Cisco Cisco Firepower Management Center 4000 Developer's Guide
C H A P T E R
8-1
FireSIGHT System Database Access Guide
8
Schema: User Activity Tables
This chapter contains information on the schema and supported joins for user activity and identity
events. The FireSIGHT System can detect user activity on your network by tracking various types of user
logins, including LDAP, POP3, IMAP, SMTP, AIM, and SIP.
events. The FireSIGHT System can detect user activity on your network by tracking various types of user
logins, including LDAP, POP3, IMAP, SMTP, AIM, and SIP.
For more information, see the sections listed in the following table.
discovered_users
The
discovered_users
table contains detailed information about each user detected by the system.
The
discovered_users
table supersedes the deprecated
rua_users
table starting with Version 5.0 of the
FireSIGHT System.
For more information, see the following sections:
•
•
•
discovered_users Fields
The following table describes the fields you can access in the
discovered_users
table.
Table 8-1
Schema for User Identity Tables
See...
For the table that stores information on...
Version
information about the users detected by the system.
5.0+
user discovery events, which communicate the details of user
activity on your network.
activity on your network.
5.0+
Table 8-2
discovered_users Fields
Field
Description
dept
The department of the user.
email
The email address for the user.
first_name
The first name for the user.