Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

The following query returns up to 25 correlation event records from a week, with event information such 
as the event time, source and destination IP addresses, source and destination ports, policy information, 
and so on.

SELECT event_id, policy_time_sec, impact, blocked, src_ipaddr, dst_ipaddr, src_port, 

dst_port, description, policy_name, policy_rule_name, priority, src_host_criticality, 

dst_host_criticality, security_zone_egress_name, security_zone_ingress_name, 

sensor_name, interface_egress_name, interface_ingress_name 

FROM compliance_event WHERE event_type!="whitelist" 

AND policy_time_sec 

BETWEEN UNIX_TIMESTAMP("2011-10-01 00:00:00") 

AND UNIX_TIMESTAMP("2011-10-07 23:59:59") 

ORDER BY policy_time_sec 

DESC LIMIT 0, 25;

The 

 table contains information about remediation events, which are generated 

when the Defense Center launches a remediation in response to a correlation policy violation.

For more information, see the following sections:

The following table describes the database fields you can access in the 

 table.

id

The identification number of the policy that was violated and triggered the remediation.

policy_name

The correlation policy that was violated and triggered the remediation.

policy_rule_name

The specific correlation rule that triggered the remediation.

policy_rule_uuid

A unique identifier for the correlation rule.

policy_time_sec

The UNIX timestamp of the date and time that the correlation event that triggered the 
remediation was generated.

policy_uuid

A unique identifier for the correlation policy that triggered the correlation event.

remediation_name

The remediation that was launched.