Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The following table describes the joins you can perform using the 

 table.

The following query returns up to 25 connection event records from the 

 table, sorted in 

descending order based on packet timestamps.

SELECT first_packet_sec, last_packet_sec, initiator_ipaddr, responder_ipaddr, 

security_zone_ingress_name, security_zone_egress_name, initiator_port, protocol_name, 

responder_port, application_protocol_id, client_application_id, web_application_id, url, 

url_category, url_reputation 

FROM connection_log

WHERE first_packet_sec <= UNIX_TIMESTAMP("2011-10-01 00:00:00") ORDER BY 

first_packet_sec 

DESC, last_packet_sec DESC LIMIT 0, 25;

The 

 table contains information on connection summaries or aggregated 

connections. The FireSIGHT System aggregates connections over five-minute intervals. To be 
aggregated, connections must:

have the same source and destination IP addresses

use the same protocol

use the same application

either be detected by the same managed device (for sessions detected by managed devices with 
FireSIGHT) or be exported by the same NetFlow-enabled device and processed by the same 
managed device

application_protocol_id

or

client_application_id

or

web_application_id

 

 

 

 

 

 

 

 

initiator_ipaddr

or

responder_ipaddr