Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
8-4
FireSIGHT System Database Access Guide
Chapter 8 Schema: User Activity Tables
user_discovery_event
user_discovery_event Joins
The following table describes the joins you can perform on the
user_discovery_event
table.
user_discovery_event Sample Query
The following query returns up to 25 user event records generated by a selected managed device since a
particular date and time.
particular date and time.
SELECT event_time_sec, ipaddr, sensor_name, event_type, user_name, user_last_seen_sec,
user_last_updated_sec
FROM user_discovery_event
WHERE sensor_name = sensor_name
AND user_last_seen_sec >= UNIX_TIMESTAMP("2011-10-01 00:00:00") ORDER BY event_type ASC
LIMIT 0, 25;
user_id
The internal identification number of the user who last logged onto the host.
user_last_name
The last name of the user.
user_last_seen_sec
The UNIX timestamp of the date and time the system last reported a login for the
user.
user.
user_last_updated_sec
The UNIX timestamp of the date and time the user’s information was last updated.
user_name
The user name for the user who last logged onto the host.
user_phone
The phone number for the user who last logged onto the host.
Table 8-4
user_discovery_event Fields (continued)
Field
Description
Table 8-5
user_discovery_event Joins
You can join this table on...
And...
ipaddr
user_id