Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

DESCLIMIT 0, 25;

The following query lists intrusion events from the specified week. For each event it shows the 
associated intrusion policy violation and rule classification.

SELECT FROM_UNIXTIME(event_time_sec) AS event_time, event_id AS intrusion_event, 

AS policy, rule_classification AS classification

FROM intrusion_event

WHERE event_time_sec BETWEEN UNIX_TIMESTAMP(’2011-10-01 00:00:00’) AND

UNIX_TIMESTAMP(’2011-10-07 23:59:59’)

ORDER BY policy ASC;

The following query returns the basic information in the hosts network map for all MAC hosts (hosts 
without an IP address) detected on your network, along with the hardware vendor for each NIC:

SELECT HEX(mac_address), mac_vendor, host_type, FROM_UNIXTIME(last_seen_sec)

FROM rna_mac_host;

 

The following query maps IP addresses to MAC addresses:

SELECT HEX(ipaddr), HEX(mac_address), HEX(host_id)

FROM rna_host_ip_map LEFT JOIN rna_host_mac_map on

rna_host_ip_map.host_id=rna_host_mac_map.host_id;

The following query joins two related tables to give you a list of the servers detected on your network 
along with many of their attributes, similar to what you can see in a table view of servers on the Defense 
Center’s web interface:

SELECT FROM_UNIXTIME(s.last_used_sec), HEX(s.host_id), s.port, s.protocol, s.hits,

i.service_name, i.vendor, i.version, i.source_type, s.confidence

FROM  AS s

LEFT JOIN _info AS i ON (s.host_id = i.host_id AND s.port = i.port AND s.protocol =

i.protocol);

 

Note that this query left joins the tables on the set of 

host_id

, 

port

, and 

protocol

, as required by 

Database Access. See 

.

The following query joins two vulnerability-related tables to give you a list of valid server-related 
vulnerabilities detected for a particular host, along with whether each vulnerability is exploitable across 
a network:

SELECT h.rna_vuln_id, v.title, v.remote 

FROM rna_host_service_vulns AS h

LEFT JOIN rna_vuln AS v ON (h.rna_vuln_id = v.rna_vuln_id)