Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

The following table describes the database fields you can access in the 

 table.

You cannot perform joins on the 

 table.

The following query returns up to 25 records with white list violation information such as the host IP 
address violating the white list, the violated white list name, and the count of violations.

SELECT host_id, white_list_name, count(*) 

FROM white_list_violation 

GROUP BY white_list_name, host_id 

ORDER BY white_list_name 

DESC LIMIT 0, 25;

host_id

ID number of the host in violation of the white list.

info

Any available vendor, product, or version information associated with the white list violation.

For protocols that violate a white list, the field also indicates whether the violation is due to a 
network or transport protocol.

ip_address

Field deprecated in Version 5.2. Returns 

null

 for all queries.

port

The port, if any, associated with the event that triggered a service white list violation (that is, 
when a violation occurs as a result of a non-compliant service). For other types of white list 
violations, the field is blank.

protocol_name

The protocol associated with the event.

type

The type of white list violation, indicating whether the violation occurred due to a 
non-compliant:

operating system (

os

)

service (

service

)

client application (

client app

)

protocol (

protocol

)

violation_time_sec

The UNIX timestamp of the date and time the violation was logged.

white_list_name

The white list that was violated.

white_list_uuid

A unique identifier for the white list.