Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

The following table describes the joins you can perform on the 

 table.

src_os_version

The operating system’s version number on the source host.

src_port

The port number on the source host. For ICMP traffic, the ICMP type appears 
instead.

src_rna_service

If identified, the application protocol on the source host that is associated with the 
triggering event. If not identified, one of the following:

none

 or blank - no application protocol traffic

unknown

 - the server and application protocol cannot be identified based on 

known server fingerprints

pending

 - the system needs more information

src_user_dept

The department of the source user.

src_user_email

The email address of the source user.

src_user_first_name

The first name of the source user.

src_user_id

The internal identification number for the source user; that is, the user who last 
logged into the source host before the event occurred.

src_user_last_name

The last name of the source user.

src_user_last_seen_sec

The UNIX timestamp of the date and time the system last reported a login for the 
source user.

src_user_last_updated_sec

The UNIX timestamp of the date and time the source user’s information was last 
updated.

src_user_name

The login user name for the source user.

src_user_phone

The source user’s phone number.

src_vlan_id

The source host’s VLAN identification number, if applicable.

user_event_type

The type of triggering user event, for example, 

New User Identity

 or 

User Login

.

dst_ipaddr

or

src_ipaddr