Cisco Cisco Firepower Management Center 4000 개발자 가이드
7-7
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
connection_log
src_device_ipaddr
Either:
•
A binary representation of the IP address of the NetFlow-enabled
device that exported the connection data
device that exported the connection data
•
0
, for connections detected by Cisco managed devices.
src_device_ipv4
•
Field deprecated in Version 5.2. Returns
null
for all queries.
tcp_flags
The TCP flags detected in the session.
url
The URL requested by the monitored host during the session, if available.
url_category
The category of the URL requested by the monitored host.
url_reputation
The reputation of the URL requested by the monitored host. One of the
following:
following:
•
1
- High risk
•
2
- Suspicious sites
•
3
- Benign sites with security risks
•
4
- Benign sites
•
5
- Well known
web_application_id
An internal identification number for the web application.
web_application_name
One of:
•
the name of the application, if a positive identification can be made.
•
web browsing
if the system detects an application protocol of HTTP but
cannot identify a specific web application.
•
blank if the connection has no HTTP traffic.
Table 7-2
connection_log Fields (continued)
Field
Description