Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

10-5

FireSIGHT System Database Access Guide

Chapter 10 Schema: File Event Tables

file_event

file_event Joins

The following table describes the joins you can perform on the

file_event

table.

src_ip_address_v6

Field deprecated in Version 5.2. Returns

null

for all queries.

src_ipaddr

A binary representation of the IPv4 or IPv6 address of the source host involved in
the triggering event.

src_port

Port number for the source of the connection.

storage

The storage status of the file. Possible values are:

•

File Stored

•

Unable to Store File

•

File Size is Too Large

•

File Size is Too Small

•

Unable to Store File

•

File Not Stored, Disposition Unavailable

threat_name

Name of the threat.

timestamp

UNIX timestamp when enough of the file has been transmitted to identify the file
type.

url

URL of the file source.

user_id

The internal identification number for the destination user; that is, the user who
last logged into the destination host before the event occurred.

username

Name associated with the

user_id

web_application_id

The internal identification number for the web application, if applicable.

web_application_name

Name of the web application, if applicable.

file_event Fields (continued)

Field

Description

Table 10-2

file_event Joins

You can join this table on...

And...

application_id

application_info.application_id

application_host_map.application_id

application_tag_map.application_id

rna_host_service_info.application_protocol_id

rna_host_client_app_payload.web_application_id

rna_host_client_app_payload.client_application_id

rna_host_client_app.client_application_id

rna_host_client_app.application_protocol_id

rna_host_service_payload.web_application_id