Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
6-11
FireSIGHT System Database Access Guide
Chapter 6 Schema: Discovery Event and Network Map Tables
network_discovery_event
application_tag_map Sample Query
The following query returns all tag records associated with the specified application.
SELECT application_id, application_name, tag_id, tag_name
FROM application_tag_map
WHERE application_name="Active Directory";
network_discovery_event
The
network_discovery_event
table contains information on discovery and host input events. The
FireSIGHT System generates discovery events when it detects a change on your monitored network,
whether by discovering new network features or by detecting changes in previously identified network
assets. The FireSIGHT System generates host input events when a user manually modifies the network
map by adding, modifying, or deleting network assets.
whether by discovering new network features or by detecting changes in previously identified network
assets. The FireSIGHT System generates host input events when a user manually modifies the network
map by adding, modifying, or deleting network assets.
The
network_discovery_event
table supersedes the deprecated
rna_events
table starting with Version
5.0 of the FireSIGHT System.
For more information, see the following sections:
•
•
•
network_discovery_event Fields
The following table describes the fields you can access in the
network_discovery_event
table.
Table 6-8
network_discovery_event Fields
Field
Description
confidence
The FireSIGHT System-assigned confidence rating (from
0
to
100
) for the identification of
the service.
description
The description of the event.
event_id
The internal identification number for the event.
event_time_sec
The UNIX timestamp of the date and time the event was generated.
event_time_usec
The microsecond increment of the event timestamp.
event_type
The event type. For example,
New Host
or
Identity Conflict
.
ip_address
This field has been deprecated and will now return
null
.
ipaddr
A binary representation of the IPv4 or IPv6 address for the host involved in the event.
mac_address
The MAC address of the host involved in the event.
mac_vendor
The NIC hardware vendor of the host involved in the event.
port
The port used by the network traffic that triggered the event.
sensor_address
The IP address of the managed device that generated the discovery event. Format is
ipv4_address,ipv6_address
.