Siemplify Search Everything database
Supported in:
This document outlines the schema for the siemplify_search_everything_db, a database designed to store and manage data for Google SecOps. This database is published to a BigQuery dataset using BYOBQ (Bring your own BigQuery) to provide the customer raw data for analysis
The database is structured to capture a comprehensive view of security operations, including:
- Alert and case data:Detailed information about security alerts, the cases they are associated with, and their various attributes like networks, products, and tags.
- Playbooks and action results:Information about the execution of automated workflows and playbooks, including their status and results.
- Metadata and configuration:Tables that store configuration data for the Siemplify platform, such as case stages, user profiles, and environment parameters.
- System and sync information:Data related to system actions and the synchronization of data within the platform.
Database overview
- Purpose and usage:The Search Everything database serves as a central repository for managing and analyzing alert-related data. It provides a structured way to handle incidents, track their status, and gain insights into various aspects of incidents.
- Entities and relationships:This database is designed for management and analysis. Key entities include cases, alerts, users, tasks, tags, and more. These entities have specific relationships that offer a comprehensive view of incidents.
- Hierarchy of data:At its core, the database is built around cases and alerts. Alerts, representing individual incidents, are grouped into cases, forming the basis for incident management. Tags, tasks, and additional data enrich the incident context within each case.
Key concepts
- Cases and alerts:A case represents a collection of related alerts that form an incident. It encapsulates information about the incident's status, assigned analysts, stages of investigation, and more. An alert, on the other hand, is an individual event that triggers attention and requires investigation.
- Tags and tasks:Tags allow cases to be categorized and organized based on common attributes. Tasks are action items associated with cases, aiding in workflow management. Analysts can assign tasks, track progress, and ensure timely resolution of incidents.
- Stages and users:Stages represent the various phases in the lifecycle of a case, from detection to resolution. Each stage reflects a specific state of investigation. Users, often analysts, are assigned to cases and contribute to their investigation and resolution.
- Workflow and enrichments:Workflow refers to a predefined sequence of steps that guide incident handling. It helps automate processes and ensures consistent investigation. Enrichments are additional insights, data, or metadata added to incidents during the workflow, enhancing the context for analysis.
Entities definitions
Understanding the core entities present in the Search Everything database is essential for navigating and utilizing its features effectively. Here's an overview of these key entities:
- Cases:Cases represent individual incidents or investigations within the database. They encapsulate a collection of related alerts, tasks, and tags, forming the foundation for incident management. Each case progresses through different stages, reflecting its investigation status.
- Alerts:Alerts are individual incidents triggering attention and investigation. They provide information about the event's details, timestamp, and relevant metadata. Alerts can be associated with specific cases to facilitate comprehensive incident analysis.
- Tags:Tags are labels used to categorize and organize cases based on common attributes. They offer a flexible way to group cases for easy retrieval and analysis, contributing to efficient incident management.
- Tasks:Tasks represent actionable items associated with cases. They can be assigned to analysts to facilitate the investigation process and ensure timely resolution. Tasks are integral to workflow management and collaboration.
- Users:Users are individuals, often analysts, who interact with the database to investigate and resolve incidents. They can be assigned to cases, collaborate on tasks, and contribute to the overall investigation process.
- Stages:Stages represent the different phases that a case goes through during its lifecycle. Each stage signifies a specific state of investigation or resolution, guiding analysts in their workflow and providing insights into the case's progress.
- Entities:Entities are key elements within incidents, such as IP addresses, domains, or users. They are associated with alerts and cases, enriching incident context and aiding in analysis.
Basic and core units
- Cases and alerts:These are the core units representing issues and notifications. Cases drive the workflow, and alerts provide information about the issue's source.
- Users:Users are essential for system interaction and management.
- Tags:Tags help in categorizing and organizing cases for better management.
- Stages:Stages define the different phases a case goes through, providing clarity on its progress.
Relationships
The relationships between key tables in the Search Everything database are fundamental to understanding how different entities interact and contribute to incident management. These relationships are crucial for maintaining context, enabling efficient investigation, and ensuring a streamlined workflow. Here's an overview of some key relationships:
- Cases-Alerts (One-to-Many):Each case can encompass multiple alerts, forming the cornerstone of incident investigation. This relationship allows analysts to group related alerts under a common incident, enabling comprehensive analysis and efficient resolution.
- Cases-Tags (Many-to-Many): Cases can be associated with multiple tags, providing a flexible way to categorize and organize incidents based on shared attributes. This many-to-many relationship enhances case management by allowing efficient filtering and grouping of incidents.
- Cases-Tasks (One-to-Many):Each case can have multiple associated tasks, representing action items that need to be completed during the investigation and resolution process. This relationship helps analysts keep track of tasks, assign responsibilities, and manage their progress.
- Cases-Users (Many-to-Many):Cases involve collaboration among multiple users, often analysts responsible for investigating and resolving incidents. This many-to-many relationship enables efficient assignment of analysts to cases, facilitating teamwork and knowledge sharing.
- Cases-Stages (One-to-Many):Cases progress through various stages during their lifecycle, from detection to resolution. This relationship allows cases to be categorized based on their current stage, providing insights into the investigation's progress.
- Alerts-Entities (One-to-Many):Alerts can be associated with multiple entities, such as IP addresses, domains, or users. This relationship enriches alert context by providing additional information about the entities involved in the incident.
- Cases-Entities (One-to-Many):Similarly, cases can also be associated with multiple entities, enhancing the context of the overall investigation.
- Cases-Workflows (One-to-Many):Each case can be associated with multiple workflows, reflecting the various automated processes and investigation steps applied to the incident. This relationship allows analysts to track the progress of automated actions and enrichment processes within the context of a case.
- Workflows-WorkflowSteps (One-to-Many):Workflows are composed of multiple workflow steps, each representing a specific automated action or decision point. This relationship outlines the sequence of actions taken during the investigation, enriching the incident's context and providing transparency into the automated processes.
- WorkflowSteps-Entities (One-to-Many):Workflow steps can be associated with multiple entities, such as IP addresses, domains, or artifacts. This relationship enhances the context of each workflow step by linking it to the relevant entities and their details.
- WorkflowIndexRecords-Cases (Many-to-One):Workflow index records are linked to specific cases through this relationship. This allows analysts to trace the history of automated actions and decisions within the context of a particular incident.
- WorkflowIndexRecords-WorkflowSteps (Many-to-One):Similarly, each workflow index record corresponds to a specific workflow step. This relationship aids in tracking the execution and outcomes of individual automated actions.
Enrichments
These enrichment tables, when appropriately joined with the main entity tables, enable analysts to access a wealth of additional information and context that enhance the understanding and analysis of incidents, alerts, and cases within the Search Everything database.
- AlertOntologyFamilies:This table holds enrichment data related to the ontology families associated with alerts. Joining this table with the main alerts data can provide insights into the classification and categorization of alerts based on predefined ontology families.
- DashboardAlertCategoryOutcomes:Enrichment data regarding the categorization outcomes of alerts is stored here. Linking this table with alerts can offer insights into the outcomes and handling times of different alert categories.
- DashboardAlertEntities:This table contains enrichments related to entities associated with alerts. By joining this table with alerts, you can access additional details about the entities, such as their type and environment.
- DashboardAlertNetworks:Enrichment data about the networks associated with alerts is stored here. Joining this table with alerts can provide insights into the network context of alerts.
- DashboardAlertPlaybooks:This table holds enrichments related to playbooks associated with alerts. By linking this table with alerts, you can gain insights into the playbooks executed for specific alerts.
- DashboardAlertPorts:Enrichment data about ports associated with alerts is stored here. Joining this table with alerts can provide insights into the port-related context of alerts.
- DashboardAlertProducts:This table contains enrichments related to products associated with alerts. Joining this table with alerts can provide insights into the products or services associated with specific alerts.
- DashboardAlerts:This table contains the primary alert data. Other enrichment tables can be joined with this table to provide a comprehensive view of various aspects of alerts.
- DashboardCaseTags:Enrichment data related to tags associated with cases is stored in this table. Joining this table with cases can provide insights into the tags applied to specific cases.
- DashboardCaseTasks:This table contains enrichments related to tasks associated with cases. By joining this table with cases, you can gain insights into the tasks assigned to specific cases.
- DashboardCases:This table contains the primary case data. Other enrichment tables can be joined with this table to provide additional context and details about cases.
- WorkflowIndexRecords:Note that this table is not recommended for use because its data may not be fully synchronized. For reliable data regarding case stages and transitions, use the CaseStageEntriestable instead.
- WorkflowStepIndexRecords:Enrichment data related to individual workflow steps is stored here. Joining this table with cases can provide insights into the specific automated actions and decisions applied within the workflow.
Tables reference
The following table provides a quick reference to all main tables within the Search Everything database and a brief explanation of the data they contain.
Table name
Purpose
AdditionalSocRoleAccesses
Defines which SOC roles have access to other SOC roles.
AlertNetworksDistribuations
Stores information about the distribution of alert networks, linking
them to cases, environments, and tenants.
AlertOntologyFamilies
Contains details about alert ontology families, including their visual
family and the case and tenant they belong to.
AlertProductsDistribuations
Tracks the distribution of alert products, associating them with
specific cases, environments, and tenants.
AlertTagsDistribuations
Manages the distribution of tags for alerts, linking them to cases,
environments, and tenants.
AlertUsersDistribuations
Records information about users associated with alerts, including
whether they are considered suspicious or internal.
AlertsDistribuations
Contains data on the distribution of alerts to different cases,
environments, and tenants.
CaseAssignActivities
Logs activities related to the assignment of cases, including the
user, role, and tenant involved.
CaseMergeHistories
Records the history of case merges, indicating which cases were merged
and the tenant they belong to.
CaseRecommendationRecords
Stores recommendations for similar cases, including the score and
tenant associated with the recommendation.
CaseSearchFiltersValues
Contains values for case search filters, including the type, value,
and usage frequency.
CaseStageEntries
Logs entries for different stages of a case, including comments,
timestamps, and the tenant.
CustomFieldValues
Stores the values for custom fields, linking them to a specific scope,
identifier, and tenant.
CustomFields
Defines custom fields that can be used across different scopes,
including their type, options, and tenant.
DashboardAlertCategoryOutcomes
Tracks the outcomes of alert categories for reporting, including
handling times and tenant information.
DashboardAlertEntities
Contains information about entities related to alerts, such as their
type, environment, and whether they are suspicious.
DashboardAlertNetworks
Stores data about networks associated with alerts, including handling
times and tenant information.
DashboardAlertPlaybooks
Records which playbooks are associated with alerts, along with
handling times and tenant details.
DashboardAlertPorts
Tracks ports related to alerts, including handling times and tenant
information.
DashboardAlertProducts
Contains information about products associated with alerts, including
handling times and tenant details.
DashboardAlerts
Stores detailed information about alerts for display, including their
status, priority, and handling time, rule name, vendor, product, and
source system.
DashboardCaseTags
Manages tags associated with cases for filtering and reporting,
including their creation time and tenant.
DashboardCaseTasks
Records tasks related to cases for tracking, including their owner,
status, and due date.
DashboardCases
Contains comprehensive data about cases for visualization, including
the analyst, status, priority, stage, and SLA information.
EntitySearchFiltersValues
Stores values for entity search filters, including their type, value,
and usage frequency.
EnvironmentGroups
Groups environments together, including a name, description, and the
environments within the group.
InvolvedEntityRelations
Records relationships between entities involved in cases, including
their identifiers, types, and the tenant, along with temporal and context
details.
MetadataCaseStages
Defines the different stages that a case can go through within a
specific tenant.
MetadataEnvironmentDynamicParameters
Stores dynamic parameters for environments, including their type,
default value, and optional values.
MetadataOperatingEnvironmentDynamicParameters
Manages dynamic parameters for specific operating environments within
a tenant.
MetadataOperatingEnvironments
Contains information about different operating environments within a
tenant.
MetadataSocRoles
Defines the security operations center (SOC) roles within a tenant.
MetadataUserProfiles
Stores user profile information, including their names, email, roles,
and assigned environments.
SystemActionResults
Records the results of system actions, linking them to a specific case
and tenant.
SystemAlertSlas
Tracks service level agreements (SLAs) for system alerts, including
their status and expiration times.
SystemCaseSlas
Manages SLAs for cases, including their type, status, and elapsed
time.
SystemInvolvedThreatIndicators
Records threat indicators that are involved in system cases.
WorkflowIndexRecords
Contains index records for workflows, linking them to cases, alerts,
and tenants.
WorkflowStepIndexRecords
Contains index records for individual steps within a workflow,
including their status and results.
Database
Table Name
Column Name
Data Type
siemplify_search_everything_db
AlertNetworksDistribuations
Id
bigint
siemplify_search_everything_db
AlertNetworksDistribuations
CreationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertNetworksDistribuations
ModificationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertNetworksDistribuations
CaseId
bigint
siemplify_search_everything_db
AlertNetworksDistribuations
Environment
USER-DEFINED
siemplify_search_everything_db
AlertNetworksDistribuations
AlertIdentifier
USER-DEFINED
siemplify_search_everything_db
AlertNetworksDistribuations
Network
USER-DEFINED
siemplify_search_everything_db
AlertNetworksDistribuations
TenantId
uuid
Database
Table Name
Column Name
Data Type
siemplify_search_everything_db
AlertOntologyFamilies
CaseId
bigint
siemplify_search_everything_db
AlertOntologyFamilies
AlertIdentifier
USER-DEFINED
siemplify_search_everything_db
AlertOntologyFamilies
VisualFamily
USER-DEFINED
siemplify_search_everything_db
AlertOntologyFamilies
TenantId
uuid
siemplify_search_everything_db
AlertOntologyFamilies
ModificationTimeUnixTimeInMs
bigint
Database
Table Name
Column Name
Data Type
siemplify_search_everything_db
AlertProductsDistribuations
Id
bigint
siemplify_search_everything_db
AlertProductsDistribuations
CreationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertProductsDistribuations
ModificationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertProductsDistribuations
CaseId
bigint
siemplify_search_everything_db
AlertProductsDistribuations
Environment
USER-DEFINED
siemplify_search_everything_db
AlertProductsDistribuations
AlertIdentifier
USER-DEFINED
siemplify_search_everything_db
AlertProductsDistribuations
Product
USER-DEFINED
siemplify_search_everything_db
AlertProductsDistribuations
TenantId
uuid
Database
Table Name
Column Name
Data Type
siemplify_search_everything_db
AlertTagsDistribuations
Id
bigint
siemplify_search_everything_db
AlertTagsDistribuations
CreationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertTagsDistribuations
ModificationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertTagsDistribuations
CaseId
bigint
siemplify_search_everything_db
AlertTagsDistribuations
Environment
USER-DEFINED
siemplify_search_everything_db
AlertTagsDistribuations
AlertIdentifier
USER-DEFINED
siemplify_search_everything_db
AlertTagsDistribuations
Tag
USER-DEFINED
siemplify_search_everything_db
AlertTagsDistribuations
TenantId
uuid
Database
Table Name
Column Name
Data Type
siemplify_search_everything_db
AlertUsersDistribuations
Id
bigint
siemplify_search_everything_db
AlertUsersDistribuations
CreationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertUsersDistribuations
ModificationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertUsersDistribuations
CaseId
bigint
siemplify_search_everything_db
AlertUsersDistribuations
Environment
USER-DEFINED
siemplify_search_everything_db
AlertUsersDistribuations
AlertIdentifier
USER-DEFINED
siemplify_search_everything_db
AlertUsersDistribuations
User
USER-DEFINED
siemplify_search_everything_db
AlertUsersDistribuations
IsSuspicous
boolean
siemplify_search_everything_db
AlertUsersDistribuations
IsInternal
boolean
siemplify_search_everything_db
AlertUsersDistribuations
TenantId
uuid
Database
Table Name
Column Name
Data Type
siemplify_search_everything_db
AlertsDistribuations
Id
bigint
siemplify_search_everything_db
AlertsDistribuations
CreationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertsDistribuations
ModificationTimeUnixTimeInMs
bigint
siemplify_search_everything_db
AlertsDistribuations
CaseId
bigint
siemplify_search_everything_db
AlertsDistribuations
Environment
USER-DEFINED
siemplify_search_everything_db
AlertsDistribuations
AlertIdentifier
USER-DEFINED
siemplify_search_everything_db
AlertsDistribuations
TenantId
uuid
| Database | Table Name | Column Name | Data Type | Notes |
|---|---|---|---|---|
|
siemplify_search_everything_db
|
CaseAssignActivities | Id | bigint | |
|
siemplify_search_everything_db
|
CaseAssignActivities | CreationTimeUnixTimeInMs | bigint | |
|
siemplify_search_everything_db
|
CaseAssignActivities | ModificationTimeUnixTimeInMs | bigint | |
|
siemplify_search_everything_db
|
CaseAssignActivities | CaseId | bigint | |
|
siemplify_search_everything_db
|
CaseAssignActivities | UserName | USER-DEFINED | This is a GUID generated by the system. Join with MetadataUserProfiles to fetch user friendly info |
|
siemplify_search_everything_db
|
CaseAssignActivities | SocRoleId | bigint | |
|
siemplify_search_everything_db
|
CaseAssignActivities | TenantId | uuid | |
|
siemplify_search_everything_db
|
CaseAssignActivities | SocRoleIds | ARRAY |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
CaseMergeHistories | Id | bigint |
|
siemplify_search_everything_db
|
CaseMergeHistories | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CaseMergeHistories | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CaseMergeHistories | MergedToCaseId | bigint |
|
siemplify_search_everything_db
|
CaseMergeHistories | MergedFromCaseId | bigint |
|
siemplify_search_everything_db
|
CaseMergeHistories | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
CaseRecommendationRecords | CaseId | bigint |
|
siemplify_search_everything_db
|
CaseRecommendationRecords | SimilarCaseId | bigint |
|
siemplify_search_everything_db
|
CaseRecommendationRecords | Id | bigint |
|
siemplify_search_everything_db
|
CaseRecommendationRecords | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CaseRecommendationRecords | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CaseRecommendationRecords | ScorePrecent | integer |
|
siemplify_search_everything_db
|
CaseRecommendationRecords | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
CaseSearchFiltersValues | Type | integer |
|
siemplify_search_everything_db
|
CaseSearchFiltersValues | Value | USER-DEFINED |
|
siemplify_search_everything_db
|
CaseSearchFiltersValues | Environment | USER-DEFINED |
|
siemplify_search_everything_db
|
CaseSearchFiltersValues | ForMigration | boolean |
|
siemplify_search_everything_db
|
CaseSearchFiltersValues | UsageFrequency | bigint |
|
siemplify_search_everything_db
|
CaseSearchFiltersValues | TenantId | uuid |
|
siemplify_search_everything_db
|
CaseSearchFiltersValues | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
CaseStageEntries | CaseId | bigint |
|
siemplify_search_everything_db
|
CaseStageEntries | StageEntryUnixTimeMs | bigint |
|
siemplify_search_everything_db
|
CaseStageEntries | TenantId | uuid |
|
siemplify_search_everything_db
|
CaseStageEntries | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CaseStageEntries | Stage | USER-DEFINED |
|
siemplify_search_everything_db
|
CaseStageEntries | Comment | USER-DEFINED |
|
siemplify_search_everything_db
|
CaseStageEntries | Type | text |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
CustomFieldValues | Scope | character varying |
|
siemplify_search_everything_db
|
CustomFieldValues | CustomFieldId | bigint |
|
siemplify_search_everything_db
|
CustomFieldValues | Identifier | bigint |
|
siemplify_search_everything_db
|
CustomFieldValues | ValuesList | jsonb |
|
siemplify_search_everything_db
|
CustomFieldValues | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CustomFieldValues | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CustomFieldValues | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
CustomFields | Id | bigint |
|
siemplify_search_everything_db
|
CustomFields | DisplayName | USER-DEFINED |
|
siemplify_search_everything_db
|
CustomFields | Description | USER-DEFINED |
|
siemplify_search_everything_db
|
CustomFields | Type | character varying |
|
siemplify_search_everything_db
|
CustomFields | Options | jsonb |
|
siemplify_search_everything_db
|
CustomFields | Scopes | integer |
|
siemplify_search_everything_db
|
CustomFields | IsDeleted | boolean |
|
siemplify_search_everything_db
|
CustomFields | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CustomFields | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
CustomFields | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardAlertCategoryOutcomes | Id | bigint |
|
siemplify_search_everything_db
|
DashboardAlertCategoryOutcomes | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardAlertCategoryOutcomes | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertCategoryOutcomes | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertCategoryOutcomes | CategoryOutcome | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertCategoryOutcomes | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertCategoryOutcomes | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardAlertEntities | Id | bigint |
|
siemplify_search_everything_db
|
DashboardAlertEntities | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardAlertEntities | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertEntities | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertEntities | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertEntities | EntityIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertEntities | EntityType | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertEntities | EntityEnvironment | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertEntities | TenantId | uuid |
|
siemplify_search_everything_db
|
DashboardAlertEntities | IsSuspicious | boolean |
|
siemplify_search_everything_db
|
DashboardAlertEntities | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardAlertNetworks | Id | bigint |
|
siemplify_search_everything_db
|
DashboardAlertNetworks | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardAlertNetworks | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertNetworks | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertNetworks | Network | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertNetworks | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertNetworks | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardAlertPlaybooks | Id | bigint |
|
siemplify_search_everything_db
|
DashboardAlertPlaybooks | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardAlertPlaybooks | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertPlaybooks | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertPlaybooks | PlaybookName | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertPlaybooks | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertPlaybooks | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardAlertPorts | Id | bigint |
|
siemplify_search_everything_db
|
DashboardAlertPorts | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardAlertPorts | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertPorts | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertPorts | Port | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertPorts | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertPorts | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardAlertProducts | Id | bigint |
|
siemplify_search_everything_db
|
DashboardAlertProducts | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardAlertProducts | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertProducts | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertProducts | Product | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlertProducts | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlertProducts | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardAlerts | Id | bigint |
|
siemplify_search_everything_db
|
DashboardAlerts | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardAlerts | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlerts | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlerts | RuleName | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlerts | Environment | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlerts | ActionType | integer |
|
siemplify_search_everything_db
|
DashboardAlerts | HasPlaybook | boolean |
|
siemplify_search_everything_db
|
DashboardAlerts | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlerts | Status | integer |
|
siemplify_search_everything_db
|
DashboardAlerts | TenantId | uuid |
|
siemplify_search_everything_db
|
DashboardAlerts | Vendor | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlerts | Product | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlerts | OriginalAlertCreationTime | bigint |
|
siemplify_search_everything_db
|
DashboardAlerts | OriginalAlertStartTime | bigint |
|
siemplify_search_everything_db
|
DashboardAlerts | OriginalAlertEndTime | bigint |
|
siemplify_search_everything_db
|
DashboardAlerts | CloseReason | integer |
|
siemplify_search_everything_db
|
DashboardAlerts | LastCloseComment | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlerts | LastCloseRootCause | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlerts | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardAlerts | Priority | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardAlerts | SourceSystemName | USER-DEFINED |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardCaseTags | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardCaseTags | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardCaseTags | Tag | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCaseTags | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardCaseTags | TenantId | uuid |
|
siemplify_search_everything_db
|
DashboardCaseTags | IsDeleted | boolean |
|
siemplify_search_everything_db
|
DashboardCaseTags | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardCaseTasks | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardCaseTasks | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardCaseTasks | Creator | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCaseTasks | Owner | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCaseTasks | TaskId | bigint |
|
siemplify_search_everything_db
|
DashboardCaseTasks | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardCaseTasks | Status | integer |
|
siemplify_search_everything_db
|
DashboardCaseTasks | CasePriority | integer |
|
siemplify_search_everything_db
|
DashboardCaseTasks | DueDateInUnixtimeMs | bigint |
|
siemplify_search_everything_db
|
DashboardCaseTasks | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardCases | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardCases | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardCases | Analyst | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | Environment | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | IsImportant | boolean |
|
siemplify_search_everything_db
|
DashboardCases | Status | integer |
|
siemplify_search_everything_db
|
DashboardCases | RootCause | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | CasePriority | integer |
|
siemplify_search_everything_db
|
DashboardCases | CaseStage | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | HandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardCases | CaseCloseReason | integer |
|
siemplify_search_everything_db
|
DashboardCases | SlaExpirationUnixTime | bigint |
|
siemplify_search_everything_db
|
DashboardCases | IsIncident | boolean |
|
siemplify_search_everything_db
|
DashboardCases | SlaHandlingTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardCases | ClosedCaseSlaStatusEnum | integer |
|
siemplify_search_everything_db
|
DashboardCases | SocRoleId | bigint |
|
siemplify_search_everything_db
|
DashboardCases | Title | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | Touched | boolean |
|
siemplify_search_everything_db
|
DashboardCases | CaseClosedActionType | integer |
|
siemplify_search_everything_db
|
DashboardCases | TenantId | uuid |
|
siemplify_search_everything_db
|
DashboardCases | Source | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | LastModifyingUser | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | ExternalCaseId | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | IsOverflowCase | boolean |
|
siemplify_search_everything_db
|
DashboardCases | Type | integer |
|
siemplify_search_everything_db
|
DashboardCases | Description | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardCases | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardCases | SocRoleIds | ARRAY |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
DashboardStageTransitions | Id | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | CaseId | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | PreviousStage | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardStageTransitions | NewStage | USER-DEFINED |
|
siemplify_search_everything_db
|
DashboardStageTransitions | PreviousStageDurationMs | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | StartTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | EndTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | StageSlaCriticalExpirationUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | StageSlaExpirationUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
DashboardStageTransitions | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
EntitySearchFiltersValues | Type | integer |
|
siemplify_search_everything_db
|
EntitySearchFiltersValues | Value | USER-DEFINED |
|
siemplify_search_everything_db
|
EntitySearchFiltersValues | Environment | USER-DEFINED |
|
siemplify_search_everything_db
|
EntitySearchFiltersValues | ForMigration | boolean |
|
siemplify_search_everything_db
|
EntitySearchFiltersValues | UsageFrequency | bigint |
|
siemplify_search_everything_db
|
EntitySearchFiltersValues | TenantId | uuid |
|
siemplify_search_everything_db
|
EntitySearchFiltersValues | CreationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type | Notes |
|---|---|---|---|---|
|
siemplify_search_everything_db
|
EnvironmentFilterExclusion | Username | text | This is a GUID generated by the system. Join with MetadataUserProfiles to fetch user friendly info |
|
siemplify_search_everything_db
|
EnvironmentFilterExclusion | CaseId | bigint | |
|
siemplify_search_everything_db
|
EnvironmentFilterExclusion | Source | integer | |
|
siemplify_search_everything_db
|
EnvironmentFilterExclusion | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
InvolvedEntityRelations | Id | bigint |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | Identifier | USER-DEFINED |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | FromIdentifier | text |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | FromType | text |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | ToIdentifier | text |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | ToType | text |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | IsSecondaryLink | boolean |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | CaseId | bigint |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | EndTime | bigint |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | StartTime | bigint |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | Environment | USER-DEFINED |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | DeviceProduct | USER-DEFINED |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | CategoryOutcome | USER-DEFINED |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | DestinationPort | USER-DEFINED |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | RelationType | USER-DEFINED |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | TenantId | uuid |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
InvolvedEntityRelations | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
MetadataCaseStages | Id | bigint |
|
siemplify_search_everything_db
|
MetadataCaseStages | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataCaseStages | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataCaseStages | Name | text |
|
siemplify_search_everything_db
|
MetadataCaseStages | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | Id | bigint |
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | Name | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | Type | integer |
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | DefaultValue | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | OptionalValuesJson | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | IsDeleted | boolean |
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | TenantId | uuid |
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataEnvironmentDynamicParameters | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
MetadataOperatingEnvironmentDynamicParameters | EnvironmentId | bigint |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironmentDynamicParameters | DynamicParameterId | bigint |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironmentDynamicParameters | Value | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironmentDynamicParameters | IsDeleted | boolean |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironmentDynamicParameters | TenantId | uuid |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironmentDynamicParameters | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
MetadataOperatingEnvironments | Id | bigint |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironments | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironments | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironments | Name | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataOperatingEnvironments | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
MetadataSocRoles | Id | bigint |
|
siemplify_search_everything_db
|
MetadataSocRoles | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataSocRoles | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataSocRoles | Name | text |
|
siemplify_search_everything_db
|
MetadataSocRoles | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
MetadataUserProfiles | Id | bigint |
|
siemplify_search_everything_db
|
MetadataUserProfiles | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataUserProfiles | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
MetadataUserProfiles | FirstName | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataUserProfiles | LastName | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataUserProfiles | USER-DEFINED | |
|
siemplify_search_everything_db
|
MetadataUserProfiles | UserName | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataUserProfiles | IsDisabled | boolean |
|
siemplify_search_everything_db
|
MetadataUserProfiles | EnvironmentsJson | USER-DEFINED |
|
siemplify_search_everything_db
|
MetadataUserProfiles | SocRoleId | integer |
|
siemplify_search_everything_db
|
MetadataUserProfiles | TenantId | uuid |
|
siemplify_search_everything_db
|
MetadataUserProfiles | LastLoginTime | bigint |
|
siemplify_search_everything_db
|
MetadataUserProfiles | SocRoleIds | ARRAY |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
SystemActionResults | Id | bigint |
|
siemplify_search_everything_db
|
SystemActionResults | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemActionResults | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemActionResults | CaseId | bigint |
|
siemplify_search_everything_db
|
SystemActionResults | ResultValue | text |
|
siemplify_search_everything_db
|
SystemActionResults | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
SystemAlertSlas | Id | bigint |
|
siemplify_search_everything_db
|
SystemAlertSlas | AlertGroupIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
SystemAlertSlas | SlaCalculationType | integer |
|
siemplify_search_everything_db
|
SystemAlertSlas | SlaStatus | integer |
|
siemplify_search_everything_db
|
SystemAlertSlas | SlaExpirationUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemAlertSlas | SlaCriticalExpirationUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemAlertSlas | Value | USER-DEFINED |
|
siemplify_search_everything_db
|
SystemAlertSlas | SlaTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemAlertSlas | SlaCriticalTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemAlertSlas | ElapsedTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemAlertSlas | TenantId | uuid |
|
siemplify_search_everything_db
|
SystemAlertSlas | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemAlertSlas | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
SystemCaseSlas | Id | bigint |
|
siemplify_search_everything_db
|
SystemCaseSlas | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemCaseSlas | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemCaseSlas | CaseId | bigint |
|
siemplify_search_everything_db
|
SystemCaseSlas | CaseSlaType | integer |
|
siemplify_search_everything_db
|
SystemCaseSlas | CaseSlaStatus | integer |
|
siemplify_search_everything_db
|
SystemCaseSlas | Value | USER-DEFINED |
|
siemplify_search_everything_db
|
SystemCaseSlas | SlaTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemCaseSlas | SlaCriticalTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemCaseSlas | ElapsedTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemCaseSlas | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
SystemInvolvedThreatIndicators | Id | bigint |
|
siemplify_search_everything_db
|
SystemInvolvedThreatIndicators | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemInvolvedThreatIndicators | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
SystemInvolvedThreatIndicators | CaseId | bigint |
|
siemplify_search_everything_db
|
SystemInvolvedThreatIndicators | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
WorkflowIndexRecords | Id | bigint |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | CaseId | bigint |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | StartTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | EndTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | Status | text |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | WorkflowInstanceId | bigint |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | WorkflowDefinitionIdentifier | uuid |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | OriginalWorkflowIdentifier | uuid |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | Environment | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | PlaybookType | text |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | Failed | boolean |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | WorkflowName | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | BlockStepId | uuid |
|
siemplify_search_everything_db
|
WorkflowIndexRecords | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | Id | bigint |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | CreationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | ModificationTimeUnixTimeInMs | bigint |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | CaseId | bigint |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | AlertIdentifier | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | WorkflowInstanceId | bigint |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | WorkflowDefinitionIdentifier | uuid |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | OriginalWorkflowIdentifier | uuid |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | WorkflowStepIdentifier | uuid |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | StepInstanceName | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | StepActionName | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | StepIntegration | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | Environment | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | Status | text |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | ResultMessage | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | ResultValue | USER-DEFINED |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | IsAutomatic | boolean |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | OriginalWorkflowStepIdentifier | uuid |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | BlockStepId | uuid |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | NestedWorkflowInstanceId | bigint |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | Invalidated | boolean |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | ActionResultId | bigint |
|
siemplify_search_everything_db
|
WorkflowStepIndexRecords | TenantId | uuid |
Need more help? Get answers from Community members and Google SecOps professionals.
