The following views exist to allow access to Real-time Monitoring data.
View: mgmt$ccc_all_observations
Description: This view returns all observations that have occurred. Any query against
this view should ensure that filtering is done on appropriate fields with action_time being the first to take advantage of partitions.
Fields:
Field Description
OBSERVATION_ID Unique ID given to the observation when detected by the agent
BUNDLE_ID Bundle to which this observation belongs based on rule bundle settings
TARGET Target this observation was found against TARGET_TYPE Type of the target
ENTITY_TYPE Entity type of the entity that had an action against it
ACTION Action that was observed ACTION_TIME Time the action occurred
USER_TYPE Type of user that performed the action (for example, OS user versus DB user) USER_PERFORMING_ACTION Name of the user that performed the action ORIGINAL_USER_NAME Previous user name in the case of a SU/SUDO
action (only applicable to some entity types) AFFECTED_ENTITY_NAME Name of the entity that was affected by this
action (file name, and so on)
AFFECTED_ENTITY_PREVIOUS_NAME Name of the entity prior to the action. For instance for file rename actions, this would be the old file name.
SOURCE_HOST_IP Source IP of a connection when an action comes from another host (only applicable to some entity types)
ACTION_PROCESS_ID PID of the process that performed the action (only applicable to some entity types)
ACTION_PROCESS_NAME Name of the process that performed the action (only applicable to some entity types)
ACTION_PARENT_PROCESS_ID PID of the parent process of the process that performed the action (only applicable to some entity types)
ACTION_PARENT_PROCESS_NAME Name of the parent process of the process that performed the action (only applicable to some entity types)
ENTITY_PREVIOUS_VALUE Previous value of the entity (only applicable to some entity types)
ENTITY_NEW_VALUE New value of the entity (only applicable to some entity types)
FILE_ENTITY_PREVIOUS_MD5_HASH Previous MD5 hash value of the entity (only applicable to some entity types)
FILE_ENTITY_NEW_MD5_HASH New MD5 hash value of the entity (only applicable to some entity types
Chapter 4
Field Description
AUDIT_STATUS Current audit status of the observation
(unaudited, authorized, unauthorized, and so on) AUDIT_STATUS_SET_DATE Date the most recent audit status was set AUDIT_STATUS_SET_BY_USER User who set the most recent audit status
View: mgmt$ccc_all_obs_bundles
Description: This view returns a summary of all observations bundles. Any query
against this view should ensure that filtering is done on appropriate fields with bundle_start_time being the first to take advantage of partitions.
Fields:
Field Description
BUNDLE_ID Bundle to which this observation belongs based on rule bundle settings
TARGET Target this observation was found against TARGET_TYPE Type of the target
RULE_NAME Name of the Real-time Monitoring Compliance Standard Rule
ENTITY_TYPE Entity type of the entity that had an action against it
USER_PERFORMING_ACTION Name of the user that performed the action BUNDLE_IN_VIOLATION Boolean value if the bundle currently is in
violation. This means at least one observation in the bundle is unauthorized. True indicates the bundle is in violation.
BUNDLE_START_TIME Date of the first observation in this bundle BUNDLE_CLOSE_TIME Date when this bundle was closed BUNDLE_CLOSE_REASON Explanation of why this bundle was closed DISTINCT_OBS_COUNT Total number of observations in this bundle AUTHORIZED_OBS_COUNT Number of observations in this bundle that are
currently authorized
UNAUTHORIZED_OBS_COUNT Number of observations in this bundle that are currently unauthorized
UNAUTH_CLEARED_OBS_COUNT Number of observations in this bundle that are currently cleared (that were at one point unauthorized)
UNAUDITED_OBS_COUNT Number of observations in this bundle that are currently unaudited. They have not been evaluated manually or with Change Management integration to determine audit status.
View: mgmt$ccc_all_violations
Description: This view returns all real-time monitoring violations caused by an
observation bundle having at least one unauthorized observation in it.
Field Description
ROOT_CS_ID Root Compliance Standard GUID. This is used for internal representation of the violation context.
RQS_ID Runtime compliance standard GUID. This is used for internal representation of the violation context.
RULE_ID Rule GUID. Internal ID of the rule having a violation.
TARGET_ID Target GUID. Internal ID of the target having a violation.
ROOT_TARGET_ID Root Target GUID. Internal ID of target hierarchy. RULE_TYPE Type of rule (Repository, Weblogic Server
Signature, Real-time Monitoring)
SEVERITY Severity Level of the rule (Info, Warning, Critical) BUNDLE_ID Internal ID of the Observation Bundle that is in
violation. This observation bundle has one or more unauthorized observations in it BUNDLE_START_TIME Time the Observation Bundle started BUNDLE_CLOSE_TIME Time the Observation Bundle closed
TARGET_TYPE Target Type of the Observation Bundle and all observations inside that bundle.
ENTITY_TYPE Entity Type of the Observation Bundle and all observations inside that bundle.
USER_NAME User name that performed the actions in this bundle
AUTHORIZED_OBS_COUNT Number of Authorized observations in the observation bundle involved in this violation. UNAUTHORIZED_OBS_COUNT Number of Unauthorized observations in the observation bundle involved in this violation. UNAUDITED_OBS_COUNT Number of unaudited observations in the
observation bundle involved in this violation. RULE_NAME Rule Name this violation is against.
COMPLIANCE_STANDARD_NAME Compliance Standard Name this violation is against.
TARGET Target Name this violation is against.
View: mgmt$compliant_targets
Description: This view returns all evaluation and violation details for all targets. This
is the same data that is shown in the Compliance Summary dashboard regions for targets.
Fields:
Field Description
TARGET_ID Internal representation of the Target TARGET_NAME Name of the Target
Chapter 4
Field Description
TARGET_TYPE Target Type of the Target
TARTGET_TYPE_INAME Internal representation of the Target Type CRIT_EVALS Number of Critical-level Evaluations WARN_EVALS Number of Warning-level Evaluations COMPLIANT_EVALS Number of Compliant Evaluations CRIT_VIOLATIONS Number of Critical-level Violations WARN_VIOLATIONS Number of Warning-level Violations MWARN_VIOLATIONS Number of Minor Warning-level Violations COMPLIANCE_SCORE Current Compliance Score for the target
View: mgmt$compliance_summary
Description: This view returns all evaluation and violation details for Compliance
Standards and Frameworks. This is the same data that is shown in the Compliance Summary dashboard regions for Standards and Frameworks.
Fields:
Field Description
ELEMENT_NAME Display name of the Compliance Standard or Compliance Framework
ELEMENT_ID Internal ID of the compliance standard or compliance framework
FRAMEWORK_ID Internal ID of the Compliance Framework CRIT_EVALS Number of Critical-level Evaluations WARN_EVALS Number of Warning-level Evaluations COMPLIANT_EVALS Number of Compliant Evaluations CRIT_VIOLATIONS Number of Critical-level Violations WARN_VIOLATIONS Number of Warning-level Violations MWARN_VIOLATIONS Number of Minor Warning-level Violations COMPLIANCE_SCORE Current compliance score for the standard or
framework
NON_COMPLIANT_SCORE Current non-compliant score for the standard or framework
ELEMENT_TYPE Type of element (1=Compliance Standard, 4=Compliance Framework)
AUTHOR Author of the standard or framework VERSION Version of the standard or framework ELEMENT_INAME Internal representation of the standard or
framework
View: mgmt$compliance_trend
Description: This view returns the last 31 days compliance trend information for
compliance frameworks and standards. This is the same data that is shown in the
Fields:
Field Description
ELEMENT_ID Internal ID representation of the standard or framework
FRAMEWORK_ID Internal ID representation of the compliance framework
ELEMENT_NAME Display name of the Compliance Standard or Compliance Framework
ELEMENT_INAME Internal representation of the standard or framework
AVG_COMPLIANCE_SCORE Average compliance score over last 31 days DAILY_AVG_VIOLATIONS Average number of violations per day over last
31 days
SNAPSHOT_TS The snapshot timestamp
TOTAL_EVALS Total evaluations over last 31 days ELEMENT_TYPE Type of element (1=Compliance Standard,
4=Compliance Framework)