About the ITM On-Prem (ObserveIT) Databases

ITM On-Prem (ObserveIT) Database Structure

During installation, the ITM On-Prem (ObserveIT) Database Server creates the following databases on the SQL Server:

By default, ITM On-Prem (ObserveIT) utilizes the following databases, which are created during installation:

• ObserveIT: Stores all the configuration data and all the user activity metadata captured by the ITM on-Prem (ObserveIT)s.

• ObserveIT_Analytics: Stores the data that is displayed in the Insider Threat Intelligence dashboard. This includes alerts statistics and users' score data over time, aggregated by users, applications and alert types. It also stores user profile information, such as, job title, photo, department, region, email address, and so on.

• ObserveIT_Data: Stores all the ITM On-Prem (ObserveIT) screenshot images captured by the ITM on-Prem (ObserveIT) Agents (by default). Screenshot images can also be stored in the file-system (for example, for large deployments).

• ObserveIT_Archive_1: The archive storage database stores both the archived user activity metadata and screenshot images (unless file-system storage is configured). If the archive database size reaches its maximum allocated storage, you can create a new archive database (ObserveIT_Archive_2, and so on.)

• ObserveIT_Archive_template: Template that is used for backup and restore when creating a new archive database.

For details about how to determine storage and sizing requirements, see Hardware Sizing Guidelines.