In the Information Centric Analytics (ICA) database RiskFabric, the table LDW_DIMIncidentsToIPDestinations contains fewer Data In Motion (DIM) incident-to-IP address associations than expected. Is there an alternative way to map DIM incidents to parent or top level domains (TLDs)?

Version : 6.x

Component : Symantec DLP Integration Pack

The T-SQL query provided in the following procedure will associate TLDs with DIM incidents and return a count of incidents-to-TLDs:

1. Open SQL Server Management Studio (SSMS)
2. Connect to the Database Engine hosting the RiskFabric database
3. From the menu bar, select File > New > Query with Current Connection
   A new query editor window will open
4. Copy the following query and paste it in the new query editor window:

   USE RiskFabric;
   GO
   SELECT     e.StatusName,
              d.TopLevelDomain,
              COUNT(*) AS INCIDENT_COUNT
   FROM       dbo.LDW_DIMIncidents AS di WITH (NOLOCK)
   INNER JOIN dbo.LDW_DIMIncidentStatuses AS e
           ON di.StatusID = e.StatusID
   LEFT JOIN  dbo.LDW_DIMIncidentsToNetworkEndpointDestinations AS i2ned WITH (NOLOCK)
           ON di.DIMIncidentID = i2ned.DIMIncidentID
   LEFT JOIN  dbo.LDW_NetworkEndpoints AS ne
           ON i2ned.NetworkEndpointID = ne.NetworkEndpointID
   LEFT JOIN  dbo.LDW_Domains AS d
           ON ne.DomainID = d.DomainID
   GROUP BY   e.StatusName,
              d.TopLevelDomain
   ORDER BY   1,2;

5. Execute the query by pressing the F5 key, clicking the Execute button in the SQL Editor toolbar, or selecting Query > Execute from the menu bar