Tables installed with Security Support Common

Security Support Common adds the following tables.
Table 1. Tables installed with Security Operations Common Support
Table Description
Additional Filter Group Condition

[sn_sec_cmn_m2m_filter_group_condition]

Contains conditions associated with filter groups. Filter groups can have multiple conditions associated with a single filter group.
Applied Security Tag

[sn_sec_cmn_applied_secuirty_tag]

Defines the relationship between a record in the system and a security tag.
Email Parser

sn_sec_cmn_email_transform

Indicates how to parse email events into records.
Domain Separated Property

[sn_sec_cmn_property]

Stores property values for each domain.
Duplication Action

[sn_sec_cmn_duplication_action]

When an email rule is set to Update duplicate record, this table defines the actions that should take place to update the record.
Duplication Rule

[sn_sec_cmn_duplication_rule]

Defines rules on how to define and handle duplicate records created using the email parser.
Enrichment Data

[sn_sec_cmn_enrichment]

Enrichment table containing basic information gathered during a specific enrichment process.
Enrichment Data Mapping

[sn_sec_cmn_enrichment_data_mapping]

Table that holds the enrichment mappings.
Enrichment Data Mapping Base

[sn_sec_cmn_enrichment_data_base]

Base table for specific enrichment tables, holds general fields that are common among different enrichments. Only used for table inheritance (for example sn_si_network_statistics).
Enrichment Data Mapping Field

[sn_sec_cmn_enrichment_data_mapping_field]

A field mapping for the enrichment process.
Escalation

[sn_sec_cmn_escalation]

Defines an escalation group for security incidents.
Exchange Search

[sn_sec_cmn_exchange_search]

Groups different search criteria.
Exchange Search Criteria

sn_sec_cmn_search_criteria

Search Criteria that builds the query to search / delete emails in Exchange Server.
Exchange Search Result

[sn_sec_cmn_exchange_search_result]

Saves output returned from the Exchange server.
Field Mapping

[sn_sec_cmn_field_mapping]

Maps the results of a data enrichment integration to the data enrichment tables.
Field Mapping Field

[sn_sec_cmn_field_mapping_field]

Specifies the mapping from integration result names to the appropriate data enrichment table column.
Field Transform

[sn_sec_cmn_email_field]

Defines where to find the value for a field within an email in email processing.
Filter Group

[sn_sec_cmn_filter_group]

Creates a generic group for any table type.
Integration Capability

[sn_sec_cmn_integration_capability]

List of supported integration capabilities.
Integration Capability Execution

[sn_sec_cmn_integration_capability_execution]

Audit table used by observable related Integration Capability workflows. Details a run of a Sightings Search that shows status or workflows run.
Integration Capability Execution Observables

[sn_sec_cmn_m2m_capability_execution_observable]

Audit table used by observable related Integration Capability workflows.
Integration Capability Implementation

[sn_sec_cmn_integration_capability_implementation]

Ties the Sighting Search queries to the third-party integrations configuration.
Integration Data Source

[sn_sec_cmn_int_data_src]

Imports threat and vulnerability data from external sources by associating the retrieved data with a data source.
Integration Data Source Import Queue Entry

[sn_sec_cmn_ds_import_q_entry]

Imports queue entries for importing threat and vulnerability information from external sources.
Integration Item Category

[sn_sec_core_integration_item_category]

List of available integration categories (such as end-point protection, firewall, vulnerability scanner).
Integration Item Configuration

[sn_sec_core_integration_item_config]

Contains values used to support integrations (such as username, password, or API key).
Integration Process

[sn_sec_cmn_integration_process]

Holds information about a single step in the execution of an integration run. Some integration runs may include multiple process steps.
Integration Run

[sn_sec_cmn_integration_run]

List of attempts to execute an integration. Stores information about the specific integration attempt.
Manually Added Records

[sn_sec_cmn_m2m_filter_group_manual]

Configures lists of non-CI and non-task records belonging to a filter group.
Manually Added CI

[sn_sec_cmn_m2m_filter_group_ci]

Configures lists of CIs belonging to a filter group.
Manually Added Tasks

[sn_sec_cmn_m2m_filter_group_task]

Configures lists of tasks belonging to a filter group.
On Demand Orchestration

[sn_sec_cmn_on_demand_orchestration]

Defines custom configurations for the on-demand behavior that allows security administrators to apply role restrictions and advanced execution scripts to workflows invoked from the Run Orchestration choice list.
Rate limit

[sn_cmn_rate_limit]

Defines a rate limit to be used on a lookup source or scanner.
Risk Score Audit

[sn_sec_cmn_risk_score_audit]

Used to build an audit of changes to risk scores. It captures:
  • date and time of the change
  • old and new risk score
  • whether the change was a manual update
  • reason for the change
  • parameters that make up the risk score
  • affected security incident

Each time a change is made to a risk score, creates an audit record.

Risk Score Weight

[sn_sec_cmn_risk_score_weight]

Used to look up weights for calculating risk scores.
Scan

[sn_sec_cmn_scan]

A threat lookup or vulnerability scan. Contains what to look up or scan, with what lookup source or scanner, and a summary of the results.
Scan Queue Entry

[sn_cmn_scan_q_entry]

A threat lookup or vulnerability scan record queued for lookup, scan, or processing. Facilitates the requests within stated rate limits.
Scanner

[sn_sec_cmn_scanner]

Defines third-party lookup source or scanners to use in lookups or scans.
Scanner Rate Limit

[sn_cmn_scanner_rate_limit]

Associates a lookup source or scanner with a rate limit.
Security Calculator

[sn_sec_cmn_calculator]

Contains security calculators which belong to a group, and the order in which they are executed in the group.
Security Calculator Group

[sn_sec_cmn_calculator_group]

Groups security calculators by criteria.
Security Data Integration

[sn_sec_cmn_integration]

Holds all available security integrations.
Security Email Events

[sn_sec_cmn_email_event]

Incoming email events, used to trigger email processing.
Security Integration Item

[sn_sec_core_integration_item]

Information about all the available security integrations.
Security Operations Application

[sn_sec_cmn_application]

Used to register applications in the Security Operations product suite.
Security Operations Rate Limit

sn_sec_cmn_rate_limit

Parent table for rate limits, used by threat scanning and vulnerability scanning.
Security Operations Widgets

[sn_sec_cmn_widgets]

Generates data for dashboard widgets.
Security Tag

[sn_sec_cmn_security_tag]

Defines security tags.
Security Tag Group

[sn_sec_cmn_security_tag_group]

Defines a group of security tags.
Security Tag Rule

[sn_sec_cmn_security_tag_rule]

Defines a security tag rule.
Security Tag Rule Audit

[sn_sec_cmn_security_tag_rule_audit]

Defines a security tag rule audit record. Consists of copies of all prior versions of the rule. Provides an auditable history of the security tag rule changes.
Sightings Search Configuration

[sn_sec_cmn_sightings_search_config]

Search query that a Sightings Search executes.

Sightings Search Parameters

[sn_sec_cmn_sightings_search_config_param]

Associated Sightings Search parameters.

Simple REST Integration

[sn_sec_cmn_rest_integration]

Supports scheduled integration to external security tools via REST.
Workflow Triggers

[sn_sec_cmn_workflow_trigger]

Defines conditions by which to launch workflows.
Workflow Triggers Workflow

[sn_sec_cmn_m2m_workflow_workflow_trigger]

Associates workflows with workflow triggers.