The outlier/risk analysis of the engine is currently based on OOTB attributes such as DB User, Server IP or Database Name. Tha GI administrator should be able to customize on which attributes the algorithm should run.
i.e. in many deployments the DB User info captured by Guardium might not indicate the 'real user' behind the activity but just a technical account used by an application - the information of the 'real user' could be in other fields (such as DB2 client info in zOS) and the administrator should choose this other field for a proper analysis of the risk.
Do not place IBM confidential, company confidential, or personal information into any field.