Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

3-8

FireSIGHT System Database Access Guide

Chapter 3 Schema: System-Level Tables

health_event

fireamp_event Joins

The following table describes the joins you can perform on the

fireamp_event

table.

fireamp_event Sample Query

The following query returns 25 malware events associated with the specified user, sorted by

timestamp

in ascending order.

SELECT event_id, timestamp, src_ipaddr, dst_ipaddr, username, cloud_name, event_type,

event_subtype, event_description, detection_name, detector_type, file_name,

parent_file_name

FROM fireamp_event

WHERE username="username" ORDER BY timestamp ASC

LIMIT 25;

health_event

The

health_event

table contains information on health events generated by the FireSIGHT System.

For more information, see the following sections:

•

health_event Fields, page 3-8

•

health_event Joins, page 3-9

•

health_event Sample Query, page 3-9

health_event Fields

The following table describes the database fields you can access in the

health_event

table.

Table 3-4

fireamp_event Joins

You can join this table on...

And...

dst_ipaddr

src_ipaddr

rna_host_ip_map.ipaddr

user_ipaddr_history.ipaddr

Table 3-5

health_event Fields

Field

Description

description

The description of the condition that caused the associated health module to generate the health
event. For example, health events generated when a process was unable to execute are labeled

Unable to Execute

event_time_sec

The UNIX timestamp of the date and time the Defense Center generated the health event.

The internal identification number for the event.

module_name

The name of the health module that generated the event.