Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
C H A P T E R
9-1
FireSIGHT System Database Access Guide
9
Schema: Correlation Tables
This chapter contains information on the schema and supported joins for correlation-related events,
including remediation status and white list events. For more information, see the sections listed in the
following table.
including remediation status and white list events. For more information, see the sections listed in the
following table.
compliance_event
The
compliance_event
table contains information about the correlation events that your Defense Center
generates.
For more information, see the following sections:
•
•
•
Table 9-1
Schema for Correlation Tables
See...
For the table that stores information on...
Version
correlation events, which are generated when a
correlation rule within an active correlation policy
triggers.
correlation rule within an active correlation policy
triggers.
4.10.x+
remediation status events, which are generated when an
active correlation policy triggers a remediation as a
response.
active correlation policy triggers a remediation as a
response.
4.10.x+
white list events, which are generated when the system
detects a host out of compliance with a white list in an
active white list compliance policy.
detects a host out of compliance with a white list in an
active white list compliance policy.
4.10.x+
white list violations, which track the ways that the hosts
on your network violate the compliance white lists in
active compliance policies.
on your network violate the compliance white lists in
active compliance policies.
4.10.x+