Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
5-9
FireSIGHT System Database Access Guide
Chapter 5 Schema: Statistics Tracking Tables
ids_impact_stats_current_timeframe
geolocation_stats_current_timeframe Joins
You cannot perform joins on the
geolocation_stats_current_
timeframe
tables.
geolocation_stats_current_timeframe Sample Query
The following query returns source country and sensor name for the first 25 connection events from Asia
during the current day.
during the current day.
SELECT sensor_name, source_continent
FROM geolocation_stats_current_year
WHERE destination_continent='as'
LIMIT 20;
ids_impact_stats_current_timeframe
The
ids_impact_stats_
timeframe
tables contain statistics regarding intrusion events based on impact
levels. Statistics can be extracted based on impact level, device, and how the packets are handled.
For an understanding of the
current_day
,
current_month
, and
current_year
statistics tables, see
.
For more information on the
ids_impact_stats_current_
timeframe
tables, see the following sections:
•
•
•
ids_impact_stats_current_timeframe Fields
The following table describes the fields you can access in the
ids_impact_stats_current_
timeframe
tables. All tables of this type contain the same fields.
Table 5-8
ids_impact_stats_current_timeframe Fields
Field
Description
blocked
Number of connections blocked due to violation of an intrusion policy.
impact_level_1
The number of impact level 1 (vulnerable) intrusion events recorded for the
application.
application.
impact_level_2
The number of impact level 2 (potentially vulnerable) intrusion events.
impact_level_3
The number of impact level 3 (host currently not vulnerable) intrusion
events.
events.
impact_level_4
The number of impact level 4 (unknown target) intrusion events.
impact_level_5
The number of impact level 5 (unknown vulnerability) intrusion events.
sensor_address
The IP address of the managed device that generated the event. Format is
ipv4_address,ipv6_address
.