Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

4-8

FireSIGHT System Database Access Guide

Chapter 4 Schema: Intrusion Tables

rule_message

intrusion_event_packet Joins

You cannot perform joins on the

intrusion_event_packet

table.

intrusion_event_packet Sample Query

The following query returns the packet information for all packets matching the selected event id.

SELECT event_id, packet_time_sec, sensor_address, packet_data

FROM intrusion_event_packet

WHERE event_id="1";

rule_message

The

rule_message

table is a master list of the rule messages for intrusion rules. Each rule message is

accompanied by its identifying information.

For more information, see the following sections:

•

rule_message Fields, page 4-8

•

rule_message Joins, page 4-8

•

rule_message Sample Query, page 4-9

rule_message Fields

The following table describes the database fields you can access in the

rule_message

table.

rule_message Joins

You cannot perform joins on the

rule_message

table.

Table 4-5

rule_message Fields

Field

Description

generator_id

The GID of the component that triggers the rule.

message

The message associated with the rule that is triggered.

rev_uuid

A unique identifier for the rule revision.

revision

The revision number for the rule.

signature_id

The rule identification number as it is rendered in the appliance user interface.

uuid

A unique identifier for the rule.