Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

user_ids_stats_current_timeframe Joins

You cannot perform joins on the 

 tables.

user_ids_stats_current_timeframe Sample Query

The following query returns up to 25 user records from the 

table. Each 

record contains the number of blocked connections and intrusion events for the selected 

username

.

SELECT username, start_time_sec, blocked, impact_level_1, impact_level_2, 

impact_level_3, impact_level_4, impact_level_5 FROM user_ids_stats_current_year 

WHERE username="username" 

LIMIT 0, 25;

impact_level_4

The number of impact level 4 (unknown target) intrusion events recorded for the 
user.

impact_level_5

The number of impact level 5 (unknown vulnerability) intrusion events recorded for 
the user.

sensor_address

The IP address of the managed device that monitored the traffic. Format is 

.

sensor_id

The internal identification number of the managed device that detected the traffic.

sensor_name

The name of the managed device that detected the traffic.

sensor_uuid

A unique identifier for the managed device, or 

0

 if 

sensor_name

 is 

null

.

start_time_sec

The UNIX timestamp of the start of the measurement interval. For information on 
specifying the start time, see 

.

user_id

An internal identification number for the user who last logged into the host.

username

The user name of the user who last logged into the host.

would_have_dropped

Number of packets that would have been dropped if the intrusion policy had been 
configured to drop packets in an inline deployment.