Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
5-4
FireSIGHT System Database Access Guide
Chapter 5 Schema: Statistics Tracking Tables
app_ids_stats_current_timeframe
app_ids_stats_current_timeframe
The
app_ids_stats_current_
timeframe
tables contain statistics about application activity and intrusion
events on your monitored network. Statistics can be extracted per detected application, per application
type (application protocol, client application, or web application), and also per risk and business
relevance of the application. The tables also track blocked connections due to intrusion policy violations
and the estimated potential impact of an intrusion.
type (application protocol, client application, or web application), and also per risk and business
relevance of the application. The tables also track blocked connections due to intrusion policy violations
and the estimated potential impact of an intrusion.
For an understanding of the
current_day
,
current_month
, and
current_year
statistics tables, see
.
For more information on the
app_ids_stats_current_
timeframe
tables, see the following sections:
•
•
•
app_ids_stats_current_timeframe Fields
The following table describes the fields you can access in the
app_ids_stats_current_
timeframe
tables.
All tables of this type contain the same fields.
Table 5-3
app_ids_stats_current_timeframe Fields
Field
Description
application_id
The internal identification number for the application.
application_name
The application name that appears in the user interface.
blocked
Number of connections blocked due to violation of an intrusion policy.
business_relevance
An index (from
1
to
5
) of the application’s relevance to business
productivity where
1
is very low and
5
is very high.
business_relevance_description
A description of business relevance (
very low
,
low
,
medium
,
high
,
very
high
).
impact_level_1
The number of impact level 1 (vulnerable) intrusion events recorded for the
application.
application.
impact_level_2
The number of impact level 2 (potentially vulnerable) intrusion events.
impact_level_3
The number of impact level 3 (host currently not vulnerable) intrusion
events.
events.
impact_level_4
The number of impact level 4 (unknown target) intrusion events.
impact_level_5
The number of impact level 5 (unknown vulnerability) intrusion events.
is_client_application
A true-false flag that indicates if the detected application is a client
application.
application.
is_server_application
A true-false flag that indicates if the detected application is an application
protocol.
protocol.
is_web_application
A true-false flag that indicates if the detected application is a web
application.
application.
risk
An index (from
1
to
5
) of the application’s estimated risk where
1
is very
low risk and
5
is critical risk.