Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
C H A P T E R
3-1
FireSIGHT System Database Access Guide
3
Schema: System-Level Tables
This chapter contains information on the schema and supported joins for system-level functions,
including auditing, appliance health monitoring, malware detection, and logging of security updates.
including auditing, appliance health monitoring, malware detection, and logging of security updates.
For more information, see the sections listed in the following table.
audit_log
The
audit_log
table contains information on FireSIGHT System users’ interactions with the web
interface. Keep in mind that the audit log stores records for the local appliance only, not for managed
appliances.
appliances.
For more information, see the following sections:
•
•
•
audit_log Fields
The following table describes the database fields you can access in the
audit_log
table.
Table 3-1
Schema for System-Level Tables
See...
For the table that stores information on...
Version
User interactions with the appliance’s web interface.
4.10.x+
FireAMP malware detection and quarantine events.
5.1+
Health status events for monitored appliances.
4.10.x+
Rule updates that have been imported on your appliances.
5.0+
Table 3-2
audit_log Fields
Field
Description
action_time_sec
The UNIX timestamp of the date and time the appliance generated the audit record.
message
The action the user performed.
source
The IP address of the web interface user’s host, in dotted-decimal notation.