OS

Vers

ion: nva

rchar(

32)

NU

LL

Host

OS

Revi

sionLeve

l: va

rchar(

32)

NU

LL

Vuln

Sta

tus:

tin

yint N

ULL

Ale

rtC

ount: in

t N

OT

NU

LL

Obse

rvance

ID: big

int N

ULL (

IE8.1

)

OS

Gro

upID

: in

t N

ULL

Com

ponentID

: in

t N

ULL

Senso

rGU

ID: va

rchar(

36)

NU

LL

Lic

Module

: va

rchar(

100)

NU

LL

Senso

rData

Resp

onse

Le

gacy

Senso

rData

ID: big

int N

OT

NU

LL (

IE1.1

)

Resp

onse

Typ

eN

am

e: va

rchar(

32)

NU

LL

Resp

onse

Nam

e: nva

rchar(

32)

NU

LL

Senso

rData

AV

PLe

gacy

Senso

rData

ID: big

int N

OT

NU

LL (

IE1.1

)

Attribute

Nam

e: nva

rchar(

50)

NU

LL

Attribute

Data

Typ

e: va

rchar(

30)

NU

LL

Attribute

Valu

e: nva

rchar(

2000)

NU

LL

Attribute

Blo

b: T

EX

T N

ULL

Senso

rData

wrk

_S

enso

rData

Row

ID: big

int N

OT

NU

LL

Senso

rData

ID: big

int N

OT

NU

LL

Ale

rtN

am

e: nva

rchar(

60)

NU

LL

Ale

rtD

ate

Tim

e: date

time N

ULL

Senso

rNam

e: nva

rchar(

100)

NU

LL

Pro

duct

ID: sm

alli

nt N

ULL

Ale

rtT

ypeID

: sm

alli

nt N

ULL

Ale

rtP

riority

: tin

yint N

ULL

Ale

rtF

lags:

int N

ULL

Senso

rAddre

ssIn

t: n

um

eric(

10)

NU

LL

Src

Addre

ssIn

t: n

um

eric(

10)

NU

LL

Dest

Addre

ssIn

t: n

um

eric(

10)

NU

LL

Obje

ctN

am

e: nva

rchar(

2000)

NU

LL

Obje

ctT

ype: tin

yint N

ULL

Pro

cess

ingF

lag: tin

yint N

ULL

Cle

are

d: ch

ar(

1)

NU

LL

Host

GU

ID: va

rchar(

36)

NU

LL

Host

DN

SN

am

e: nva

rchar(

254)

NU

LL

Host

NB

Nam

e: nva

rchar(

20)

NU

LL

Host

NB

Dom

ain

: nva

rchar(

255)

NU

LL

Host

OS

Nam

e: nva

rchar(

64)

NU

LL

Host

OS

Vers

ion: nva

rchar(

32)

NU

LL

Host

OS

Revi

sionLeve

l: va

rchar(

32)

NU

LL

Vuln

Sta

tus:

tin

yint N

ULL

Ale

rtC

ount: in

t N

ULL

Obse

rvance

ID: big

int N

ULL

OS

Gro

upID

: tin

yint N

ULL

Com

ponentID

: in

t N

ULL

Senso

rGU

ID: va

rchar(

36)

NU

LL

Lic

Module

: va

rchar(

100)

NU

LL

SecC

hkI

D: in

t N

ULL

Dst

Host

ID: in

t N

ULL

Src

Host

ID: in

t N

ULL

Obje

ctID

: in

t N

ULL

Reje

ctR

easo

n: va

rchar(

200)

NU

LL

Ale

rtID

: ch

ar(

26)

NU

LL

VLanID

: in

t N

ULL

VLan: nva

rchar(

64)

NU

LL

Virtu

alS

enso

rID

: in

t N

ULL

Virtu

alS

enso

rNam

e: nva

rchar(

64)

NU

LL

Eve

ntU

serI

D: in

t N

ULL

Use

rNam

e: nva

rchar(

64)

NU

LL

Senso

rData

AV

P

Senso

rData

Resp

onse

60

Site Analysis Schema

Site Analysis Schema

Schema The following diagram displays the Site Analysis schema:

Vuln

Sta

tus

Vuln

Sta

tus: tinyin

t N

OT

NU

LL

Vuln

Sta

tusD

esc: nvarc

har(

60)

NU

LL

Sort

ID: in

t N

OT

NU

LL

SensorH

ost

SensorI

D: C

om

ponent.C

om

ponentID

: in

t ID

EN

TIT

Y

SensorH

ostID

: H

osts

.HostID

: in

t ID

EN

TIT

Y

SensorI

PA

ddre

ss: H

osts

.HostIP

Nbr:

num

eric(1

0)

NO

T N

ULL

SensorD

NS

Nam

e: H

osts

.HostD

NS

Nam

e: N

VA

RC

HA

R(2

54)

NU

LL

SensorO

SN

am

e: H

osts

.HostO

SN

am

e: nvarc

har(

64)

NU

LL

SensorN

am

e: C

om

ponent.S

ensorN

am

e: nvarc

har(

100)

NU

LL

SensorN

BN

am

e: H

osts

.HostN

BN

am

e: N

VA

RC

HA

R(1

6)

NU

LL

Observ

anceT

ype

Observ

anceT

ype: tinyin

t N

OT

NU

LL

Observ

anceT

ypeD

esc: nvarc

har(

30)

NU

LL

Severity

Severity

ID: tinyin

t N

OT

NU

LL

Severity

Desc: nvarc

har(

10)

NU

LL

Observ

ances

Observ

anceID

: big

int N

OT

NU

LL

Observ

anceT

ime: date

tim

e N

OT

NU

LL (

IE8.1

)

Observ

anceT

ype: tinyin

t N

ULL (

FK

)

SecC

hkID

: in

t N

ULL (

FK

)

SensorI

D: in

t N

OT

NU

LL

Sourc

eID

: in

t N

OT

NU

LL (

IE6.1

)

Targ

etID

: in

t N

OT

NU

LL (

IE10.1

)

Observ

anceC

ount: int N

ULL

Obje

ctID

: in

t N

ULL (

FK

)

Severity

ID: tinyin

t N

ULL (

FK

)

Cle

are

dC

ount: int N

ULL

Vuln

Sta

tus: tinyin

t N

ULL (

FK

)

LastM

odifie

dA

t: d

ate

tim

e N

ULL (

IE11.1

)

CheckS

um

ID: in

t N

ULL (

IE12.1

)

VLanID

: in

t N

ULL (

FK

)

Virtu

alS

ensorI

D: in

t N

ULL (

FK

)

EventU

serI

D: in

t N

ULL (

FK

)

Observ

anceC

olu

mn

Dis

pla

yN

am

e: varc

har(

100)

NO

T N

ULL

Qualif

iedC

olN

am

e: varc

har(

100)

NU

LL

Table

Nam

e: varc

har(

100)

NU

LL

ColN

am

e: varc

har(

100)

NU

LL

PK

_C

olN

am

e: varc

har(

100)

NU

LL

FK

_C

olN

am

e: varc

har(

100)

NU

LL

FK

_T

able

Nam

e: varc

har(

100)

NU

LL

ColT

ype: char(

1)

NU

LL

Join

Type: varc

har(

15)

NU

LL

Filt

erC

olN

am

e: varc

har(

100)

NU

LL

IndexH

int: v

arc

har(

100)

NU

LL

Uniq

ueT

oD

imensio

n: tinyin

t N

ULL

Com

ponent

Com

ponentID

: in

t ID

EN

TIT

Y

Role

ID: in

t N

ULL (

FK

) (I

E2.3

)

LastP

ushedP

olic

yID

: in

t N

ULL (

FK

)

Pro

pert

yF

ileID

: in

t N

ULL (

FK

)

HostID

: in

t N

ULL (

FK

) (I

E2.1

)

Priority

: num

eric N

OT

NU

LL

Sta

tus: num

eric N

OT

NU

LL

LastM

odifie

dB

y: nvarc

har(

60)

NU

LL

LastM

odifie

dA

t: d

ate

tim

e N

ULL

Dele

ted: num

eric N

OT

NU

LL

EventS

ourc

eP

ort

: in

t N

ULL

EventP

ort

: in

t N

ULL

Vers

ion: varc

har(

40)

NU

LL

SensorN

am

e: nvarc

har(

100)

NU

LL (

IE2.2

)

Polic

y: nvarc

har(

434)

NU

LL

Maste

r: v

arc

har(

30)

NU

LL

Availa

ble

XP

U: varc

har(

40)

NU

LL

LastInsta

lledX

PU

: varc

har(

40)

NU

LL

Loggin

gLevel: tin

yin

t N

ULL

Lic

enseS

tate

: sm

alli

nt N

ULL

XP

US

tate

: sm

alli

nt N

ULL

Sta

teD

escription: nvarc

har(

500)

NU

LL

Unexpecte

dC

onfigC

hange: tinyin

t N

ULL

Modifie

dB

yS

ensorC

ontr

olle

r: tin

yin

t N

OT

NU

LL

Daem

onP

ort

: in

t N

ULL

EventL

ogO

ption: tinyin

t N

ULL

SiteID

: in

t N

ULL (

FK

)

LastP

ushedR

esponseID

: in

t N

ULL (

FK

)

XP

UD

ate

: date

tim

e N

ULL

Response: nvarc

har(

434)

NU

LL

Polic

yG

roupID

: in

t N

ULL (

FK

)

LastH

eart

Beat: d

ate

tim

e N

ULL

GU

ID: varc

har(

36)

NU

LL (

IE1.1

)

Lic

enseID

: in

t N

ULL (

FK

)

Polic

yC

hangedF

lag: tinyin

t N

OT

NU

LL

FC

PE

ventP

ort

: in

t N

ULL

FC

PE

ventS

ourc

eP

ort

: in

t N

ULL

EC

Sta

tus: tinyin

t N

ULL

EC

Sta

teD

escription: nvarc

har(

500)

NU

LL

OptionF

lags: in

t N

ULL

EventC

olle

cto

rID

: in

t N

ULL (

FK

)

Ale

rtE

ventP

ort

: in

t N

ULL

Ale

rtE

ventS

ourc

eP

ort

: in

t N

ULL

ModelD

esc: varc

har(

1000)

NU

LL

Security

Checks

SecC

hkID

: in

t N

OT

NU

LL

TagN

am

e: varc

har(

60)

NO

T N

ULL (

AK

1.1

)

ChkN

am

e: varc

har(

40)

NO

T N

ULL

ChkB

riefD

esc: N

VA

RC

HA

R(2

55)

NU

LL

ChkD

eta

ilDesc: nte

xt N

ULL

ChkD

ate

Report

ed: date

tim

e N

ULL

ChkD

ate

Ente

red: date

tim

e N

ULL

ChkD

ate

Changed: date

tim

e N

ULL

Item

Affecte

d: nvarc

har(

255)

NU

LL

Dis

covere

r: n

varc

har(

255)

NU

LL

ConseqN

am

e: varc

har(

20)

NU

LL

ConseqB

riefD

esc: nvarc

har(

255)

NU

LL

ConseqD

eta

ilDesc: nte

xt N

ULL

Obsole

te: bit N

OT

NU

LL

Repla

cedB

y: in

t N

ULL

Vuln

Sta

tus: bit N

OT

NU

LL

Hosts H

ostID

: in

t ID

EN

TIT

Y

HostIpA

ddre

ss: varc

har(

47)

NU

LL

HostD

NS

Nam

e: N

VA

RC

HA

R(2

54)

NU

LL

HostN

BN

am

e: N

VA

RC

HA

R(1

6)

NU

LL

HostN

BD

om

ain

: nvarc

har(

16)

NU

LL

HostO

SN

am

e: nvarc

har(

64)

NU

LL

HostO

SV

ers

ion: nvarc

har(

32)

NU

LL

HostO

SR

evis

ionLevel: v

arc

har(

32)

NU

LL

HostO

wner:

nvarc

har(

50)

NU

LL

Date

HostA

dded: date

tim

e N

OT

NU

LL

GU

ID: varc

har(

36)

NU

LL

HostIP

Nbr:

num

eric(1

0)

NO

T N

ULL (

IE1.1

)

MacA

ddre

ss: char(

17)

NU

LL

Date

HostU

pdate

d: date

tim

e N

OT

NU

LL (

IE1.2

)

OS

Gro

upID

: in

t N

ULL (

FK

)

ISS

canD

ate

: date

tim

e N

ULL (

IE2.1

)

Sta

tNam

eID

: in

t N

ULL (

IE2.2

)

Sourc

eH

ost

Sourc

eID

: <

Hosts

.HostID

>

Sourc

eIp

Addre

ss: <

Hosts

.HostIpN

br>

Sourc

eD

NS

Nam

e: <

Hosts

.HostD

NS

Nam

e>

Sourc

eO

SN

am

e: <

Hosts

.HostO

SN

am

e>

Sourc

eN

BN

am

e: H

osts

.HostN

BN

am

e: N

VA

RC

HA

R(1

6)

NU

LL

Targ

etH

ost

Targ

etID

: <

Hosts

.HostID

>

Targ

etIpA

ddre

ss: <

Hosts

.HostIpN

br>

Targ

etD

NS

Nam

e: <

Hosts

.HostD

NS

Nam

e>

Targ

etO

SN

am

e: <

Hosts

.HostO

SN

am

e>

Targ

etIP

Dis

pla

y: H

osts

.HostIpA

ddre

ss: varc

har(

47)

NU

LL

Targ

etO

SR

evis

ionLevel: H

osts

.HostO

SR

evis

ionLevel: v

arc

har(

32)

NU

LL

Targ

etN

BN

am

e: H

osts

.HostN

BN

am

e: N

VA

RC

HA

R(1

6)

NU

LL

SiteF

ilters

SiteF

ilterI

D: in

t ID

EN

TIT

Y

SiteF

ilterT

ypeID

: in

t N

ULL (

FK

)

SiteF

ilterN

am

e: nvarc

har(

60)

NU

LL

SiteF

ilterD

esc: nte

xt N

ULL

Fusio

nIg

nore

Fla

g: bit N

OT

NU

LL

Dele

ted: tinyin

t N

ULL

Cre

ate

dB

y: varc

har(

60)

NU

LL

Date

Modifie

d: date

tim

e N

ULL

Observ

anceS

iteF

ilters

Observ

anceID

: big

int N

OT

NU

LL

SiteF

ilterR

ule

ID: in

t N

OT

NU

LL (

FK

)

SiteF

ilterI

D: in

t N

OT

NU

LL (

FK

) (I

E1.1

)

Observ

anceS

iteF

ilters

Vie

w

Observ

anceID

: O

bserv

anceS

iteF

ilters

.Observ

anceID

: big

int N

OT

NU

LL

SiteF

ilterI

D: O

bserv

anceS

iteF

ilters

.SiteF

ilterI

D: in

t N

OT

NU

LL

SiteF

ilterT

ype: S

iteF

ilterT

ype.S

iteF

ilterT

ype: char(

2)

NO

T N

ULL

SiteF

ilterN

am

e: S

iteF

ilters

.SiteF

ilterN

am

e: nvarc

har(

60)

NU

LL

SiteF

ilterD

esc: <

convert

(varc

har(

4000...>

Cre

ate

dB

y: S

iteF

ilters

.Cre

ate

dB

y: varc

har(

60)

NU

LL

SiteF

ilterT

ype

SiteF

ilterT

ypeID

: in

t N

OT

NU

LL

SiteF

ilterT

ype: char(

2)

NO

T N

ULL (

AK

1.1

)

SiteF

ilterN

am

e: nvarc

har(

80)

NO

T N

ULL

Obje

ctT

ype

Obje

ctT

ype: tinyin

t N

OT

NU

LL

Obje

ctT

ypeD

esc: nvarc

har(

30)

NO

T N

ULL

Obje

ct

Obje

ctID

: in

t ID

EN

TIT

Y

Obje

ctT

ype: tinyin

t N

OT

NU

LL (

FK

) (I

E2.2

)

Obje

ctN

am

e: nvarc

har(

200)

NO

T N

ULL (

IE1.1

,IE

2.1

)

Obje

ctV

iew

Obje

ctID

: O

bje

ct.O

bje

ctID

: in

t ID

EN

TIT

Y

Obje

ctT

ype: O

bje

ct.O

bje

ctT

ype: tinyin

t N

OT

NU

LL

Obje

ctN

am

e: O

bje

ct.O

bje

ctN

am

e: nvarc

har(

200)

NO

T N

ULL

Obje

ctT

ypeD

esc: O

bje

ctT

ype.O

bje

ctT

ypeD

esc: nvarc

har(

30)

NO

T N

ULL

LastV

uln

Sta

tus

Vuln

Sta

tusD

esc: V

uln

Sta

tus.V

uln

Sta

tusD

esc: nvarc

har(

60)

NU

LL

Vuln

Sta

tus: V

uln

Sta

tus.V

uln

Sta

tus: tinyin

t N

OT

NU

LL

SiteF

ilterR

ule

s

SiteF

ilterR

ule

ID: in

t ID

EN

TIT

Y

SiteF

ilterI

D: in

t N

OT

NU

LL (

FK

)

SiteF

ilterS

tart

Date

: date

tim

e N

ULL

SiteF

ilterE

ndD

ate

: date

tim

e N

ULL

Begin

Src

Addre

ssIn

t: n

um

eric(1

0,0

) N

ULL (

IE1.1

)

EndS

rcA

ddre

ssIn

t: n

um

eric(1

0,0

) N

ULL (

IE2.1

)

Begin

DestA

ddre

ssIn

t: n

um

eric(1

0,0

) N

ULL (

IE3.1

)

EndD

estA

ddre

ssIn

t: n

um

eric(1

0,0

) N

ULL (

IE4.1

)

TagN

am

eIn

: varc

har(

900)

NU

LL (

IE5.1

)

TagN

am

eLik

e: varc

har(

60)

NU

LL (

IE6.1

)

Targ

etO

bje

ctN

am

eLik

e: varc

har(

200)

NU

LL (

IE7.1

)

Vuln

Sta

tusIn

: varc

har(

900)

NU

LL (

IE8.1

)

Targ

etO

bje

ctT

ype: tinyin

t N

ULL (

FK

)

Observ

anceT

ype: tinyin

t N

ULL (

FK

)

EventU

ser

EventU

serI

D: in

t ID

EN

TIT

Y

UserN

am

e: nvarc

har(

60)

NU

LL

Virtu

alS

enso

r

Virtu

alS

ensorI

D: in

t ID

EN

TIT

Y

Virtu

alS

ensorN

am

e: nvarc

har(

64)

NU

LL

VLan V

LanID

: in

t ID

EN

TIT

Y

VLan: nvarc

har(

64)

NU

LL

HostP

rote

ctionS

tatu

s

Targ

etID

: in

t N

OT

NU

LL

SecC

hkID

: in

t N

OT

NU

LL (

IE2.1

)

Observ

anceT

ime: date

tim

e N

OT

NU

LL

Severity

ID: tinyin

t N

OT

NU

LL

Observ

anceID

: big

int N

OT

NU

LL (

IE1.1

)

Fix

ed: tinyin

t N

OT

NU

LL



Site Filters Schema

Schema The following diagram displays the Site Filters schema:

Site

Filt

erT

yp

e

Site

Filt

erT

yp

eID

: in

t

Site

Filt

erT

yp

e:

ch

ar(

2)

Site

Filt

erN

am

e:

nva

rch

ar(

80

)

Site

Filt

ers

Site

Filt

erI

D:

int

Site

Filt

erT

yp

eID

: in

t (F

K)

Site

Filt

erN

am

e:

nva

rch

ar(

60

)S

ite

Filt

erD

esc:

nte

xt

Fu

sio

nIg

no

reF

lag

: b

itD

ele

ted

: tin

yin

tC

rea

ted

By:

va

rch

ar(

60

)D

ate

Mo

difie

d:

da

tetim

e

Site

Filt

erR

ule

s

Site

Filt

erR

ule

ID:

int

Site

Filt

erI

D:

int

(FK

)

Site

Filt

erS

tart

Da

te:

da

tetim

eS

ite

Filt

erE

nd

Da

te:

da

tetim

eB

eg

inS

rcA

dd

ressIn

t: n

um

eric(1

0,0

)E

nd

Src

Ad

dre

ssIn

t: n

um

eric(1

0,0

)B

eg

inD

estA

dd

ressIn

t: n

um

eric(1

0,0

)E

nd

De

stA

dd

ressIn

t: n

um

eric(1

0,0

)T

ag

Na

me

In:

va

rch

ar(

90

0)

Ta

gN

am

eL

ike

: va

rch

ar(

60

)T

arg

etO

bje

ctN

am

eL

ike

: va

rch

ar(

20

0)

Vu

lnS

tatu

sIn

: va

rch

ar(

90

0)

Ta

rge

tOb

jectT

yp

e:

tin

yin

t (F

K)

Ob

se

rva

nce

Typ

e:

tin

yin

t (F

K)

Ob

se

rva

nce

Site

Filt

ers

Ob

se

rva

nce

ID:

big

int

Site

Filt

erR

ule

ID:

int

(FK

)S

ite

Filt

erI

D:

int

(FK

)

Ob

se

rva

nce

Site

Filt

ers

Vie

w

Ob

se

rva

nce

ID:

Ob

se

rva

nce

Site

Filt

ers

.Ob

se

rva

nce

ID:

big

int

NO

T N

UL

LS

ite

Filt

erI

D:

Ob

se

rva

nce

Site

Filt

ers

.Site

Filt

erI

D:

int

NO

T N

UL

LS

ite

Filt

erT

yp

e:

Site

Filt

erT

yp

e.S

ite

Filt

erT

yp

e:

ch

ar(

2)

NO

T N

UL

LS

ite

Filt

erN

am

e:

Site

Filt

ers

.Site

Filt

erN

am

e:

nva

rch

ar(

60

) N

UL

LS

ite

Filt

erD

esc:

<co

nve

rt(v

arc

ha

r(4

00

0..

.>C

rea

ted

By:

Site

Filt

ers

.Cre

ate

dB

y:

va

rch

ar(

60

) N

UL

L

Site

Filt

erV

iew

Site

Filt

erI

D:

Site

Filt

ers

.Site

Filt

erI

D:

int

IDE

NT

ITY

Site

Filt

erR

ule

ID:

Site

Filt

erR

ule

s.S

ite

Filt

erR

ule

ID:

int

IDE

NT

ITY

Site

Filt

erT

yp

eID

: S

ite

Filt

ers

.Site

Filt

erT

yp

eID

: in

t N

UL

LS

ite

Filt

erT

yp

e:

Site

Filt

erT

yp

e.S

ite

Filt

erT

yp

e:

ch

ar(

2)

NO

T N

UL

LS

ite

Filt

erN

am

e:

Site

Filt

ers

.Site

Filt

erN

am

e:

nva

rch

ar(

60

) N

UL

LS

ite

Filt

erS

tart

Da

te:

Site

Filt

erR

ule

s.S

ite

Filt

erS

tart

Da

te:

da

tetim

e N

UL

LS

ite

Filt

erE

nd

Da

te:

Site

Filt

erR

ule

s.S

ite

Filt

erE

nd

Da

te:

da

tetim

e N

UL

LB

eg

inS

rcA

dd

ressIn

t: S

ite

Filt

erR

ule

s.B

eg

inS

rcA

dd

ressIn

t: n

um

eric(1

0,0

) N

UL

LE

nd

Src

Ad

dre

ssIn

t: S

ite

Filt

erR

ule

s.E

nd

Src

Ad

dre

ssIn

t: n

um

eric(1

0,0

) N

UL

LB

eg

inD

estA

dd

ressIn

t: S

ite

Filt

erR

ule

s.B

eg

inD

estA

dd

ressIn

t: n

um

eric(1

0,0

) N

UL

LE

nd

De

stA

dd

ressIn

t: S

ite

Filt

erR

ule

s.E

nd

De

stA

dd

ressIn

t: n

um

eric(1

0,0

) N

UL

LT

ag

Na

me

In:

Site

Filt

erR

ule

s.T

ag

Na

me

In:

va

rch

ar(

90

0)

NU

LL

Ta

gN

am

eL

ike

: S

ite

Filt

erR

ule

s.T

ag

Na

me

Lik

e:

va

rch

ar(

60

) N

UL

LT

arg

etO

bje

ctN

am

eL

ike

: S

ite

Filt

erR

ule

s.T

arg

etO

bje

ctN

am

eL

ike

: va

rch

ar(

20

0)

NU

LL

Vu

lnS

tatu

sIn

: S

ite

Filt

erR

ule

s.V

uln

Sta

tusIn

: va

rch

ar(

90

0)

NU

LL

Ta

r ge

tOb

jectT

yp

e:

Site

Filt

erR

ule

s.T

arg

etO

bje

ctT

yp

e:

tin

yin

t N

UL

L

62

Staging and Rejects Schema

Staging and Rejects Schema

Schema The following table displays the Staging and Rejects schema:

Stg

Work

ingS

et

SetID

: sm

alli

nt N

OT

NU

LL

EC

_H

ost: v

arc

har(

60)

NU

LL

EC

_G

UID

: varc

har(

60)

NU

LL

LastC

onnectT

ime: date

tim

e N

ULL

ConnectionE

rrorN

um

ber:

int N

ULL

Reje

ctM

etr

ics

SiteID

: in

t N

ULL

SP

Gro

upID

: in

t N

OT

NU

LL

SecC

hkID

: in

t N

OT

NU

LL

Severity

ID: in

t N

OT

NU

LL

Metr

icsT

ypeID

: in

t N

OT

NU

LL

Metr

icsD

ay: date

tim

e N

OT

NU

LL

Vuln

Sta

tus: in

t N

OT

NU

LL

Counts

: in

t N

OT

NU

LL

wrk

_O

bserv

ance

s

ObsID

: big

int N

ULL

ObsT

ime: date

tim

e N

ULL

ObsT

ype: tinyin

t N

ULL

ObsS

ecC

hkID

: in

t N

ULL

ObsS

everity

ID: tinyin

t N

ULL

ObsS

ensorI

D: in

t N

ULL

ObsS

ourc

eID

: in

t N

ULL

ObsT

arg

etID

: in

t N

ULL

ObsO

bje

ctID

: in

t N

ULL

ObsV

uln

Sta

tus: tinyin

t N

ULL

Action: char(

1)

NU

LL

ObsC

ount: int N

ULL

ObsC

leare

dC

ount: int N

ULL

CheckS

um

ID: in

t N

ULL

ObsV

LA

NID

: in

t N

ULL

ObsV

irtu

alS

ensorI

D: in

t N

ULL

ObsE

ventU

serI

D: in

t N

ULL

SensorD

ata

Reje

cte

d

Row

ID: big

int N

OT

NU

LL

SensorD

ata

ID: big

int N

OT

NU

LL (

IE1.1

)

Ale

rtN

am

e: nvarc

har(

60)

NU

LL

Ale

rtD

ate

Tim

e: date

tim

e N

ULL

Ale

rtID

: char(

26)

NU

LL

SensorN

am

e: nvarc

har(

100)

NU

LL

Pro

ductID

: sm

alli

nt N

ULL

Ale

rtT

ypeID

: sm

alli

nt N

ULL

Ale

rtP

riority

: tinyin

t N

ULL

Ale

rtF

lags: in

t N

ULL

SensorA

ddre

ssIn

t: n

um

eric(1

0)

NU

LL

Src

Addre

ssIn

t: n

um

eric(1

0)

NU

LL

DestA

ddre

ssIn

t: n

um

eric(1

0)

NU

LL

Pro

tocolID

: sm

alli

nt N

ULL

Sourc

eP

ort

: in

t N

ULL

Obje

ctN

am

e: nvarc

har(

2000)

NU

LL

Obje

ctT

ype: tinyin

t N

ULL

Sourc

eP

ort

Nam

e: nvarc

har(

60)

NU

LL

DestP

ort

Nam

e: nvarc

har(

60)

NU

LL

Pro

cessin

gF

lag: tinyin

t N

ULL

Cle

are

d: char(

1)

NU

LL

HostG

UID

: varc

har(

36)

NU

LL

HostD

NS

Nam

e: nvarc

har(

254)

NU

LL

HostN

BN

am

e: nvarc

har(

20)

NU

LL

HostN

BD

om

ain

: nvarc

har(

255)

NU

LL

HostO

SN

am

e: nvarc

har(

64)

NU

LL

HostO

SV

ers

ion: nvarc

har(

32)

NU

LL

HostO

SR

evis

ionLevel: v

arc

har(

32)

NU

LL

Vuln

Sta

tus: tinyin

t N

ULL

Ale

rtC

ount: int N

ULL

Observ

anceID

: big

int N

ULL

OS

Gro

upID

: tinyin

t N

ULL

Com

ponentID

: in

t N

ULL

SensorG

UID

: varc

har(

36)

NU

LL

Lic

Module

: varc

har(

100)

NU

LL

Reje

ctR

eason: varc

har(

200)

NU

LL

SD

AV

PR

eje

cte

d

SensorD

ata

ID: big

int N

OT

NU

LL (

IE1.1

)

Attribute

Nam

e: nvarc

har(

50)

NU

LL

Attribute

Data

Type: tinyin

t N

ULL

Attribute

Valu

e: nvarc

har(

2000)

NU

LL

Attribute

Blo

b: nte

xt N

ULL

SD

ResponseR

eje

cte

d

SensorD

ata

ID: big

int N

OT

NU

LL (

IE1.1

)

ResponseT

ypeN

am

e: varc

har(

32)

NU

LL

ResponseN

am

e: nvarc

har(

32)

NU

LL

wrk

_S

ensorD

ata

Row

ID: big

int N

OT

NU

LL

SensorD

ata

ID: big

int N

OT

NU

LL

Ale

rtN

am

e: nvarc

har(

60)

NU

LL

Ale

rtD

ate

Tim

e: date

tim

e N

ULL

SensorN

am

e: nvarc

har(

100)

NU

LL

Pro

ductID

: sm

alli

nt N

ULL

Ale

rtT

ypeID

: sm

alli

nt N

ULL

Ale

rtP

riority

: tinyin

t N

ULL

Ale

rtF

lags: in

t N

ULL

SensorA

ddre

ssIn

t: n

um

eric(1

0)

NU

LL

Src

Addre

ssIn

t: n

um

eric(1

0)

NU

LL

DestA

ddre

ssIn

t: n

um

eric(1

0)

NU

LL

Obje

ctN

am

e: nvarc

har(

2000)

NU

LL

Obje

ctT

ype: tinyin

t N

ULL

Pro

cessin

gF

lag: tinyin

t N

ULL

Cle

are

d: char(

1)

NU

LL

HostG

UID

: varc

har(

36)

NU

LL

HostD

NS

Nam

e: nvarc

har(

254)

NU

LL

HostN

BN

am

e: nvarc

har(

20)

NU

LL

HostN

BD

om

ain

: nvarc

har(

255)

NU

LL

HostO

SN

am

e: nvarc

har(

64)

NU

LL

HostO

SV

ers

ion: nvarc

har(

32)

NU

LL

HostO

SR

evis

ionLevel: v

arc

har(

32)

NU

LL

Vuln

Sta

tus: tinyin

t N

ULL

Ale

rtC

ount: int N

ULL

Observ

anceID

: big

int N

ULL

OS

Gro

upID

: tinyin

t N

ULL

Com

ponentID

: in

t N

ULL

SensorG

UID

: varc

har(

36)

NU

LL

Lic

Module

: varc

har(

100)

NU

LL

SecC

hkID

: in

t N

ULL

DstH

ostID

: in

t N

ULL

Src

HostID

: in

t N

ULL

Obje

ctID

: in

t N

ULL

Reje

ctR

eason: varc

har(

200)

NU

LL

Ale

rtID

: char(

26)

NU

LL

VLanID

: in

t N

ULL

VLan: nvarc

har(

64)

NU

LL

Virtu

alS

ensorI

D: in

t N

ULL

Virtu

alS

ensorN

am

e: nvarc

har(

64)

NU

LL

EventU

serI

D: in

t N

ULL

UserN

am

e: nvarc

har(

64)

NU

LL

stg

SensorD

ata

Set

SetID

: in

t N

OT

NU

LL

LastR

ow

Loaded: big

int N

ULL



Statistics Schema

Schema The following diagram displays the Statistics schema:

Sta

tCa

teg

ory

Sta

tCa

teg

ory

ID:

int

NO

T N

UL

L

Na

me

: n

va

rch

ar(

20

0)

NO

T N

UL

L

Sta

tNa

me

Sta

tNa

me

ID:

int

NO

T N

UL

L

LM

Na

me

: n

va

rch

ar(

20

0)

NO

T N

UL

L

Dis

pla

yN

am

e:

nva

rch

ar(

20

0)

NO

T N

UL

L

Sta

tCa

tAtt

Sta

tAtt

rib

ute

ID:

int

NO

T N

UL

L (

FK

)

Sta

tCa

teg

ory

ID:

int

NO

T N

UL

L (

FK

)

Sta

tistic

Sta

tCa

teg

ory

ID:

int

NO

T N

UL

L (

FK

)

Sta

tNa

me

ID:

int

NO

T N

UL

L (

FK

)

Sta

tAtt

rib

ute

ID:

int

NO

T N

UL

L (

FK

)

Da

teU

pd

ate

d:

da

tetim

e N

UL

L

Va

lue

: n

va

rch

ar(

20

00

) N

UL

L

Site

ID:

int

NU

LL

Sta

tAtt

rib

ute

Sta

tAtt

rib

ute

ID:

int

NO

T N

UL

L

Da

taT

yp

e:

va

rch

ar(

20

) N

OT

NU

LL

Na

me

: n

va

rch

ar(

20

0)

NO

T N

UL

L

Lic

en

se

Lic

en

se

ID:

int

IDE

NT

ITY

Na

me

: n

va

rch

ar(

50

) N

UL

L

Bin

ary

Da

taID

: in

t N

UL

L (

FK

)

Fe

atu

res:

nva

rch

ar(

50

) N

UL

L

Fe

atu

reD

escrip

tio

n:

nva

rch

ar(

10

0)

NU

LL

De

vic

eC

ou

nt:

in

t N

UL

L

Ma

inte

na

nce

Da

te:

va

rch

ar(

40

) N

UL

L

Exp

ire

Da

te:

va

rch

ar(

40

) N

UL

L

Sta

te:

tin

yin

t N

UL

L

Sta

teD

escrip

tio

n:

va

rch

ar(

51

2)

NU

LL

Lic

en

se

Typ

e:

tin

yin

t N

OT

NU

LL

Ke

yS

trin

g:

va

rch

ar(

50

) N

UL

L

Sta

tNa

me

ID:

int

NU

LL

(F

K)

Lic

Co

nta

ctI

nfo

GU

ID:

nva

rch

ar(

40

) N

UL

L (

FK

)

Lic

GU

ID:

nva

rch

ar(

40

) N

UL

L

De

scrip

tio

n:

nva

rch

ar(

10

0)

NU

LL

Ne

wL

ice

nse

ID:

int

NU

LL

(F

K)

Lic

Co

nta

ctI

nfo

Lic

Co

nta

ctI

nfo

GU

ID:

nva

rch

ar(

40

) N

OT

NU

LL

Su

bje

ctN

am

e:

nva

rch

ar(

25

5)

NO

T N

UL

L

Title

: n

va

rch

ar(

10

0)

NU

LL

Co

mp

an

yN

am

e:

nva

rch

ar(

25

5)

NU

LL

Ad

dre

ss1

: n

va

rch

ar(

25

5)

NU

LL

Ad

dre

ss2

: n

va

rch

ar(

25

5)

NU

LL

City:

nva

rch

ar(

10

0)

NU

LL

Sta

te:

nva

rch

ar(

50

) N

UL

L

Po

stC

od

e:

nva

rch

ar(

40

) N

UL

L

Co

un

try:

nva

rch

ar(

60

) N

UL

L

Em

ail:

nva

rch

ar(

25

5)

NU

LL

Ad

ditio

na

lIn

fo:

nva

rch

ar(

25

5)

NU

LL

Lic

Co

nsq

Me

ssa

ge

Sta

tNa

me

ID:

int

NO

T N

UL

L

Ph

ase

: in

t N

OT

NU

LL

Mo

de

: ch

ar(

10

) N

OT

NU

LL

Me

ssa

ge

: n

text

NU

LL

Ho

sts H

ostI

D:

int

IDE

NT

ITY

Ho

stI

pA

dd

ress:

va

rch

ar(

47

) N

UL

L

Ho

stD

NS

Na

me

: N

VA

RC

HA

R(2

54

) N

UL

L

Ho

stN

BN

am

e:

NV

AR

CH

AR

(16

) N

UL

L

Ho

stN

BD

om

ain

: n

va

rch

ar(

16

) N

UL

L

Ho

stO

SN

am

e:

nva

rch

ar(

64

) N

UL

L

Ho

stO

SV

ers

ion

: n

va

rch

ar(

32

) N

UL

L

Ho

stO

SR

evis

ion

Le

ve

l: v

arc

ha

r(3

2)

NU

LL

Ho

stO

wn

er:

nva

rch

ar(

50

) N

UL

L

Da

teH

ostA

dd

ed

: d

ate

tim

e N

OT

NU

LL

GU

ID:

va

rch

ar(

36

) N

UL

L

Ho

stI

PN

br:

nu

me

ric(1

0)

NO

T N

UL

L

Ma

cA

dd

ress:

ch

ar(

17

) N

UL

L

Da

teH

ostU

pd

ate

d:

da

tetim

e N

OT

NU

LL

OS

Gro

up

ID:

int

NU

LL

(F

K)

ISS

ca

nD

ate

: d

ate

tim

e N

UL

L

Sta

tNa

me

ID:

int

NU

LL

64

X-Force Schema

X-Force Schema

Schema The following diagram displays the X-force schema:

Pro

toco

ls

Pro

toco

lID

: in

t N

OT

NU

LL

Pro

toco

lNa

me

: va

rch

ar(

40

) N

OT

NU

LL

Pro

toco

lDe

sc:

va

rch

ar(

25

5)

NU

LL

Se

rvic

es

Se

rvic

eID

: in

t N

OT

NU

LL

Se

rvic

eN

am

e:

nva

rch

ar(

64

) N

OT

NU

LL

(A

K1

.1)

Se

rvic

eP

roto

co

l: v

arc

ha

r(2

0)

NO

T N

UL

L (

AK

1.2

)

Se

rvR

FC

Po

rt:

int

NU

LL

(A

K1

.3)

Se

rvB

rie

fDe

sc:

nva

rch

ar(

25

5)

NU

LL

Ch

eckS

erv

ice

s

Se

cC

hkID

: in

t N

OT

NU

LL

(F

K)

Se

rvic

eID

: in

t N

OT

NU

LL

(F

K)

Pla

tfo

rmT

yp

es

Pla

tfo

rmT

yp

eID

: in

t N

OT

NU

LL

Pla

tfo

rmT

yp

eN

am

e:

va

rch

ar(

50

) N

UL

L (

AK

1.1

)

Pla

tfo

rmT

yp

eD

esc:

nva

rch

ar(

25

5)

NU

LL

Pla

tfo

rms

Pla

tfo

rmID

: in

t N

OT

NU

LL

Pla

tfo

rmN

am

e:

va

rch

ar(

40

) N

OT

NU

LL

(IE

1.1

)

Pla

tfo

rmV

ers

ion

: va

rch

ar(

20

) N

UL

L

Pla

tfo

rmM

fg:

va

rch

ar(

50

) N

UL

L

Pla

tfo

rmT

yp

eID

: in

t N

UL

L (

FK

)

Re

lea

se

Da

te:

da

tetim

e N

UL

L

Ch

eckP

latf

orm

s

Se

cC

hkID

: in

t N

OT

NU

LL

(F

K)

Pla

tfo

rmID

: in

t N

OT

NU

LL

(F

K)

Ch

kP

latf

orm

Co

mm

en

t: n

va

rch

ar(

25

5)

NU

LL

Fm

tRe

me

dyD

esc:

nte

xt

NU

LL

Re

me

dyD

esc:

nte

xt

NU

LL

Ch

eckC

ate

go

rie

s

Se

cC

hkID

: in

t N

OT

NU

LL

(F

K)

Ca

teg

ory

ID:

int

NO

T N

UL

L (

FK

)

Ca

teg

ory

Gro

up

Ca

tGro

up

ID:

int

NO

T N

UL

L

Ca

tGro

up

Na

me

: va

rch

ar(

40

) N

UL

L (

AK

1.1

)

Ca

tGro

up

De

sc:

nte

xt

NU

LL

Ca

teg

orie

s

Ca

teg

ory

ID:

int

NO

T N

UL

L

Ca

tGro

up

ID:

int

NO

T N

UL

L (

FK

)

Ca

teg

ory

Na

me

: va

rch

ar(

40

) N

UL

L

Ca

teg

ory

De

sc:

nte

xt

NU

LL

Se

cu

rity

Ch

ecks

Se

cC

hkID

: in

t N

OT

NU

LL

Ta

gN

am

e:

va

rch

ar(

60

) N

OT

NU

LL

(A

K1

.1)

Ch

kN

am

e:

va

rch

ar(

40

) N

OT

NU

LL

Ch

kB

rie

fDe

sc:

NV

AR

CH

AR

(25

5)

NU

LL

Ch

kD

eta

ilDe

sc:

nte

xt

NU

LL

Ch

kD

ate

Re

po

rte

d:

da

tetim

e N

UL

L

Ch

kD

ate

En

tere

d:

da

tetim

e N

UL

L

Ch

kD

ate

Ch

an

ge

d:

da

tetim

e N

UL

L

Ite

mA

ffe

cte

d:

nva

rch

ar(

25

5)

NU

LL

Dis

co

ve

rer:

nva

rch

ar(

25

5)

NU

LL

Co

nse

qN

am

e:

va

rch

ar(

20

) N

UL

L

Co

nse

qB

rie

fDe

sc:

nva

rch

ar(

25

5)

NU

LL

Co

nse

qD

eta

ilDe

sc:

nte

xt

NU

LL

Ob

so

lete

: b

it N

OT

NU

LL

Re

pla

ce

dB

y:

int

NU

LL

Vu

lnS

tatu

s:

bit N

OT

NU

LL

Exte

rna

lRe

fere

nce

s

ExtR

efI

D:

int

NO

T N

UL

L

Se

cC

hkID

: in

t N

UL

L (

FK

)

Exte

rna

lRe

fere

nce

: n

va

rch

ar(

25

5)

NU

LL

Title

: va

rch

ar(

25

5)

NU

LL

So

urc

e:

va

rch

ar(

10

0)

NU

LL

Pre

ferr

ed

Re

f: b

it N

OT

NU

LL

Re

me

die

s

Se

cC

hkID

: in

t N

OT

NU

LL

(F

K)

Re

me

dyD

esc:

nte

xt

NU

LL

Re

me

dyL

oca

tio

n:

va

rch

ar(

50

) N

UL

L

Mo

reIn

fo:

va

rch

ar(

50

) N

UL

L

Eff

ort

InH

ou

rs:

int

NU

LL

Lo

ca

lLo

ca

tio

n:

va

rch

ar(

50

) N

UL

L

Fm

tRe

me

dyD

esc:

nte

xt

NU

LL

UD

Se

cu

rity

Ch

ecks

UD

Se

cC

hkID

: in

t ID

EN

TIT

Y(5

00

00

0,1

)

Ta

gN

am

e:

va

rch

ar(

60

) N

OT

NU

LL

(IE

1.1

)

Ch

kN

am

e:

va

rch

ar(

40

) N

UL

L

Ch

kB

rie

fDe

sc:

va

rch

ar(

25

5)

NU

LL

Ch

kD

eta

ilDe

sc:

text

NU

LL

Co

nse

qD

eta

ilDe

sc:

text

NU

LL

Ta

rge

tStr

ing

: va

rch

ar(

60

) N

UL

L

Co

nte

xt:

va

rch

ar(

60

) N

UL

L

Pro

du

cts

Pro

du

ctI

D:

int

NO

T N

UL

L

Pro

dN

am

e:

nva

rch

ar(

40

) N

UL

L

Pro

du

ctV

ers

ion

s

Pro

dV

erI

D:

int

NO

T N

UL

L

Pro

dID

: in

t N

OT

NU

LL

(F

K)

Pro

dV

ers

ion

: n

va

rch

ar(

15

) N

UL

L

Ch

eckP

rod

ucts

Ch

eckP

rod

uctI

D:

int

NO

T N

UL

L

Se

cC

hkID

: in

t N

OT

NU

LL

(F

K)

(IE

1.2

)

Pro

dV

erI

D:

int

NO

T N

UL

L (

FK

) (I

E1

.1)

Co

mm

en

t: v

arc

ha

r(4

00

0)

NU

LL

Fa

lse

Ne

ga

tive

: n

text

NU

LL

Fa

lse

Po

sitiv

e:

nte

xt

NU

LL

Pro

du

ctC

he

ckN

am

e:

va

rch

ar(

12

0)

NU

LL

Alg

orith

mID

: in

t N

UL

L (

FK

)

Vu

lnS

tatu

s:

bit N

UL

L

Ch

eckO

SG

rou

p

OS

Gro

up

ID:

int

NO

T N

UL

L (

FK

)

Se

cC

hkID

: in

t N

OT

NU

LL

(F

K)

Co

rre

latio

nIn

fo

RS

Ch

eckP

rod

uctI

D:

int

NO

T N

UL

L (

FK

)

Sca

nn

erP

rod

uctI

D:

int

NO

T N

UL

L (

FK

)

Ro

leN

um

be

r: in

t N

OT

NU

LL

OS

Gro

up

OS

Gro

up

ID:

int

NO

T N

UL

L

OS

Gro

up

Na

me

: va

rch

ar(

12

0)

NO

T N

UL

L

VL

an V

La

nID

: in

t ID

EN

TIT

Y

VL

an

: n

va

rch

ar(

64

) N

UL

L

Virtu

alS

en

so

r

Virtu

alS

en

so

rID

: in

t ID

EN

TIT

Y

Virtu

alS

en

so

rNa

me

: n

va

rch

ar(

64

) N

UL

L

Eve

ntU

se

r

Eve

ntU

se

rID

: in

t ID

EN

TIT

Y

Use

rNa

me

: n

va

rch

ar(

60

) N

UL

L



Complete Database Schema

Schema The following diagram displays a high-level overview of the entire database schema:

AuditIn

foA

uditT

rail

AuditE

ventC

MD

DB

Su

bC

om

ponent

DB

Co

mp

onent

SiteR

an

ge

Pro

tocols

Serv

ices

CheckS

erv

ices

Pla

tform

Typ

es

Pla

tform

s

CheckP

latform

s

CheckC

ate

gories

Cate

go

ryG

rou

p

Ca

teg

ories

Vuln

Sta

tus

Err

orM

essa

ge

Bin

ary

Data

SensorH

ost

Stg

Work

ing

Set

Observ

anceT

yp

e

Severity

Observ

ances

Observ

anceC

olu

mn

Role

Co

mp

onent

Gro

up

Vie

w

Gro

up

s

Gro

up

HostL

inks

Schedule

ActionJob

ActionD

eta

ils

Polic

y

Security

Checks

Hosts

Exte

rnalR

efe

rences

Vers

ion

Rem

edie

sU

DS

ecurity

Checks

SensorD

ata

Le

ga

cy

SensorD

ata

AV

PLe

ga

cy

SensorD

ata

Resp

onseLe

ga

cy

Ale

rtT

yp

e

Ale

rtC

ate

gory

Sourc

eH

ost

Ta

rgetH

ost

SiteF

ilters

Err

orS

everity

Messa

geLo

g

Pro

ducts

Pro

ductV

ers

ions

CheckP

roducts

Re

sp

onse

Lic

ense

wrk

_O

bserv

ances

Sites

Users

Users

Gro

up

s

Users

Sites

Gro

up

Typ

es

HostC

ounts

Re

jectM

etr

ics

Metr

ics

Metr

icsD

ay

Metr

icsT

yp

e

Gro

up

sP

are

ntC

hild

JobT

yp

es

Tasks

Ale

rtT

yp

eV

iew

Vers

ionU

pdate

s

SiteF

ilterT

yp

eObserv

anceS

iteF

ilters

Observ

anceS

iteF

ilters

Vie

w

Obje

ctT

yp

e

Obje

ct

Obje

ctV

iew

LastV

uln

Sta

tus

Ratin

gS

et

Ratin

gA

ttribute

Ratin

gA

ttribute

Code

Alg

orith

mR

atin

g

Alg

orith

m

SiteF

ilterR

ule

s

SiteF

ilterV

iew

Sta

tCate

gory

Sta

tNam

e

Sta

tCatA

tt

Sta

tistic

Sta

tAttribute

Gro

up

Rule

Gro

up

Polic

y

Gro

up

Rule

Typ

e

Bin

ary

Data

Typ

e

Ratin

g

Un

Gro

up

edH

osts

UnG

rou

pedS

tatu

s

CheckO

SG

rou

p

Corr

ela

tionIn

fo

Lic

Conta

ctInfo

Deskto

pA

gentV

ers

ion

Polic

yV

ers

ion

Re

sp

onseV

ers

ion

Lic

Consq

Messa

ge

Up

date

Sta

tus

Up

date

Op

era

tionS

tatu

sU

pdate

Ste

pS

tatu

s

OS

Gro

up

RS

DB

Op

tionsM

ain

tenanceLo

g

Analy

sis

Lo

g

Co

mp

onentD

ocum

ent

Na

me

sp

ace

Gro

up

Docum

ent

stg

_R

OL

Re

port

Insta

nce

SensorD

ata

AV

P1

SensorD

ata

1

SensorD

ata

Resp

on

se

1

SensorD

ata

Re

jecte

d

SD

AV

PR

eje

cte

dS

DR

esp

onseR

eje

cte

d

SensorD

ata

wrk

_S

ensorD

ata

SensorD

ata

AV

P

SensorD

ata

Resp

onse

VL

an

Virtu

alS

enso

r

EventU

se

r

Pro

tectionC

hecks

Pro

tectionC

hecksV

iew

stg

SensorD

ata

Set

HostP

rote

ctionS

tatu

s

66

Index

debug logs 40
aActive Directory 26application server
debug logs 20–21

cconventions, typographical

in commands viiin procedures viiin this manual vii

ddebug logs

application server 20–21application server, log4j 29installation 23issDaemon 20See also Sensor Controller Diagnostics consolesensor controller 32–34sensor controller, log4j 29setting up 5SiteProtector database 22SiteProtector database, installation 24X-Press Update 25

Desktop Controllerlogs 48

eEvent Collector

debug logs 35

iinstallation

logs 23Internet Scanner

debug logs 39Internet Scanner Databridge

Technical Reference Guide Version 2.0, SP5

Internet Security Systemstechnical support viiiWeb site viii

llogging level

application server 20Desktop Protection 48sensor controler 32X-Press Update 25

logsdatabase 22Desktop Controller

Desktop Protection 48installation 23levels 29log4j application server 28log4j server sensor 28sensor controller 32

A-Series Appliance 41Desktop Controller 37event collector 17Gigabit network sensor 44G-Series Appliance 42Internet Scanner 39Internet Scanner Databridge 40network sensor 43server sensor 45SiteProtector core 34SiteProtector database 33SiteProtector Third Party Module 46

viewing 17, 22, 24, 28X-Press Update 25

logs, debugSee debug logs

sschema

auditing and diagnostics 55command and control 56complete database schema 66grouping 56–57

67

Index

ITRSO 58metrics 59sensor data 60site analysis 61site filters 62staging and rejects 63statistics 64X-Force 65

sensor controllerdebug logs 32–34

Sensor Controller Diagnostics consolestarting 2

SiteProtectorThird Party Module 46

SiteProtector databasedebug logs 22installation logs 24

ttechnical support, Internet Security Systems viiitypographical conventions vii

wWeb site, Internet Security Systems viii

xX-Press Updates

debug logs 25

68

Internet Security Systems, Inc. Software License AgreementTHIS SOFTWARE PRODUCT IS PROVIDED IN OBJECT CODE AND IS LICENSED, NOT SOLD. BY INSTALLING, ACTIVATING, COPYING OR OTHERWISE USING THIS SOFTWARE PRODUCT, YOU AGREE TO ALL OF THE PROVISIONS OF THIS SOFTWARE LICENSE AGREEMENT (“LICENSE”). IF YOU ARE NOT WILLING TO BE BOUND BY THIS LICENSE, RETURN ALL COPIES OF THE SOFTWARE PRODUCT AND LICENSE KEYS TO ISS WITHIN FIFTEEN (15) DAYS OF RECEIPT FOR A FULL REFUND OF ANY PAID LICENSE FEE. IF THE SOFTWARE PRODUCT WAS OBTAINED BY DOWNLOAD, YOU MAY CERTIFY DESTRUCTION OF ALL COPIES AND LICENSE KEYS IN LIEU OF RETURN.1. License - Upon payment of the applicable fees, Internet Security Systems, Inc. (“ISS”) grants to you as the only end user (“Licensee”) a nonexclusive and non-

transferable, limited license for the accompanying ISS software product and the related documentation (“Software”) and the associated license key(s) for use only on the specific network configuration, for the number and type of devices, and for the time period (“Term”) that are specified in ISS’ quotation and Licensee’s pur-chase order, as accepted by ISS. ISS limits use of Software based upon the number of nodes, users and/or the number and type of devices upon which it may be installed, used, gather data from, or report on, depending upon the specific Software licensed. A device includes any network addressable device connected to Licensee’s network, including remotely, including but not limited to personal computers, workstations, servers, routers, hubs and printers. A device may also include ISS hardware delivered with pre-installed Software and the license associated with such shall be a non-exclusive, nontransferable, limited license to use such pre-installed Software only in conjunction with the ISS hardware with which it is originally supplied and only during the usable life of such hardware. Except as provided in the immediately preceding sentence, Licensee may reproduce, install and use the Software on multiple devices, provided that the total number and type are authorized by ISS. Licensee acknowledges that the license key provided by ISS may allow Licensee to reproduce, install and use the Software on devices that could exceed the number of devices licensed hereunder. Licensee shall implement appropriate safeguards and controls to prevent loss or disclosure of the license key and unauthorized or unlicensed use of the Software. Licensee may make a reasonable number of backup copies of the Software and the asso-ciated license key solely for archival and disaster recovery purposes. In connection with certain Software products, ISS licenses security content on a subscrip-tion basis for a Term and provides Licensee with a license key for each such subscription. Content subscriptions are licensed pursuant to this License based upon the number of protected nodes or number of users. Security content is regularly updated and includes, but is not limited to, Internet content (URLs) and spam signatures that ISS classifies, security algorithms, checks, decodes, and ISS’ related analysis of such information, all of which ISS regards as its confiden-tial information and intellectual property. Security content may only be used in conjunction with the applicable Software in accordance with this License. The use or re-use of such content for commercial purposes is prohibited. Licensee’s access to the security content is through an Internet update using the Software. In addition, unknown URLs may be automatically forwarded to ISS through the Software, analyzed, classified, entered in to ISS’ URL database and provided to Lic-ensee as security content updates at regular intervals. ISS’ URL database is located at an ISS facility or as a mirrored version on Licensee’s premises. Any access by Licensee to the URL database that is not in conformance with this License is prohibited. Upon expiration of the security content subscription Term, unless Licensee renews such content subscription, Licensee shall implement appropriate system configuration modifications to terminate its use of the content subscription. Upon expiration of the license Term, Licensee shall cease using the Software and certify return or destruction of it upon request.

2. Migration Utilities – For Software ISS markets or sells as a Migration Utility, the following shall apply. Provided Licensee holds a valid license to the ISS Software to which the Migration Utility relates (the “Original Software”), ISS grants to Licensee as the only end user a nonexclusive and nontransferable, limited license to the Migration Utility and the related documentation (“Migration Utility”) for use only in connection with Licensee’s migration of the Original Software to the replace-ment software, as recommended by ISS in the related documentation. The Term of this License is for as long as Licensee holds a valid license to the applicable Original Software. Licensee may reproduce, install and use the Migration Utility on multiple devices in connection with its migration from the Original Software to the replacement software. Licensee shall implement appropriate safeguards and controls to prevent unlicensed use of the Migration Utility. Licensee may make a reasonable number of backup copies of the Migration Utility solely for archival and disaster recovery purposes.

3. Third-party Products - Use of third party product(s) supplied hereunder, if any, will be subject solely to the manufacturer’s terms and conditions that will be pro-vided to Licensee upon delivery. ISS will pass any third party product warranties through to Licensee to the extent authorized. If ISS supplies Licensee with Crys-tal Decisions Runtime Software, then the following additional terms apply: Licensee agrees not to alter, disassemble, decompile, translate, adapt or reverse-engineer the Runtime Software or the report file (.RPT) format, or to use, distribute or integrate the Runtime Software with any general-purpose report writing, data analysis or report delivery product or any other product that performs the same of similar functions as Crystal Decisions’ product offerings; Licensee agrees not to use the Software to create for distribution a product that converts the report file (.RPT) format to an alternative report file format used by any general-pur-pose report writing, data analysis or report delivery product that is not the property of Crystal Decisions; Licensee agrees not to use the Runtime Software on a rental or timesharing basis or to operate a service bureau facility for the benefit of third–parties unless Licensee first acquires an Application Service Provider License from Crystal Decisions; Licensee may not use the Software or Runtime Software by itself or as part of a system to regularly deliver, distribute or share Reports outside of the Runtime Software environment: (a) to more than fifty (50) end users directly, or (b) to a location that is accessible to more than 50 end users without obtaining an additional license from Crystal Decisions; CRYSTAL DECISIONS AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESS, OR IMPLIED, INCLUDING WITHOUT LIMITATION THE WARRANTIES OF MERCHANTABILITY, FIRNESS FOR A PARTICULAR PURPOSE, AND NONIN-FRINGEMENT OF THIRD PARTY RIGHTS. CRYSTAL DECISIONS AND ITS SUPPLIERS SHALL HAVE NO LIABILITY WHATSOEVER UNDER THIS AGREEMENT OR IN CONNECTION WITH THE SOFTWARE. In this section 3 “Software” means the Crystal Reports software and associated documentation supplied by ISS and any updates, additional modules, or additional software provided by Crystal Decisions in connection therewith; it includes Crystal Decisions’ Design Tools, Report Application Server and Runtime Software, but does not include any promotional software of other software products provided in the same package, which shall be governed by the online software license agreements included with such promotional software or software product.

4. Beta License – If ISS is providing Licensee with the Software, security content and related documentation as a part of an alpha or beta test, the following terms of this Section 4 additionally apply and supercede any conflicting provisions herein or any other license agreement accompanying, contained or embedded in the subject Beta Software or any associated documentation. ISS grants to Licensee a nonexclusive, nontransferable, limited license to use the ISS alpha/prototype software program, security content, if any, and any related documentation furnished by ISS (“Beta Software”) for Licensee’s evaluation and comment (the “Beta License”) during the Test Period. ISS’ standard test cycle, which may be extended at ISS’ discretion, extends for sixty (60) days, commencing on the date of delivery of the Beta Software (the “Test Period”). Upon expiration of the Test Period or termination of the License, Licensee shall, within thirty (30) days, return to ISS or destroy all copies of the Beta Software, and shall furnish ISS written confirmation of such return or destruction upon request. Licensee will provide ISS information reasonably requested by ISS regarding Licensee’s experiences with the installation and operation of the Beta Software. Licensee agrees that ISS shall have the right to use, in any manner and for any purpose, any information gained as a result of Licensee’s use and evaluation of the Beta Software. Such information shall include but not be limited to changes, modifications and corrections to the Beta Software. Licensee grants to ISS a perpetual, royalty-free, non-exclusive, transferable, sublicensable right and license to use, copy, make derivative works of and distribute any report, test result, suggestion or other item resulting from Licensee’s evaluation of its installation and operation of the Beta Software. If Licensee is ever held or deemed to be the owner of any copyright rights in the Beta Software or any changes, modifications or corrections to the Beta Software, then Licensee hereby irrevocably assigns to ISS all such rights, title and interest and agrees to execute all documents necessary to implement and confirm the letter and intent of this Section. Licensee acknowledges and agrees that the Beta Software (including its existence, nature and specific features) constitute Confidential Information as defined in Section 18. Licensee further agrees to treat as Confidential Information all feedback, reports, test results, suggestions, and other items resulting from Licensee’s evaluation and testing of the Beta Software as contemplated in this Agreement. With regard to the Beta Software, ISS has no obligation to provide support, maintenance, upgrades, modifica-tions, or new releases. However, ISS agrees to use its reasonable efforts to correct errors in the Beta Software and related documentation within a reasonable time, and will provide Licensee with any corrections it makes available to other evaluation participants. The documentation relating to the Beta Software may be in draft form and will, in many cases, be incomplete. Owing to the experimental nature of the Beta Software, Licensee is advised not to rely exclusively on the Beta Software for any reason. LICENSEE AGREES THAT THE BETA SOFTWARE AND RELATED DOCUMENTATION ARE BEING DELIVERED “AS IS” FOR TEST AND EVALUATION PURPOSES ONLY WITHOUT WARRANTIES OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WAR-RANTY OF NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. LICENSEE ACKNOWLEDGES AND AGREES THAT THE BETA SOFTWARE MAY CONTAIN DEFECTS, PRODUCE ERRONEOUS AND UNINTENDED RESULTS AND MAY AFFECT DATA NETWORK SER-VICES AND OTHER MATERIALS OF LICENSEE. LICENSEE’S USE OF THE BETA SOFTWARE IS AT THE SOLE RISK OF LICENSEE. IN NO EVENT WILL ISS BE LIABLE TO LICENSEE OR ANY OTHER PERSON FOR DAMAGES, DIRECT OR INDIRECT, OF ANY NATURE, OR EXPENSES INCURRED BY LIC-ENSEE. LICENSEE’S SOLE AND EXCLUSIVE REMEDY SHALL BE TO TERMINATE THE BETA SOFTWARE LICENSE BY WRITTEN NOTICE TO ISS.

5. Evaluation License - If ISS is providing Licensee with the Software, security content and related documentation on an evaluation trial basis at no cost, such license Term is 30 days from installation, unless a longer period is agreed to in writing by ISS. ISS recommends using Software and security content for evalua-tion in a non-production, test environment. The following terms of this Section 5 additionally apply and supercede any conflicting provisions herein. Licensee agrees to remove or disable the Software and security content from the authorized platform and return the Software, security content and documentation to ISS upon expiration of the evaluation Term unless otherwise agreed by the parties in writing. ISS has no obligation to provide support, maintenance, upgrades, mod-ifications, or new releases to the Software or security content under evaluation. LICENSEE AGREES THAT THE EVALUATION SOFTWARE, SECURITY CON-TENT AND RELATED DOCUMENTATION ARE BEING DELIVERED “AS IS” FOR TEST AND EVALUATION PURPOSES ONLY WITHOUT WARRANTIES OF ANY KIND, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PAR-TICULAR PURPOSE. IN NO EVENT WILL ISS BE LIABLE TO LICENSEE OR ANY OTHER PERSON FOR DAMAGES, DIRECT OR INDIRECT, OF ANY NATURE, OR EXPENSES INCURRED BY LICENSEE. LICENSEE’S SOLE AND EXCLUSIVE REMEDY SHALL BE TO TERMINATE THE EVALUATION LICENSE BY WRITTEN NOTICE TO ISS.

6. Covenants - ISS reserves all intellectual property rights in the Software, security content and Beta Software. Licensee agrees: (i) the Software, security content or Beta Software is owned by ISS and/or its licensors, is a valuable trade secret of ISS, and is protected by copyright laws and international treaty provisions; (ii) to take all reasonable precautions to protect the Software, security content or Beta Software from unauthorized access, disclosure, copying or use; (iii) not to modify, adapt, translate, reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code of the Software, security content or Beta

Software; (iv) not to use ISS trademarks; (v) to reproduce all of ISS’ and its licensors’ copyright notices on any copies of the Software, security content or Beta Software; and (vi) not to transfer, lease, assign, sublicense, or distribute the Software, security content or Beta Software or make it available for time-sharing, ser-vice bureau, managed services offering, or on-line use.

7. Support and Maintenance – Depending upon what maintenance programs Licensee has purchased, ISS will provide maintenance, during the period for which Licensee has paid the applicable maintenance fees, in accordance with its prevailing Maintenance and Support Policy that is available at http://docu-ments.iss.net/maintenance_policy.pdf. Any supplemental Software code or related materials that ISS provides to Licensee as part of any support and mainte-nance service are to be considered part of the Software and are subject to the terms and conditions of this License, unless otherwise specified.

8. Limited Warranty - The commencement date of this limited warranty is the date on which ISS furnishes to Licensee the license key for the Software. For a period of ninety (90) days after the commencement date or for the Term (whichever is less), ISS warrants that the Software or security content will conform to material operational specifications described in its then current documentation. However, this limited warranty shall not apply unless (i) the Software or security content is installed, implemented, and operated in accordance with all written instructions and documentation supplied by ISS, (ii) Licensee notifies ISS in writing of any nonconformity within the warranty period, and (iii) Licensee has promptly and properly installed all corrections, new versions, and updates made available by ISS to Licensee. Furthermore, this limited warranty shall not apply to nonconformities arising from any of the following: (i) misuse of the Software or security content, (ii) modification of the Software or security content, (iii) failure by Licensee to utilize compatible computer and networking hardware and software, or (iv) interac-tion with software or firmware not provided by ISS. If Licensee timely notifies ISS in writing of any such nonconformity, then ISS shall repair or replace the Soft-ware or security content or, if ISS determines that repair or replacement is impractical, ISS may terminate the applicable licenses and refund the applicable license fees, as the sole and exclusive remedies of Licensee for such nonconformity. THIS WARRANTY GIVES LICENSEE SPECIFIC LEGAL RIGHTS, AND LICENSEE MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM JURISDICTION TO JURISDICTION. ISS DOES NOT WARRANT THAT THE SOFTWARE OR THE SECURITY CONTENT WILL MEET LICENSEE’S REQUIREMENTS, THAT THE OPERATION OF THE SOFTWARE OR SECURITY CONTENT WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL SOFTWARE OR SECURITY CONTENT ERRORS WILL BE CORRECTED. LICENSEE UNDER-STANDS AND AGREES THAT THE SOFTWARE AND THE SECURITY CONTENT ARE NO GUARANTEE AGAINST UNSOLICITED E-MAILS, UNDESIR-ABLE INTERNET CONTENT, INTRUSIONS, VIRUSES, TROJAN HORSES, WORMS, TIME BOMBS, CANCELBOTS OR OTHER SIMILAR HARMFUL OR DELETERIOUS PROGRAMMING ROUTINES AFFECTING LICENSEE’S NETWORK, OR THAT ALL SECURITY THREATS AND VULNERABILITIES, UNSOLICITED E-MAILS OR UNDESIRABLE INTERNET CONTENT WILL BE DETECTED OR THAT THE PERFORMANCE OF THE SOFTWARE AND SECURITY CONTENT WILL RENDER LICENSEE’S SYSTEMS INVULNERABLE TO SECURITY BREACHES. THE REMEDIES SET OUT IN THIS SECTION 8 ARE THE SOLE AND EXCLUSIVE REMEDIES FOR BREACH OF THIS LIMITED WARRANTY.

9. Warranty Disclaimer - EXCEPT FOR THE LIMITED WARRANTY PROVIDED ABOVE, THE SOFTWARE AND SECURITY CONTENT ARE EACH PROVIDED “AS IS” AND ISS HEREBY DISCLAIMS ALL WARRANTIES, BOTH EXPRESS AND IMPLIED, INCLUDING IMPLIED WARRANTIES RESPECTING MER-CHANTABILITY, TITLE, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. LICENSEE EXPRESSLY ACKNOWLEDGES THAT NO REPRESENTATIONS OTHER THAN THOSE CONTAINED IN THIS LICENSE HAVE BEEN MADE REGARDING THE GOODS OR SERVICES TO BE PRO-VIDED HEREUNDER, AND THAT LICENSEE HAS NOT RELIED ON ANY REPRESENTATION NOT EXPRESSLY SET OUT IN THIS LICENSE.

10. Proprietary Rights - ISS represents and warrants that ISS has the authority to license the rights to the Software and security content that are granted herein. ISS shall defend and indemnify Licensee from any final award of costs and damages against Licensee for any actions based on infringement of any U.S. copyright, trade secret, or patent as a result of the use or distribution of a current, unmodified version of the Software and security content, but only if ISS is promptly noti-fied in writing of any such suit or claim, and only if Licensee permits ISS to defend, compromise, or settle same, and only if Licensee provides all available infor-mation and reasonable assistance. The foregoing is the exclusive remedy of Licensee and states the entire liability of ISS with respect to claims of infringement or misappropriation relating to the Software and security content.

11. Limitation of Liability - ISS’ ENTIRE LIABILITY FOR MONETARY DAMAGES ARISING OUT OF THIS LICENSE SHALL BE LIMITED TO THE AMOUNT OF THE LICENSE FEES ACTUALLY PAID BY LICENSEE UNDER THIS LICENSE, PRORATED OVER A THREE-YEAR TERM FROM THE DATE LICENSEE RECEIVED THE SOFTWARE. OR SECURITY CONTENT, AS APPLICABLE, IN NO EVENT SHALL ISS BE LIABLE TO LICENSEE UNDER ANY THEORY INCLUDING CONTRACT AND TORT (INCLUDING NEGLIGENCE AND STRICT PRODUCTS LIABILITY) FOR ANY SPECIAL, PUNITIVE, INDIRECT, INCI-DENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, DAMAGES FOR LOST PROFITS, LOSS OF DATA, LOSS OF USE, OR COMPUTER HARDWARE MALFUNCTION, EVEN IF ISS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

12. Termination - Licensee may terminate this License at any time by notifying ISS in writing. All rights granted under this License will terminate immediately, without prior written notice from ISS, at the end of the term of the License, if not perpetual. If Licensee fails to comply with any provisions of this License, ISS may imme-diately terminate this License if such default has not been cured within ten (10) days following written notice of default to Licensee. Upon termination or expiration of a license for Software, Licensee shall cease all use of such Software, including Software pre-installed on ISS hardware, and destroy all copies of the Software and associated documentation. Termination of this License shall not relieve Licensee of its obligation to pay all fees incurred prior to such termination and shall not limit either party from pursuing any other remedies available to it.

13. General Provisions - This License, together with the identification of the Software and/or security content, pricing and payment terms stated in the applicable ISS quotation and Licensee purchase order (if applicable) as accepted by ISS, constitute the entire agreement between the parties respecting its subject matter. Standard and other additional terms or conditions contained in any purchase order or similar document are hereby expressly rejected and shall have no force or effect. ISS Software and security content are generally delivered to Customer by supplying Customer with license key data. If Customer has not already down-loaded the Software, security content and documentation, then it is available for download at http://www.iss.net/download/. All ISS hardware with pre-installed Software and any other products not delivered by download are delivered f.o.b. origin. This License will be governed by the substantive laws of the State of Geor-gia, USA, excluding the application of its conflicts of law rules. This License will not be governed by the United Nations Convention on Contracts for the Interna-tional Sale of Goods, the application of which is expressly excluded. If any part of this License is found void or unenforceable, it will not affect the validity of the balance of the License, which shall remain valid and enforceable according to its terms. This License may only be modified in writing signed by an authorized officer of ISS.

14. Notice to United States Government End Users - Licensee acknowledges that any Software and security content furnished under this License is commercial computer software and any documentation is commercial technical data developed at private expense and is provided with RESTRICTED RIGHTS. Any use, modification, reproduction, display, release, duplication or disclosure of this commercial computer software by the United States Government or its agencies is subject to the terms, conditions and restrictions of this License in accordance with the United States Federal Acquisition Regulations at 48 C.F.R. Section 12.212 and DFAR Subsection 227.7202-3 and Clause 252.227-7015 or applicable subsequent regulations. Contractor/manufacturer is Internet Security Systems, Inc., 6303 Barfield Road, Atlanta, GA 30328, USA.

15. Export and Import Controls; Use Restrictions - Licensee will not transfer, export, or reexport the Software, security content, any related technology, or any direct product of either except in full compliance with the export controls administered by the United States and other countries and any applicable import and use restrictions. Licensee agrees that it will not export or reexport such items to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Commerce Department’s Denied Persons List or Entity List or such additional lists as may be issued by the U.S. Government from time to time, or to any country to which the United States has embargoed the export of goods (currently Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria) or for use with chemical or biological weapons, sensitive nuclear end-uses, or missiles. Licensee represents and warrants that it is not located in, under control of, or a national or resi-dent of any such country or on any such list. Many ISS software products include encryption and export outside of the United States or Canada is strictly con-trolled by U.S. laws and regulations. ISS makes its current export classification information available at http://www.iss.net/export. Please contact ISS’ Sourcing and Fulfillment for export questions relating to the Software or security content ([email protected]). Licensee understands that the foregoing obligations are U.S. legal requirements and agrees that they shall survive any term or termination of this License.

16. Authority - Because the Software is designed to test or monitor the security of computer network systems and may disclose or create problems in the operation of the systems tested, Licensee and the persons acting for Licensee represent and warrant that: (a) they are fully authorized by the Licensee and the owners of the computer network for which the Software is licensed to enter into this License and to obtain and operate the Software in order to test and monitor that com-puter network; (b) the Licensee and the owners of that computer network understand and accept the risks involved; and (c) the Licensee shall procure and use the Software in accordance with all applicable laws, regulations and rules.

17. Disclaimers - Licensee acknowledges that some of the Software and security content is designed to test the security of computer networks and may disclose or create problems in the operation of the systems tested. Licensee further acknowledges that neither the Software nor security content is fault tolerant or designed or intended for use in hazardous environments requiring fail-safe operation, including, but not limited to, aircraft navigation, air traffic control systems, weapon systems, life-support systems, nuclear facilities, or any other applications in which the failure of the Software and security content could lead to death or personal injury, or severe physical or property damage. ISS disclaims any implied warranty of fitness for High Risk Use. Licensee accepts the risk associated with the fore-going disclaimers and hereby waives all rights, remedies, and causes of action against ISS and releases ISS from all liabilities arising therefrom.

18. Confidentiality - “Confidential Information” means all information proprietary to a party or its suppliers that is marked as confidential. Each party acknowledges that during the term of this Agreement, it will be exposed to Confidential Information of the other party. The obligations of the party (“Receiving Party”) which receives Confidential Information of the other party (“Disclosing Party”) with respect to any particular portion of the Disclosing Party’s Confidential Information shall not attach or shall terminate when any of the following occurs: (i) it was in the public domain or generally available to the public at the time of disclosure to the Receiving Party, (ii) it entered the public domain or became generally available to the public through no fault of the Receiving Party subsequent to the time of disclosure to the Receiving Party, (iii) it was or is furnished to the Receiving Party by a third parting having the right to furnish it with no obligation of confidentiality to the Disclosing Party, or (iv) it was independently developed by the Receiving Party by individuals not having access to the Confidential Information of the Dis-closing Party. Each party acknowledges that the use or disclosure of Confidential Information of the Disclosing Party in violation of this License could severely and irreparably damage the economic interests of the Disclosing Party. The Receiving Party agrees not to disclose or use any Confidential Information of the Dis-closing Party in violation of this License and to use Confidential Information of the Disclosing Party solely for the purposes of this License. Upon demand by the

Disclosing Party and, in any event, upon expiration or termination of this License, the Receiving Party shall return to the Disclosing Party all copies of the Disclos-ing Party’s Confidential Information in the Receiving Party’s possession or control and destroy all derivatives and other vestiges of the Disclosing Party’s Confi-dential Information obtained or created by the Disclosing Party. All Confidential Information of the Disclosing Party shall remain the exclusive property of the Disclosing Party.

19. Compliance - From time to time, ISS may request Licensee to provide a certification that the Software and security content is being used in accordance with the terms of this License. If so requested, Licensee shall verify its compliance and deliver its certification within forty-five (45) days of the request. The certification shall state Licensee’s compliance or non-compliance, including the extent of any non-compliance. ISS may also, at any time, upon thirty (30) days prior written notice, at its own expense appoint a nationally recognized software use auditor, to whom Licensee has no reasonable objection, to audit and examine use and records at Licensee offices during normal business hours, solely for the purpose of confirming that Licensee’s use of the Software and security content is in com-pliance with the terms of this License. ISS will use commercially reasonable efforts to have such audit conducted in a manner such that it will not unreasonably interfere with the normal business operations of Licensee. If such audit should reveal that use of the Software or security content has been expanded beyond the scope of use and/or the number of Authorized Devices or Licensee certifies such non-compliance, ISS shall have the right to charge Licensee the applicable cur-rent list prices required to bring Licensee in compliance with its obligations hereunder with respect to its current use of the Software and security content. In addi-tion to the foregoing, ISS may pursue any other rights and remedies it may have at law, in equity or under this License.

20. Data Protection - The data needed to process this transaction will be stored by ISS and may be forwarded to companies affiliated with ISS and possibly to Lic-ensee’s vendor within the framework of processing Licensee’s order. All personal data will be treated confidentially.

Revised March 16, 2004.