Cisco Cisco Firepower Management Center 4000 Developer's Guide
10-5
FireSIGHT System Database Access Guide
Chapter 10 Schema: File Event Tables
file_event
file_event Joins
The following table describes the joins you can perform on the
file_event
table.
src_ip_address_v6
Field deprecated in Version 5.2. Returns
null
for all queries.
src_ipaddr
A binary representation of the IPv4 or IPv6 address of the source host involved in
the triggering event.
the triggering event.
src_port
Port number for the source of the connection.
storage
The storage status of the file. Possible values are:
•
File Stored
•
Unable to Store File
•
File Size is Too Large
•
File Size is Too Small
•
Unable to Store File
•
File Not Stored, Disposition Unavailable
threat_name
Name of the threat.
timestamp
UNIX timestamp when enough of the file has been transmitted to identify the file
type.
type.
url
URL of the file source.
user_id
The internal identification number for the destination user; that is, the user who
last logged into the destination host before the event occurred.
last logged into the destination host before the event occurred.
username
Name associated with the
user_id
.
web_application_id
The internal identification number for the web application, if applicable.
web_application_name
Name of the web application, if applicable.
file_event Fields (continued)
Field
Description
Table 10-2
file_event Joins
You can join this table on...
And...
application_id