Siemplify Search Everything database
Supported in:
This document outlines the schema for the siemplify_search_everything_db, a database designed to store and manage data for Google SecOps. This database is published to a BigQuery dataset using BYOBQ (Bring your own BigQuery) to provide the customer raw data for analysis
The database is structured to capture a comprehensive view of security operations, including:
- Alert and case data: Detailed information about security alerts, the cases they are associated with, and their various attributes like networks, products, and tags.
- Playbooks and action results: Information about the execution of automated workflows and playbooks, including their status and results.
- Metadata and configuration: Tables that store configuration data for the Siemplify platform, such as case stages, user profiles, and environment parameters.
- System and sync information: Data related to system actions and the synchronization of data within the platform.
Database overview
- Purpose and usage: The Search Everything database serves as a central repository for managing and analyzing alert-related data. It provides a structured way to handle incidents, track their status, and gain insights into various aspects of incidents.
- Entities and relationships: This database is designed for management and analysis. Key entities include cases, alerts, users, tasks, tags, and more. These entities have specific relationships that offer a comprehensive view of incidents.
- Hierarchy of data: At its core, the database is built around cases and alerts. Alerts, representing individual incidents, are grouped into cases, forming the basis for incident management. Tags, tasks, and additional data enrich the incident context within each case.
Key concepts
- Cases and alerts: A case represents a collection of related alerts that form an incident. It encapsulates information about the incident's status, assigned analysts, stages of investigation, and more. An alert, on the other hand, is an individual event that triggers attention and requires investigation.
- Tags and tasks: Tags allow cases to be categorized and organized based on common attributes. Tasks are action items associated with cases, aiding in workflow management. Analysts can assign tasks, track progress, and ensure timely resolution of incidents.
- Stages and users: Stages represent the various phases in the lifecycle of a case, from detection to resolution. Each stage reflects a specific state of investigation. Users, often analysts, are assigned to cases and contribute to their investigation and resolution.
- Workflow and enrichments: Workflow refers to a predefined sequence of steps that guide incident handling. It helps automate processes and ensures consistent investigation. Enrichments are additional insights, data, or metadata added to incidents during the workflow, enhancing the context for analysis.
Entities definitions
Understanding the core entities present in the Search Everything database is essential for navigating and utilizing its features effectively. Here's an overview of these key entities:
- Cases: Cases represent individual incidents or investigations within the database. They encapsulate a collection of related alerts, tasks, and tags, forming the foundation for incident management. Each case progresses through different stages, reflecting its investigation status.
- Alerts: Alerts are individual incidents triggering attention and investigation. They provide information about the event's details, timestamp, and relevant metadata. Alerts can be associated with specific cases to facilitate comprehensive incident analysis.
- Tags: Tags are labels used to categorize and organize cases based on common attributes. They offer a flexible way to group cases for easy retrieval and analysis, contributing to efficient incident management.
- Tasks: Tasks represent actionable items associated with cases. They can be assigned to analysts to facilitate the investigation process and ensure timely resolution. Tasks are integral to workflow management and collaboration.
- Users: Users are individuals, often analysts, who interact with the database to investigate and resolve incidents. They can be assigned to cases, collaborate on tasks, and contribute to the overall investigation process.
- Stages: Stages represent the different phases that a case goes through during its lifecycle. Each stage signifies a specific state of investigation or resolution, guiding analysts in their workflow and providing insights into the case's progress.
- Entities: Entities are key elements within incidents, such as IP addresses, domains, or users. They are associated with alerts and cases, enriching incident context and aiding in analysis.
Basic and core units
- Cases and alerts: These are the core units representing issues and notifications. Cases drive the workflow, and alerts provide information about the issue's source.
- Users: Users are essential for system interaction and management.
- Tags: Tags help in categorizing and organizing cases for better management.
- Stages: Stages define the different phases a case goes through, providing clarity on its progress.
Relationships
The relationships between key tables in the Search Everything database are fundamental to understanding how different entities interact and contribute to incident management. These relationships are crucial for maintaining context, enabling efficient investigation, and ensuring a streamlined workflow. Here's an overview of some key relationships:
- Cases-Alerts (One-to-Many): Each case can encompass multiple alerts, forming the cornerstone of incident investigation. This relationship allows analysts to group related alerts under a common incident, enabling comprehensive analysis and efficient resolution.
- Cases-Tags (Many-to-Many): Cases can be associated with multiple tags, providing a flexible way to categorize and organize incidents based on shared attributes. This many-to-many relationship enhances case management by allowing efficient filtering and grouping of incidents.
- Cases-Tasks (One-to-Many): Each case can have multiple associated tasks, representing action items that need to be completed during the investigation and resolution process. This relationship helps analysts keep track of tasks, assign responsibilities, and manage their progress.
- Cases-Users (Many-to-Many): Cases involve collaboration among multiple users, often analysts responsible for investigating and resolving incidents. This many-to-many relationship enables efficient assignment of analysts to cases, facilitating teamwork and knowledge sharing.
- Cases-Stages (One-to-Many): Cases progress through various stages during their lifecycle, from detection to resolution. This relationship allows cases to be categorized based on their current stage, providing insights into the investigation's progress.
- Alerts-Entities (One-to-Many): Alerts can be associated with multiple entities, such as IP addresses, domains, or users. This relationship enriches alert context by providing additional information about the entities involved in the incident.
- Cases-Entities (One-to-Many): Similarly, cases can also be associated with multiple entities, enhancing the context of the overall investigation.
- Cases-Workflows (One-to-Many): Each case can be associated with multiple workflows, reflecting the various automated processes and investigation steps applied to the incident. This relationship allows analysts to track the progress of automated actions and enrichment processes within the context of a case.
- Workflows-WorkflowSteps (One-to-Many): Workflows are composed of multiple workflow steps, each representing a specific automated action or decision point. This relationship outlines the sequence of actions taken during the investigation, enriching the incident's context and providing transparency into the automated processes.
- WorkflowSteps-Entities (One-to-Many): Workflow steps can be associated with multiple entities, such as IP addresses, domains, or artifacts. This relationship enhances the context of each workflow step by linking it to the relevant entities and their details.
- WorkflowIndexRecords-Cases (Many-to-One): Workflow index records are linked to specific cases through this relationship. This allows analysts to trace the history of automated actions and decisions within the context of a particular incident.
- WorkflowIndexRecords-WorkflowSteps (Many-to-One): Similarly, each workflow index record corresponds to a specific workflow step. This relationship aids in tracking the execution and outcomes of individual automated actions.
Enrichments
These enrichment tables, when appropriately joined with the main entity tables, enable analysts to access a wealth of additional information and context that enhance the understanding and analysis of incidents, alerts, and cases within the Search Everything database.
- AlertOntologyFamilies: This table holds enrichment data related to the ontology families associated with alerts. Joining this table with the main alerts data can provide insights into the classification and categorization of alerts based on predefined ontology families.
- DashboardAlertCategoryOutcomes: Enrichment data regarding the categorization outcomes of alerts is stored here. Linking this table with alerts can offer insights into the outcomes and handling times of different alert categories.
- DashboardAlertEntities: This table contains enrichments related to entities associated with alerts. By joining this table with alerts, you can access additional details about the entities, such as their type and environment.
- DashboardAlertNetworks: Enrichment data about the networks associated with alerts is stored here. Joining this table with alerts can provide insights into the network context of alerts.
- DashboardAlertPlaybooks: This table holds enrichments related to playbooks associated with alerts. By linking this table with alerts, you can gain insights into the playbooks executed for specific alerts.
- DashboardAlertPorts: Enrichment data about ports associated with alerts is stored here. Joining this table with alerts can provide insights into the port-related context of alerts.
- DashboardAlertProducts: This table contains enrichments related to products associated with alerts. Joining this table with alerts can provide insights into the products or services associated with specific alerts.
- DashboardAlerts: This table contains the primary alert data. Other enrichment tables can be joined with this table to provide a comprehensive view of various aspects of alerts.
- DashboardCaseTags: Enrichment data related to tags associated with cases is stored in this table. Joining this table with cases can provide insights into the tags applied to specific cases.
- DashboardCaseTasks: This table contains enrichments related to tasks associated with cases. By joining this table with cases, you can gain insights into the tasks assigned to specific cases.
- DashboardCases: This table contains the primary case data. Other enrichment tables can be joined with this table to provide additional context and details about cases.
- WorkflowIndexRecords: Note that this table is not recommended for use because its data may not be fully synchronized. For reliable data regarding case stages and transitions, use the CaseStageEntries table instead.
- WorkflowStepIndexRecords: Enrichment data related to individual workflow steps is stored here. Joining this table with cases can provide insights into the specific automated actions and decisions applied within the workflow.
Tables reference
The following table provides a quick reference to all main tables within the Search Everything database and a brief explanation of the data they contain.
| Table name | Purpose |
|---|---|
| AdditionalSocRoleAccesses | Defines which SOC roles have access to other SOC roles. |
| AlertNetworksDistribuations | Stores information about the distribution of alert networks, linking them to cases, environments, and tenants. |
| AlertOntologyFamilies | Contains details about alert ontology families, including their visual family and the case and tenant they belong to. |
| AlertProductsDistribuations | Tracks the distribution of alert products, associating them with specific cases, environments, and tenants. |
| AlertTagsDistribuations | Manages the distribution of tags for alerts, linking them to cases, environments, and tenants. |
| AlertUsersDistribuations | Records information about users associated with alerts, including whether they are considered suspicious or internal. |
| AlertsDistribuations | Contains data on the distribution of alerts to different cases, environments, and tenants. |
| CaseAssignActivities | Logs activities related to the assignment of cases, including the user, role, and tenant involved. |
| CaseMergeHistories | Records the history of case merges, indicating which cases were merged and the tenant they belong to. |
| CaseRecommendationRecords | Stores recommendations for similar cases, including the score and tenant associated with the recommendation. |
| CaseSearchFiltersValues | Contains values for case search filters, including the type, value, and usage frequency. |
| CaseStageEntries | Logs entries for different stages of a case, including comments, timestamps, and the tenant. |
| CustomFieldValues | Stores the values for custom fields, linking them to a specific scope, identifier, and tenant. |
| CustomFields | Defines custom fields that can be used across different scopes, including their type, options, and tenant. |
| DashboardAlertCategoryOutcomes | Tracks the outcomes of alert categories for reporting, including handling times and tenant information. |
| DashboardAlertEntities | Contains information about entities related to alerts, such as their type, environment, and whether they are suspicious. |
| DashboardAlertNetworks | Stores data about networks associated with alerts, including handling times and tenant information. |
| DashboardAlertPlaybooks | Records which playbooks are associated with alerts, along with handling times and tenant details. |
| DashboardAlertPorts | Tracks ports related to alerts, including handling times and tenant information. |
| DashboardAlertProducts | Contains information about products associated with alerts, including handling times and tenant details. |
| DashboardAlerts | Stores detailed information about alerts for display, including their status, priority, and handling time, rule name, vendor, product, and source system. |
| DashboardCaseTags | Manages tags associated with cases for filtering and reporting, including their creation time and tenant. |
| DashboardCaseTasks | Records tasks related to cases for tracking, including their owner, status, and due date. |
| DashboardCases | Contains comprehensive data about cases for visualization, including the analyst, status, priority, stage, and SLA information. |
| EntitySearchFiltersValues | Stores values for entity search filters, including their type, value, and usage frequency. |
| EnvironmentGroups | Groups environments together, including a name, description, and the environments within the group. |
| InvolvedEntityRelations | Records relationships between entities involved in cases, including their identifiers, types, and the tenant, along with temporal and context details. |
| MetadataCaseStages | Defines the different stages that a case can go through within a specific tenant. |
| MetadataEnvironmentDynamicParameters | Stores dynamic parameters for environments, including their type, default value, and optional values. |
| MetadataOperatingEnvironmentDynamicParameters | Manages dynamic parameters for specific operating environments within a tenant. |
| MetadataOperatingEnvironments | Contains information about different operating environments within a tenant. |
| MetadataSocRoles | Defines the security operations center (SOC) roles within a tenant. |
| MetadataUserProfiles | Stores user profile information, including their names, email, roles, and assigned environments. |
| SystemActionResults | Records the results of system actions, linking them to a specific case and tenant. |
| SystemAlertSlas | Tracks service level agreements (SLAs) for system alerts, including their status and expiration times. |
| SystemCaseSlas | Manages SLAs for cases, including their type, status, and elapsed time. |
| SystemInvolvedThreatIndicators | Records threat indicators that are involved in system cases. |
| WorkflowIndexRecords | Contains index records for workflows, linking them to cases, alerts, and tenants. |
| WorkflowStepIndexRecords | Contains index records for individual steps within a workflow, including their status and results. |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | AlertNetworksDistribuations | Id | bigint |
| siemplify_search_everything_db | AlertNetworksDistribuations | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertNetworksDistribuations | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertNetworksDistribuations | CaseId | bigint |
| siemplify_search_everything_db | AlertNetworksDistribuations | Environment | USER-DEFINED |
| siemplify_search_everything_db | AlertNetworksDistribuations | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | AlertNetworksDistribuations | Network | USER-DEFINED |
| siemplify_search_everything_db | AlertNetworksDistribuations | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | AlertOntologyFamilies | CaseId | bigint |
| siemplify_search_everything_db | AlertOntologyFamilies | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | AlertOntologyFamilies | VisualFamily | USER-DEFINED |
| siemplify_search_everything_db | AlertOntologyFamilies | TenantId | uuid |
| siemplify_search_everything_db | AlertOntologyFamilies | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | AlertProductsDistribuations | Id | bigint |
| siemplify_search_everything_db | AlertProductsDistribuations | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertProductsDistribuations | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertProductsDistribuations | CaseId | bigint |
| siemplify_search_everything_db | AlertProductsDistribuations | Environment | USER-DEFINED |
| siemplify_search_everything_db | AlertProductsDistribuations | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | AlertProductsDistribuations | Product | USER-DEFINED |
| siemplify_search_everything_db | AlertProductsDistribuations | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | AlertTagsDistribuations | Id | bigint |
| siemplify_search_everything_db | AlertTagsDistribuations | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertTagsDistribuations | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertTagsDistribuations | CaseId | bigint |
| siemplify_search_everything_db | AlertTagsDistribuations | Environment | USER-DEFINED |
| siemplify_search_everything_db | AlertTagsDistribuations | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | AlertTagsDistribuations | Tag | USER-DEFINED |
| siemplify_search_everything_db | AlertTagsDistribuations | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | AlertUsersDistribuations | Id | bigint |
| siemplify_search_everything_db | AlertUsersDistribuations | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertUsersDistribuations | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertUsersDistribuations | CaseId | bigint |
| siemplify_search_everything_db | AlertUsersDistribuations | Environment | USER-DEFINED |
| siemplify_search_everything_db | AlertUsersDistribuations | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | AlertUsersDistribuations | User | USER-DEFINED |
| siemplify_search_everything_db | AlertUsersDistribuations | IsSuspicous | boolean |
| siemplify_search_everything_db | AlertUsersDistribuations | IsInternal | boolean |
| siemplify_search_everything_db | AlertUsersDistribuations | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | AlertsDistribuations | Id | bigint |
| siemplify_search_everything_db | AlertsDistribuations | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertsDistribuations | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | AlertsDistribuations | CaseId | bigint |
| siemplify_search_everything_db | AlertsDistribuations | Environment | USER-DEFINED |
| siemplify_search_everything_db | AlertsDistribuations | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | AlertsDistribuations | TenantId | uuid |
| Database | Table Name | Column Name | Data Type | Notes |
|---|---|---|---|---|
| siemplify_search_everything_db | CaseAssignActivities | Id | bigint | |
| siemplify_search_everything_db | CaseAssignActivities | CreationTimeUnixTimeInMs | bigint | |
| siemplify_search_everything_db | CaseAssignActivities | ModificationTimeUnixTimeInMs | bigint | |
| siemplify_search_everything_db | CaseAssignActivities | CaseId | bigint | |
| siemplify_search_everything_db | CaseAssignActivities | UserName | USER-DEFINED | This is a GUID generated by the system. Join with MetadataUserProfiles to fetch user friendly info |
| siemplify_search_everything_db | CaseAssignActivities | SocRoleId | bigint | |
| siemplify_search_everything_db | CaseAssignActivities | TenantId | uuid | |
| siemplify_search_everything_db | CaseAssignActivities | SocRoleIds | ARRAY |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | CaseMergeHistories | Id | bigint |
| siemplify_search_everything_db | CaseMergeHistories | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CaseMergeHistories | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CaseMergeHistories | MergedToCaseId | bigint |
| siemplify_search_everything_db | CaseMergeHistories | MergedFromCaseId | bigint |
| siemplify_search_everything_db | CaseMergeHistories | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | CaseRecommendationRecords | CaseId | bigint |
| siemplify_search_everything_db | CaseRecommendationRecords | SimilarCaseId | bigint |
| siemplify_search_everything_db | CaseRecommendationRecords | Id | bigint |
| siemplify_search_everything_db | CaseRecommendationRecords | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CaseRecommendationRecords | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CaseRecommendationRecords | ScorePrecent | integer |
| siemplify_search_everything_db | CaseRecommendationRecords | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | CaseSearchFiltersValues | Type | integer |
| siemplify_search_everything_db | CaseSearchFiltersValues | Value | USER-DEFINED |
| siemplify_search_everything_db | CaseSearchFiltersValues | Environment | USER-DEFINED |
| siemplify_search_everything_db | CaseSearchFiltersValues | ForMigration | boolean |
| siemplify_search_everything_db | CaseSearchFiltersValues | UsageFrequency | bigint |
| siemplify_search_everything_db | CaseSearchFiltersValues | TenantId | uuid |
| siemplify_search_everything_db | CaseSearchFiltersValues | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | CaseStageEntries | CaseId | bigint |
| siemplify_search_everything_db | CaseStageEntries | StageEntryUnixTimeMs | bigint |
| siemplify_search_everything_db | CaseStageEntries | TenantId | uuid |
| siemplify_search_everything_db | CaseStageEntries | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CaseStageEntries | Stage | USER-DEFINED |
| siemplify_search_everything_db | CaseStageEntries | Comment | USER-DEFINED |
| siemplify_search_everything_db | CaseStageEntries | Type | text |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | CustomFieldValues | Scope | character varying |
| siemplify_search_everything_db | CustomFieldValues | CustomFieldId | bigint |
| siemplify_search_everything_db | CustomFieldValues | Identifier | bigint |
| siemplify_search_everything_db | CustomFieldValues | ValuesList | jsonb |
| siemplify_search_everything_db | CustomFieldValues | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CustomFieldValues | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CustomFieldValues | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | CustomFields | Id | bigint |
| siemplify_search_everything_db | CustomFields | DisplayName | USER-DEFINED |
| siemplify_search_everything_db | CustomFields | Description | USER-DEFINED |
| siemplify_search_everything_db | CustomFields | Type | character varying |
| siemplify_search_everything_db | CustomFields | Options | jsonb |
| siemplify_search_everything_db | CustomFields | Scopes | integer |
| siemplify_search_everything_db | CustomFields | IsDeleted | boolean |
| siemplify_search_everything_db | CustomFields | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CustomFields | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | CustomFields | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardAlertCategoryOutcomes | Id | bigint |
| siemplify_search_everything_db | DashboardAlertCategoryOutcomes | CaseId | bigint |
| siemplify_search_everything_db | DashboardAlertCategoryOutcomes | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertCategoryOutcomes | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertCategoryOutcomes | CategoryOutcome | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertCategoryOutcomes | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertCategoryOutcomes | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardAlertEntities | Id | bigint |
| siemplify_search_everything_db | DashboardAlertEntities | CaseId | bigint |
| siemplify_search_everything_db | DashboardAlertEntities | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertEntities | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertEntities | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertEntities | EntityIdentifier | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertEntities | EntityType | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertEntities | EntityEnvironment | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertEntities | TenantId | uuid |
| siemplify_search_everything_db | DashboardAlertEntities | IsSuspicious | boolean |
| siemplify_search_everything_db | DashboardAlertEntities | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardAlertNetworks | Id | bigint |
| siemplify_search_everything_db | DashboardAlertNetworks | CaseId | bigint |
| siemplify_search_everything_db | DashboardAlertNetworks | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertNetworks | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertNetworks | Network | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertNetworks | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertNetworks | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardAlertPlaybooks | Id | bigint |
| siemplify_search_everything_db | DashboardAlertPlaybooks | CaseId | bigint |
| siemplify_search_everything_db | DashboardAlertPlaybooks | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertPlaybooks | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertPlaybooks | PlaybookName | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertPlaybooks | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertPlaybooks | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardAlertPorts | Id | bigint |
| siemplify_search_everything_db | DashboardAlertPorts | CaseId | bigint |
| siemplify_search_everything_db | DashboardAlertPorts | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertPorts | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertPorts | Port | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertPorts | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertPorts | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardAlertProducts | Id | bigint |
| siemplify_search_everything_db | DashboardAlertProducts | CaseId | bigint |
| siemplify_search_everything_db | DashboardAlertProducts | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertProducts | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertProducts | Product | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlertProducts | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlertProducts | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardAlerts | Id | bigint |
| siemplify_search_everything_db | DashboardAlerts | CaseId | bigint |
| siemplify_search_everything_db | DashboardAlerts | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlerts | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlerts | RuleName | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlerts | Environment | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlerts | ActionType | integer |
| siemplify_search_everything_db | DashboardAlerts | HasPlaybook | boolean |
| siemplify_search_everything_db | DashboardAlerts | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlerts | Status | integer |
| siemplify_search_everything_db | DashboardAlerts | TenantId | uuid |
| siemplify_search_everything_db | DashboardAlerts | Vendor | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlerts | Product | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlerts | OriginalAlertCreationTime | bigint |
| siemplify_search_everything_db | DashboardAlerts | OriginalAlertStartTime | bigint |
| siemplify_search_everything_db | DashboardAlerts | OriginalAlertEndTime | bigint |
| siemplify_search_everything_db | DashboardAlerts | CloseReason | integer |
| siemplify_search_everything_db | DashboardAlerts | LastCloseComment | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlerts | LastCloseRootCause | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlerts | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardAlerts | Priority | USER-DEFINED |
| siemplify_search_everything_db | DashboardAlerts | SourceSystemName | USER-DEFINED |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardCaseTags | CaseId | bigint |
| siemplify_search_everything_db | DashboardCaseTags | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardCaseTags | Tag | USER-DEFINED |
| siemplify_search_everything_db | DashboardCaseTags | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardCaseTags | TenantId | uuid |
| siemplify_search_everything_db | DashboardCaseTags | IsDeleted | boolean |
| siemplify_search_everything_db | DashboardCaseTags | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardCaseTasks | CaseId | bigint |
| siemplify_search_everything_db | DashboardCaseTasks | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardCaseTasks | Creator | USER-DEFINED |
| siemplify_search_everything_db | DashboardCaseTasks | Owner | USER-DEFINED |
| siemplify_search_everything_db | DashboardCaseTasks | TaskId | bigint |
| siemplify_search_everything_db | DashboardCaseTasks | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardCaseTasks | Status | integer |
| siemplify_search_everything_db | DashboardCaseTasks | CasePriority | integer |
| siemplify_search_everything_db | DashboardCaseTasks | DueDateInUnixtimeMs | bigint |
| siemplify_search_everything_db | DashboardCaseTasks | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardCases | CaseId | bigint |
| siemplify_search_everything_db | DashboardCases | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardCases | Analyst | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | Environment | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | IsImportant | boolean |
| siemplify_search_everything_db | DashboardCases | Status | integer |
| siemplify_search_everything_db | DashboardCases | RootCause | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | CasePriority | integer |
| siemplify_search_everything_db | DashboardCases | CaseStage | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | HandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardCases | CaseCloseReason | integer |
| siemplify_search_everything_db | DashboardCases | SlaExpirationUnixTime | bigint |
| siemplify_search_everything_db | DashboardCases | IsIncident | boolean |
| siemplify_search_everything_db | DashboardCases | SlaHandlingTimeInMs | bigint |
| siemplify_search_everything_db | DashboardCases | ClosedCaseSlaStatusEnum | integer |
| siemplify_search_everything_db | DashboardCases | SocRoleId | bigint |
| siemplify_search_everything_db | DashboardCases | Title | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | Touched | boolean |
| siemplify_search_everything_db | DashboardCases | CaseClosedActionType | integer |
| siemplify_search_everything_db | DashboardCases | TenantId | uuid |
| siemplify_search_everything_db | DashboardCases | Source | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | LastModifyingUser | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | ExternalCaseId | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | IsOverflowCase | boolean |
| siemplify_search_everything_db | DashboardCases | Type | integer |
| siemplify_search_everything_db | DashboardCases | Description | USER-DEFINED |
| siemplify_search_everything_db | DashboardCases | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardCases | SocRoleIds | ARRAY |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | DashboardStageTransitions | Id | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | CaseId | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | PreviousStage | USER-DEFINED |
| siemplify_search_everything_db | DashboardStageTransitions | NewStage | USER-DEFINED |
| siemplify_search_everything_db | DashboardStageTransitions | PreviousStageDurationMs | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | StartTimeInMs | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | EndTimeInMs | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | StageSlaCriticalExpirationUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | StageSlaExpirationUnixTimeInMs | bigint |
| siemplify_search_everything_db | DashboardStageTransitions | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | EntitySearchFiltersValues | Type | integer |
| siemplify_search_everything_db | EntitySearchFiltersValues | Value | USER-DEFINED |
| siemplify_search_everything_db | EntitySearchFiltersValues | Environment | USER-DEFINED |
| siemplify_search_everything_db | EntitySearchFiltersValues | ForMigration | boolean |
| siemplify_search_everything_db | EntitySearchFiltersValues | UsageFrequency | bigint |
| siemplify_search_everything_db | EntitySearchFiltersValues | TenantId | uuid |
| siemplify_search_everything_db | EntitySearchFiltersValues | CreationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type | Notes |
|---|---|---|---|---|
| siemplify_search_everything_db | EnvironmentFilterExclusion | Username | text | This is a GUID generated by the system. Join with MetadataUserProfiles to fetch user friendly info |
| siemplify_search_everything_db | EnvironmentFilterExclusion | CaseId | bigint | |
| siemplify_search_everything_db | EnvironmentFilterExclusion | Source | integer | |
| siemplify_search_everything_db | EnvironmentFilterExclusion | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | InvolvedEntityRelations | Id | bigint |
| siemplify_search_everything_db | InvolvedEntityRelations | Identifier | USER-DEFINED |
| siemplify_search_everything_db | InvolvedEntityRelations | FromIdentifier | text |
| siemplify_search_everything_db | InvolvedEntityRelations | FromType | text |
| siemplify_search_everything_db | InvolvedEntityRelations | ToIdentifier | text |
| siemplify_search_everything_db | InvolvedEntityRelations | ToType | text |
| siemplify_search_everything_db | InvolvedEntityRelations | IsSecondaryLink | boolean |
| siemplify_search_everything_db | InvolvedEntityRelations | CaseId | bigint |
| siemplify_search_everything_db | InvolvedEntityRelations | EndTime | bigint |
| siemplify_search_everything_db | InvolvedEntityRelations | StartTime | bigint |
| siemplify_search_everything_db | InvolvedEntityRelations | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | InvolvedEntityRelations | Environment | USER-DEFINED |
| siemplify_search_everything_db | InvolvedEntityRelations | DeviceProduct | USER-DEFINED |
| siemplify_search_everything_db | InvolvedEntityRelations | CategoryOutcome | USER-DEFINED |
| siemplify_search_everything_db | InvolvedEntityRelations | DestinationPort | USER-DEFINED |
| siemplify_search_everything_db | InvolvedEntityRelations | RelationType | USER-DEFINED |
| siemplify_search_everything_db | InvolvedEntityRelations | TenantId | uuid |
| siemplify_search_everything_db | InvolvedEntityRelations | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | InvolvedEntityRelations | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | MetadataCaseStages | Id | bigint |
| siemplify_search_everything_db | MetadataCaseStages | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataCaseStages | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataCaseStages | Name | text |
| siemplify_search_everything_db | MetadataCaseStages | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | Id | bigint |
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | Name | USER-DEFINED |
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | Type | integer |
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | DefaultValue | USER-DEFINED |
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | OptionalValuesJson | USER-DEFINED |
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | IsDeleted | boolean |
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | TenantId | uuid |
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataEnvironmentDynamicParameters | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | MetadataOperatingEnvironmentDynamicParameters | EnvironmentId | bigint |
| siemplify_search_everything_db | MetadataOperatingEnvironmentDynamicParameters | DynamicParameterId | bigint |
| siemplify_search_everything_db | MetadataOperatingEnvironmentDynamicParameters | Value | USER-DEFINED |
| siemplify_search_everything_db | MetadataOperatingEnvironmentDynamicParameters | IsDeleted | boolean |
| siemplify_search_everything_db | MetadataOperatingEnvironmentDynamicParameters | TenantId | uuid |
| siemplify_search_everything_db | MetadataOperatingEnvironmentDynamicParameters | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | MetadataOperatingEnvironments | Id | bigint |
| siemplify_search_everything_db | MetadataOperatingEnvironments | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataOperatingEnvironments | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataOperatingEnvironments | Name | USER-DEFINED |
| siemplify_search_everything_db | MetadataOperatingEnvironments | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | MetadataSocRoles | Id | bigint |
| siemplify_search_everything_db | MetadataSocRoles | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataSocRoles | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataSocRoles | Name | text |
| siemplify_search_everything_db | MetadataSocRoles | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | MetadataUserProfiles | Id | bigint |
| siemplify_search_everything_db | MetadataUserProfiles | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataUserProfiles | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | MetadataUserProfiles | FirstName | USER-DEFINED |
| siemplify_search_everything_db | MetadataUserProfiles | LastName | USER-DEFINED |
| siemplify_search_everything_db | MetadataUserProfiles | USER-DEFINED | |
| siemplify_search_everything_db | MetadataUserProfiles | UserName | USER-DEFINED |
| siemplify_search_everything_db | MetadataUserProfiles | IsDisabled | boolean |
| siemplify_search_everything_db | MetadataUserProfiles | EnvironmentsJson | USER-DEFINED |
| siemplify_search_everything_db | MetadataUserProfiles | SocRoleId | integer |
| siemplify_search_everything_db | MetadataUserProfiles | TenantId | uuid |
| siemplify_search_everything_db | MetadataUserProfiles | LastLoginTime | bigint |
| siemplify_search_everything_db | MetadataUserProfiles | SocRoleIds | ARRAY |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | SystemActionResults | Id | bigint |
| siemplify_search_everything_db | SystemActionResults | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemActionResults | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemActionResults | CaseId | bigint |
| siemplify_search_everything_db | SystemActionResults | ResultValue | text |
| siemplify_search_everything_db | SystemActionResults | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | SystemAlertSlas | Id | bigint |
| siemplify_search_everything_db | SystemAlertSlas | AlertGroupIdentifier | USER-DEFINED |
| siemplify_search_everything_db | SystemAlertSlas | SlaCalculationType | integer |
| siemplify_search_everything_db | SystemAlertSlas | SlaStatus | integer |
| siemplify_search_everything_db | SystemAlertSlas | SlaExpirationUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemAlertSlas | SlaCriticalExpirationUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemAlertSlas | Value | USER-DEFINED |
| siemplify_search_everything_db | SystemAlertSlas | SlaTimeInMs | bigint |
| siemplify_search_everything_db | SystemAlertSlas | SlaCriticalTimeInMs | bigint |
| siemplify_search_everything_db | SystemAlertSlas | ElapsedTimeInMs | bigint |
| siemplify_search_everything_db | SystemAlertSlas | TenantId | uuid |
| siemplify_search_everything_db | SystemAlertSlas | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemAlertSlas | ModificationTimeUnixTimeInMs | bigint |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | SystemCaseSlas | Id | bigint |
| siemplify_search_everything_db | SystemCaseSlas | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemCaseSlas | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemCaseSlas | CaseId | bigint |
| siemplify_search_everything_db | SystemCaseSlas | CaseSlaType | integer |
| siemplify_search_everything_db | SystemCaseSlas | CaseSlaStatus | integer |
| siemplify_search_everything_db | SystemCaseSlas | Value | USER-DEFINED |
| siemplify_search_everything_db | SystemCaseSlas | SlaTimeInMs | bigint |
| siemplify_search_everything_db | SystemCaseSlas | SlaCriticalTimeInMs | bigint |
| siemplify_search_everything_db | SystemCaseSlas | ElapsedTimeInMs | bigint |
| siemplify_search_everything_db | SystemCaseSlas | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | SystemInvolvedThreatIndicators | Id | bigint |
| siemplify_search_everything_db | SystemInvolvedThreatIndicators | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemInvolvedThreatIndicators | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | SystemInvolvedThreatIndicators | CaseId | bigint |
| siemplify_search_everything_db | SystemInvolvedThreatIndicators | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | WorkflowIndexRecords | Id | bigint |
| siemplify_search_everything_db | WorkflowIndexRecords | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | WorkflowIndexRecords | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | WorkflowIndexRecords | CaseId | bigint |
| siemplify_search_everything_db | WorkflowIndexRecords | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | WorkflowIndexRecords | StartTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | WorkflowIndexRecords | EndTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | WorkflowIndexRecords | Status | text |
| siemplify_search_everything_db | WorkflowIndexRecords | WorkflowInstanceId | bigint |
| siemplify_search_everything_db | WorkflowIndexRecords | WorkflowDefinitionIdentifier | uuid |
| siemplify_search_everything_db | WorkflowIndexRecords | OriginalWorkflowIdentifier | uuid |
| siemplify_search_everything_db | WorkflowIndexRecords | Environment | USER-DEFINED |
| siemplify_search_everything_db | WorkflowIndexRecords | PlaybookType | text |
| siemplify_search_everything_db | WorkflowIndexRecords | Failed | boolean |
| siemplify_search_everything_db | WorkflowIndexRecords | WorkflowName | USER-DEFINED |
| siemplify_search_everything_db | WorkflowIndexRecords | BlockStepId | uuid |
| siemplify_search_everything_db | WorkflowIndexRecords | TenantId | uuid |
| Database | Table Name | Column Name | Data Type |
|---|---|---|---|
| siemplify_search_everything_db | WorkflowStepIndexRecords | Id | bigint |
| siemplify_search_everything_db | WorkflowStepIndexRecords | CreationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | WorkflowStepIndexRecords | ModificationTimeUnixTimeInMs | bigint |
| siemplify_search_everything_db | WorkflowStepIndexRecords | CaseId | bigint |
| siemplify_search_everything_db | WorkflowStepIndexRecords | AlertIdentifier | USER-DEFINED |
| siemplify_search_everything_db | WorkflowStepIndexRecords | WorkflowInstanceId | bigint |
| siemplify_search_everything_db | WorkflowStepIndexRecords | WorkflowDefinitionIdentifier | uuid |
| siemplify_search_everything_db | WorkflowStepIndexRecords | OriginalWorkflowIdentifier | uuid |
| siemplify_search_everything_db | WorkflowStepIndexRecords | WorkflowStepIdentifier | uuid |
| siemplify_search_everything_db | WorkflowStepIndexRecords | StepInstanceName | USER-DEFINED |
| siemplify_search_everything_db | WorkflowStepIndexRecords | StepActionName | USER-DEFINED |
| siemplify_search_everything_db | WorkflowStepIndexRecords | StepIntegration | USER-DEFINED |
| siemplify_search_everything_db | WorkflowStepIndexRecords | Environment | USER-DEFINED |
| siemplify_search_everything_db | WorkflowStepIndexRecords | Status | text |
| siemplify_search_everything_db | WorkflowStepIndexRecords | ResultMessage | USER-DEFINED |
| siemplify_search_everything_db | WorkflowStepIndexRecords | ResultValue | USER-DEFINED |
| siemplify_search_everything_db | WorkflowStepIndexRecords | IsAutomatic | boolean |
| siemplify_search_everything_db | WorkflowStepIndexRecords | OriginalWorkflowStepIdentifier | uuid |
| siemplify_search_everything_db | WorkflowStepIndexRecords | BlockStepId | uuid |
| siemplify_search_everything_db | WorkflowStepIndexRecords | NestedWorkflowInstanceId | bigint |
| siemplify_search_everything_db | WorkflowStepIndexRecords | Invalidated | boolean |
| siemplify_search_everything_db | WorkflowStepIndexRecords | ActionResultId | bigint |
| siemplify_search_everything_db | WorkflowStepIndexRecords | TenantId | uuid |
Need more help? Get answers from Community members and Google SecOps professionals.