Tables installed with Security Support Common Security Support Common adds the following tables.Table 1. Tables installed with Security Operations Common Support Table Description Additional Filter Group Condition[sn_sec_cmn_m2m_filter_group_condition] Contains conditions associated with filter groups. Filter groups can have multiple conditions associated with a single filter group. Email Parsersn_sec_cmn_email_transform Indicates how to parse email events into records. Duplication Action[sn_sec_cmn_duplication_action] When an email rule is set to ‘Update duplicate record’, defines the actions that should take place to update the record. Duplication Rule[sn_sec_cmn_duplication_rule] Defines rules on how to define and handle duplicate records created using the email parser. Enrichment Data[sn_sec_cmn_enrichment] Enrichment table containing basic information gathered during a specific enrichment process. Enrichment Data Mapping[sn_sec_cmn_enrichment_data_mapping] Table that holds the enrichment mappings. Enrichment Data Mapping Base[sn_sec_cmn_enrichment_data_base] Base table for specific enrichment tables, holds general fields that are common among different enrichments. Only used for table inheritance (for example sn_si_network_statistics). Enrichment Data Mapping Field[sn_sec_cmn_enrichment_data_mapping_field] A field mapping for the enrichment process. Escalation[sn_sec_cmn_escalation] Defines an escalation group for security incidents. Exchange Search[sn_sec_cmn_exchange_search] Groups different search criteria. Exchange Search Criteriasn_sec_cmn_search_criteria Search Criteria that builds the query to search / delete emails in Exchange Server. Exchange Search Result[sn_sec_cmn_exchange_search_result] Saves output returned from the Exchange server. Field Mapping[sn_sec_cmn_field_mapping] Maps the results of a data enrichment integration to the data enrichment tables. Field Mapping Field[sn_sec_cmn_field_mapping_field] Specifies the mapping from integration result names to the appropriate data enrichment table column. Field Transform[sn_sec_cmn_email_field] Defines where to find the value for a field within an email in email processing. Filter Group[sn_sec_cmn_filter_group] Creates a generic group for any table type. Integration Data Source[sn_sec_cmn_int_data_src] Imports threat and vulnerability data from external sources by associating the retrieved data with a data source. Integration Data Source Import Queue Entry[sn_sec_cmn_ds_import_q_entry] Imports queue entries for importing threat and vulnerability information from external sources. Integration Item Category[sn_sec_core_integration_item_category] List of available integration categories (such as end point protection, firewall, vulnerability scanner). Integration Item Configuration[sn_sec_core_integration_item_config] Contains values used to support integrations (such as username, password, or API key). Integration Process[sn_sec_cmn_integration_process] Holds information about a single step in the execution of an integration run. Some integration runs may include multiple process steps. Integration Run[sn_sec_cmn_integration_run] Keeps track of attempts to execute an integration. Stores information about the specific integration attempt. Manually Added Records[sn_sec_cmn_m2m_filter_group_manual] Configures lists of non-CI and non-task records belonging to a filter group. Manually Added CI[sn_sec_cmn_m2m_filter_group_ci] Configures lists of CIs belonging to a filter group. Manually Added Tasks[sn_sec_cmn_m2m_filter_group_task] Configures lists of tasks belonging to a filter group. Rate limit[sn_cmn_rate_limit] Defines a rate limit to be used on a lookup source or scanner. Scan[sn_sec_cmn_scan] A threat lookup or vulnerability scan. Contains what to look up or scan, with what lookup source or scanner, and a summary of the results. Scan Queue Entry[sn_cmn_scan_q_entry] A threat lookup or vulnerability scan record queued for lookup, scan, or processing. Facilitates the requests within stated rate limits. Scanner[sn_sec_cmn_scanner] Defines third-party lookup source or scanners to use in lookups or scans. Scanner Rate Limit[sn_cmn_scanner_rate_limit] Associates a lookup source or scanner with a rate limit. Security Calculator[sn_sec_cmn_calculator] Contains security calculators which belong to a group, and the order in which they are executed in the group. Security Calculator Group[sn_sec_cmn_calculator_group] Groups security calculators by criteria. Security Data Integration[sn_sec_cmn_integration] Holds all available security integrations. Security Email Events[sn_sec_cmn_email_event] Incoming email events, used to trigger email processing. Security Integration Item[sn_sec_core_integration_item] Information about all the available security integrations. Security Operations Rate Limitsn_sec_cmn_rate_limit Parent table for rate limits, used by threat scanning and vulnerability scanning. Security Operations Widgets[sn_sec_cmn_widgets] Generates data for dashboard widgets. Simple REST Integration[sn_sec_cmn_rest_integration] Supports scheduled integration to external security tools via REST. Workflow Triggers[sn_sec_cmn_workflow_trigger] Defines conditions by which to launch workflows. Workflow Triggers Workflow[sn_sec_cmn_m2m_workflow_workflow_trigger] Associates workflows with workflow triggers.