Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

C H A P T E R

3-1

FireSIGHT System Database Access Guide

Schema: System-Level Tables

This chapter contains information on the schema and supported joins for system-level functions,
including auditing, appliance health monitoring, malware detection, and logging of security updates.

For more information, see the sections listed in the following table.

audit_log

The

audit_log

table contains information on FireSIGHT System users’ interactions with the web

interface. Keep in mind that the audit log stores records for the local appliance only, not for managed
appliances.

For more information, see the following sections:

•

audit_log Fields, page 3-1

•

audit_log Joins, page 3-2

•

audit_log Sample Query, page 3-2

audit_log Fields

The following table describes the database fields you can access in the

audit_log

table.

Table 3-1

Schema for System-Level Tables

See...

For the table that stores information on...

Version

audit_log, page 3-1

User interactions with the appliance’s web interface.

4.10.x+

fireamp_event, page 3-2

FireAMP malware detection and quarantine events.

5.1+

health_event, page 3-8

Health status events for monitored appliances.

4.10.x+

sru_import_log, page 3-10

Rule updates that have been imported on your appliances.

5.0+

Table 3-2

audit_log Fields

Field

Description

action_time_sec

The UNIX timestamp of the date and time the appliance generated the audit record.

message

The action the user performed.

source

The IP address of the web interface user’s host, in dotted-decimal notation.