Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
C H A P T E R
4-1
FireSIGHT System Database Access Guide
4
Schema: Intrusion Tables
This chapter contains information on the schema and supported joins for intrusion events, the packets
that triggered the events, and the associated rule messages.
that triggered the events, and the associated rule messages.
For more information, see the sections listed in the following table.
intrusion_event
The
intrusion_event
table contains information on possible intrusions identified by the FireSIGHT
System. For each possible intrusion, the system generates an event and an associated record in the
database, which contains the date, time, type of exploit, access control policy and rule, intrusion policy
and rule, and other contextual information about the source and target of the attack.
database, which contains the date, time, type of exploit, access control policy and rule, intrusion policy
and rule, and other contextual information about the source and target of the attack.
Tip
For packet-based events, a copy of the packet or packets that triggered the event may also be available;
see
see
For more information, see the following sections:
•
•
•
Table 4-1
Schema for Intrusion Tables
See...
For the table that stores information on...
Version
Intrusion events, which include the date, time, type of exploit,
and contextual information about the source and target of an
attack.
and contextual information about the source and target of an
attack.
4.10.x+
The content of the packet or packets that triggered an intrusion
event.
event.
4.10.x+
Rule messages for intrusion events, including the associated
generator ID (GID), signature ID (SID), and version data.
generator ID (GID), signature ID (SID), and version data.
4.10.x+
Information on rules, including the attack scenarios, affected
systems, and information on when the rule was created and by
whom.
systems, and information on when the rule was created and by
whom.
5.2+