Tables installed with Security Support Common

Security Support Common adds the following tables.
Table 1. Tables installed with Security Operations Common Support
Table Description
Additional Filter Group Condition

[sn_sec_cmn_m2m_filter_group_condition]

Contains conditions associated with filter groups. Filter groups can have multiple conditions associated with a single filter group.
Email Parser

sn_sec_cmn_email_transform

Indicates how to parse email events into records.
Duplication Action

[sn_sec_cmn_duplication_action]

When an email rule is set to ‘Update duplicate record’, defines the actions that should take place to update the record.
Duplication Rule

[sn_sec_cmn_duplication_rule]

Defines rules on how to define and handle duplicate records created using the email parser.
Enrichment Data

[sn_sec_cmn_enrichment]

Enrichment table containing basic information gathered during a specific enrichment process.
Enrichment Data Mapping

[sn_sec_cmn_enrichment_data_mapping]

Table that holds the enrichment mappings.
Enrichment Data Mapping Base

[sn_sec_cmn_enrichment_data_base]

Base table for specific enrichment tables, holds general fields that are common among different enrichments. Only used for table inheritance (for example sn_si_network_statistics).
Enrichment Data Mapping Field

[sn_sec_cmn_enrichment_data_mapping_field]

A field mapping for the enrichment process.
Escalation

[sn_sec_cmn_escalation]

Defines an escalation group for security incidents.
Exchange Search

[sn_sec_cmn_exchange_search]

Groups different search criteria.
Exchange Search Criteria

sn_sec_cmn_search_criteria

Search Criteria that builds the query to search / delete emails in Exchange Server.
Exchange Search Result

[sn_sec_cmn_exchange_search_result]

Saves output returned from the Exchange server.
Field Mapping

[sn_sec_cmn_field_mapping]

Maps the results of a data enrichment integration to the data enrichment tables.
Field Mapping Field

[sn_sec_cmn_field_mapping_field]

Specifies the mapping from integration result names to the appropriate data enrichment table column.
Field Transform

[sn_sec_cmn_email_field]

Defines where to find the value for a field within an email in email processing.
Filter Group

[sn_sec_cmn_filter_group]

Creates a generic group for any table type.
Integration Data Source

[sn_sec_cmn_int_data_src]

Imports threat and vulnerability data from external sources by associating the retrieved data with a data source.
Integration Data Source Import Queue Entry

[sn_sec_cmn_ds_import_q_entry]

Imports queue entries for importing threat and vulnerability information from external sources.
Integration Item Category

[sn_sec_core_integration_item_category]

List of available integration categories (such as end point protection, firewall, vulnerability scanner).
Integration Item Configuration

[sn_sec_core_integration_item_config]

Contains values used to support integrations (such as username, password, or API key).
Integration Process

[sn_sec_cmn_integration_process]

Holds information about a single step in the execution of an integration run. Some integration runs may include multiple process steps.
Integration Run

[sn_sec_cmn_integration_run]

Keeps track of attempts to execute an integration. Stores information about the specific integration attempt.
Manually Added Records

[sn_sec_cmn_m2m_filter_group_manual]

Configures lists of non-CI and non-task records belonging to a filter group.
Manually Added CI

[sn_sec_cmn_m2m_filter_group_ci]

Configures lists of CIs belonging to a filter group.
Manually Added Tasks

[sn_sec_cmn_m2m_filter_group_task]

Configures lists of tasks belonging to a filter group.
Rate limit

[sn_cmn_rate_limit]

Defines a rate limit to be used on a lookup source or scanner.
Scan

[sn_sec_cmn_scan]

A threat lookup or vulnerability scan. Contains what to look up or scan, with what lookup source or scanner, and a summary of the results.
Scan Queue Entry

[sn_cmn_scan_q_entry]

A threat lookup or vulnerability scan record queued for lookup, scan, or processing. Facilitates the requests within stated rate limits.
Scanner

[sn_sec_cmn_scanner]

Defines third-party lookup source or scanners to use in lookups or scans.
Scanner Rate Limit

[sn_cmn_scanner_rate_limit]

Associates a lookup source or scanner with a rate limit.
Security Calculator

[sn_sec_cmn_calculator]

Contains security calculators which belong to a group, and the order in which they are executed in the group.
Security Calculator Group

[sn_sec_cmn_calculator_group]

Groups security calculators by criteria.
Security Data Integration

[sn_sec_cmn_integration]

Holds all available security integrations.
Security Email Events

[sn_sec_cmn_email_event]

Incoming email events, used to trigger email processing.
Security Integration Item

[sn_sec_core_integration_item]

Information about all the available security integrations.
Security Operations Rate Limit

sn_sec_cmn_rate_limit

Parent table for rate limits, used by threat scanning and vulnerability scanning.
Security Operations Widgets

[sn_sec_cmn_widgets]

Generates data for dashboard widgets.
Simple REST Integration

[sn_sec_cmn_rest_integration]

Supports scheduled integration to external security tools via REST.
Workflow Triggers

[sn_sec_cmn_workflow_trigger]

Defines conditions by which to launch workflows.
Workflow Triggers Workflow

[sn_sec_cmn_m2m_workflow_workflow_trigger]

Associates workflows with workflow triggers.