Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco Firepower Management Center 2000
  5. Entwickleranleitung

Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Download
Seite von 180
 
8-3
FireSIGHT System Database Access Guide
 
Chapter 8      Schema: User Activity Tables
  user_discovery_event
user_discovery_event
The 
user_discovery_event
 table contains a record for each user discovery event.
Note that starting in Version 5.0, the FireSIGHT System records the detection of user activity at the 
managed device level, no longer by detection engine. The 
detection_engine_name
 and 
detection_engine_uuid
 fields in this table have been replaced by the 
sensor_name
 and 
sensor_uuid
 
fields respectively. Queries on these fields will return information about the managed device that 
generated the user discovery event.
For more information, see the following sections:
  •
  •
  •
user_discovery_event Fields
The following table describes the fields you can access in the 
user_discovery_event
 table.
Table 8-4
user_discovery_event Fields 
Field
Description
application_protocol_id
An internal identifier for the detected application protocol.
application_protocol_name
One of:
  •
the name of the application used in the connection: LDAP, POP3, and so on
  •
pending
 if the system cannot identify the application for one of several reasons
  •
blank if there is no application information in the connection
description
The user name when the discovery event type is either Delete User Identity, or User 
Identity Dropped. Otherwise, blank.
event_id
An internal identification number for the discovery event.
event_time_sec
The UNIX timestamp of the date and time of the discovery event.
event_type
The type of discovery event. For example, 
New User Identity
 or 
User Login
.
ip_address
Field deprecated in Version 5.2. Returns 
null
 for all queries.
ipaddr
A binary representation of the IP address of the host where the user activity was 
detected.
reported_by
The IPv4 address, IPv6 address, or NetBIOS name of the Active Directory server 
reporting a user login.
sensor_address
The IP address of the managed device that detected the user discovery event. Format 
is 
ipv4_address,ipv6_address
.
sensor_name
The text name of the managed device that detected the user discovery event.
sensor_uuid
A unique identifier for the managed device, or 
0
 if 
sensor_name
 is 
null
.
user_dept
The department of the user who last logged onto the host.
user_email
The email address of the user who last logged onto the host.
user_first_name
The first name of the user.