Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
6-12
FireSIGHT System Database Access Guide
Chapter 6 Schema: Discovery Event and Network Map Tables
network_discovery_event
network_discovery_event Joins
The following table describes the joins you can perform using the
network_discovery_event
table.
network_discovery_event Sample Query
The following query returns discovery event records that include the user, detecting device name,
timestamp, host IP address, and so on within the specified times.
timestamp, host IP address, and so on within the specified times.
SELECT sensor_name, event_time_sec, event_time_usec, event_type, ipaddr, user_id,
hex(mac_address), mac_vendor, port, confidence FROM network_discovery_event
WHERE event_time_sec
BETWEEN UNIX_TIMESTAMP("2013-01-01 00:00:00") AND UNIX_TIMESTAMP("2013-01-01 23:59:59")
ORDER BY event_time_sec DESC, event_time_usec DESC;
sensor_name
The managed device that generated the discovery event.
sensor_uuid
A unique identifier for the managed device, or
0
if
sensor_name
is
null
.
user_dept
The department of the user who last logged into the host.
user_email
The email address of the user who last logged into the host.
user_first_name
The first name of the user who last logged into the host.
user_id
The internal identification number for the user who last logged into the host.
user_last_name
The last name of the user who last logged into the host.
user_last_seen_sec
The UNIX timestamp of the date and time the FireSIGHT System last detected user
activity for the user who last logged into the host.
activity for the user who last logged into the host.
user_last_updated_sec
The UNIX timestamp of the date and time the FireSIGHT System last updated the user
record for the user who last logged into the host.
record for the user who last logged into the host.
user_name
The user name of the user who last logged into the host.
user_phone
The phone number of the user who last logged into the host.
Table 6-8
network_discovery_event Fields (continued)
Field
Description
Table 6-9
network_discovery_event Joins
You can join this table on...
And...
ipaddr