Tables installed with Security Support Common Security Support Common adds the following tables.Table 1. Tables installed with Security Operations Common Support Table Description Additional Filter Group Condition[sn_sec_cmn_m2m_filter_group_condition] Contains conditions associated with filter groups. Filter groups can have multiple conditions associated with a single filter group. Applied Security Tag[sn_sec_cmn_applied_secuirty_tag] Defines the relationship between a record in the system and a security tag. Email Parsersn_sec_cmn_email_transform Indicates how to parse email events into records. Domain Separated Property[sn_sec_cmn_property] Stores property values for each domain. Duplication Action[sn_sec_cmn_duplication_action] When an email rule is set to Update duplicate record, this table defines the actions that should take place to update the record. Duplication Rule[sn_sec_cmn_duplication_rule] Defines rules on how to define and handle duplicate records created using the email parser. Enrichment Data[sn_sec_cmn_enrichment] Enrichment table containing basic information gathered during a specific enrichment process. Enrichment Data Mapping[sn_sec_cmn_enrichment_data_mapping] Table that holds the enrichment mappings. Enrichment Data Mapping Base[sn_sec_cmn_enrichment_data_base] Base table for specific enrichment tables, holds general fields that are common among different enrichments. Only used for table inheritance (for example sn_si_network_statistics). Enrichment Data Mapping Field[sn_sec_cmn_enrichment_data_mapping_field] A field mapping for the enrichment process. Escalation[sn_sec_cmn_escalation] Defines an escalation group for security incidents. Exchange Search[sn_sec_cmn_exchange_search] Groups different search criteria. Exchange Search Criteriasn_sec_cmn_search_criteria Search Criteria that builds the query to search / delete emails in Exchange Server. Exchange Search Result[sn_sec_cmn_exchange_search_result] Saves output returned from the Exchange server. Field Mapping[sn_sec_cmn_field_mapping] Maps the results of a data enrichment integration to the data enrichment tables. Field Mapping Field[sn_sec_cmn_field_mapping_field] Specifies the mapping from integration result names to the appropriate data enrichment table column. Field Transform[sn_sec_cmn_email_field] Defines where to find the value for a field within an email in email processing. Filter Group[sn_sec_cmn_filter_group] Creates a generic group for any table type. Integration Capability[sn_sec_cmn_integration_capability] List of supported integration capabilities. Integration Capability Execution[sn_sec_cmn_integration_capability_execution] Audit table used by observable related Integration Capability workflows. Details a run of a Sightings Search that shows status or workflows run. Integration Capability Execution Observables[sn_sec_cmn_m2m_capability_execution_observable] Audit table used by observable related Integration Capability workflows. Integration Capability Implementation[sn_sec_cmn_integration_capability_implementation] Ties the Sighting Search queries to the third-party integrations configuration. Integration Data Source[sn_sec_cmn_int_data_src] Imports threat and vulnerability data from external sources by associating the retrieved data with a data source. Integration Data Source Import Queue Entry[sn_sec_cmn_ds_import_q_entry] Imports queue entries for importing threat and vulnerability information from external sources. Integration Item Category[sn_sec_core_integration_item_category] List of available integration categories (such as end-point protection, firewall, vulnerability scanner). Integration Item Configuration[sn_sec_core_integration_item_config] Contains values used to support integrations (such as username, password, or API key). Integration Process[sn_sec_cmn_integration_process] Holds information about a single step in the execution of an integration run. Some integration runs may include multiple process steps. Integration Run[sn_sec_cmn_integration_run] List of attempts to execute an integration. Stores information about the specific integration attempt. Manually Added Records[sn_sec_cmn_m2m_filter_group_manual] Configures lists of non-CI and non-task records belonging to a filter group. Manually Added CI[sn_sec_cmn_m2m_filter_group_ci] Configures lists of CIs belonging to a filter group. Manually Added Tasks[sn_sec_cmn_m2m_filter_group_task] Configures lists of tasks belonging to a filter group. On Demand Orchestration[sn_sec_cmn_on_demand_orchestration] Defines custom configurations for the on-demand behavior that allows security administrators to apply role restrictions and advanced execution scripts to workflows invoked from the Run Orchestration choice list. Rate limit[sn_cmn_rate_limit] Defines a rate limit to be used on a lookup source or scanner. Risk Score Audit[sn_sec_cmn_risk_score_audit] Used to build an audit of changes to risk scores. It captures: date and time of the change old and new risk score whether the change was a manual update reason for the change parameters that make up the risk score affected security incident Each time a change is made to a risk score, creates an audit record. Risk Score Weight[sn_sec_cmn_risk_score_weight] Used to look up weights for calculating risk scores. Scan[sn_sec_cmn_scan] A threat lookup or vulnerability scan. Contains what to look up or scan, with what lookup source or scanner, and a summary of the results. Scan Queue Entry[sn_cmn_scan_q_entry] A threat lookup or vulnerability scan record queued for lookup, scan, or processing. Facilitates the requests within stated rate limits. Scanner[sn_sec_cmn_scanner] Defines third-party lookup source or scanners to use in lookups or scans. Scanner Rate Limit[sn_cmn_scanner_rate_limit] Associates a lookup source or scanner with a rate limit. Security Calculator[sn_sec_cmn_calculator] Contains security calculators which belong to a group, and the order in which they are executed in the group. Security Calculator Group[sn_sec_cmn_calculator_group] Groups security calculators by criteria. Security Data Integration[sn_sec_cmn_integration] Holds all available security integrations. Security Email Events[sn_sec_cmn_email_event] Incoming email events, used to trigger email processing. Security Integration Item[sn_sec_core_integration_item] Information about all the available security integrations. Security Operations Application[sn_sec_cmn_application] Used to register applications in the Security Operations product suite. Security Operations Rate Limitsn_sec_cmn_rate_limit Parent table for rate limits, used by threat scanning and vulnerability scanning. Security Operations Widgets[sn_sec_cmn_widgets] Generates data for dashboard widgets. Security Tag[sn_sec_cmn_security_tag] Defines security tags. Security Tag Group[sn_sec_cmn_security_tag_group] Defines a group of security tags. Security Tag Rule[sn_sec_cmn_security_tag_rule] Defines a security tag rule. Security Tag Rule Audit[sn_sec_cmn_security_tag_rule_audit] Defines a security tag rule audit record. Consists of copies of all prior versions of the rule. Provides an auditable history of the security tag rule changes. Sightings Search Configuration[sn_sec_cmn_sightings_search_config] Search query that a Sightings Search executes. Sightings Search Parameters[sn_sec_cmn_sightings_search_config_param] Associated Sightings Search parameters. Simple REST Integration[sn_sec_cmn_rest_integration] Supports scheduled integration to external security tools via REST. Workflow Triggers[sn_sec_cmn_workflow_trigger] Defines conditions by which to launch workflows. Workflow Triggers Workflow[sn_sec_cmn_m2m_workflow_workflow_trigger] Associates workflows with workflow triggers.