Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
6-22
FireSIGHT System Database Access Guide
Chapter 6 Schema: Discovery Event and Network Map Tables
rna_host_ioc_state
rna_host_ioc_state Fields
The following table describes the fields you can access in the
rna_host_ioc_state
table.
Table 6-18
rna_host_ioc_state Fields
Field
Description
first_seen
Unix timestamp when the compromise was first detected.
first_seen_sensor_address
The IP address of the managed device that first detected the compromise. Format is
ipv4_address,ipv6_address
.
first_seen_sensor_name
The managed device that first detected the compromise.
host_id
ID number of the host.
ioc_category
The category for the compromise. Possible values include:
•
CnC Connected
•
Exploit Kit
•
High Impact Attack
•
Low Impact Attack
•
Malware Detected
•
Malware Executed
•
Dropper Infection
•
Java Compromise
•
Word Compromise
•
Adobe Reader Compromise
•
Excel Compromise
•
PowerPoint Compromise
•
QuickTime Compromise
ioc_description
Description of the compromise.