Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

2-18

FireSIGHT System Database Access Guide

Chapter 2 Setting Up Database Access

Sample Queries

WHERE h.ip_address = INET_ATON('10.10.10.4')

AND h.invalid = 0;

Note that this query left joins the tables on

rna_vuln_id

, as required by

rna_host_service_vulns,

page 6-47

and

rna_vuln Joins, page 6-57

Operating System Summary

The following query duplicates the Summary of OS Names page in the Operating System Summary
workflow. If you have not changed the default workflow in your user preferences, this is the first page
you see when you select

Analysis > Hosts

on the Defense Center web interface, then select

Hosts

SELECT vendor, product, count(*) AS total

FROM rna_host_os

GROUP BY vendor, product

ORDER BY total DESC;

Operating System Vulnerabilities for a Host

The following query joins two vulnerability-related tables to give you a list of valid operating
system-related vulnerabilities detected for a particular host, along with whether each vulnerability is
exploitable across a network:

SELECT h.rna_vuln_id, v.title, v.remote

FROM rna_host_os_vulns AS h

LEFT JOIN rna_vuln AS v ON (h.rna_vuln_id = v.rna_vuln_id)

WHERE h.host_id = UNHEX('9610B6E6F1784DA4B39BEA7A210AAD68')

AND h.invalid = 0;

Note that this query left joins the tables on

rna_vuln_id

, as required by Database Access. See

rna_host_os_vulns, page 6-30

and

rna_vuln Joins, page 6-57

Host Violation Count

The following query duplicates the Host Violation Count page in the Host Violation Count workflow. If
you have not changed the default Compliance White List Violations workflow in your user preferences,
this is the first page you see when you select

Analysis > Correlation > White List Violations

on the Defense

Center’s web interface.

SELECT host_id, HEX(host_id), white_list_name, count(*) AS total

FROM white_list_violation

GROUP BY host_id, white_list_name

ORDER BY total DESC;