Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
4-6
FireSIGHT System Database Access Guide
Chapter 4 Schema: Intrusion Tables
intrusion_event
intrusion_event Joins
The following table describes the joins you can perform on the
intrusion_event
table.
src_user_last_seen_sec
The UNIX timestamp of the date and time the system last reported a login for the
source user.
source user.
src_user_last_updated_sec
The UNIX timestamp of the date and time the source user’s record was last
updated.
updated.
src_user_name
The user name for the source user.
src_user_phone
The source user’s phone number.
vlan_id
The identification number of the innermost VLAN associated with the packet
that triggered the intrusion event.
that triggered the intrusion event.
web_application_id
The internal identification number of the web application that was used in the
intrusion event, if applicable.
intrusion event, if applicable.
web_application_name
The web application that was used in the intrusion event, if applicable. One of:
•
the name of the application, if a positive identification can be made
•
web browsing
if the system detects an application protocol of HTTP but
cannot identify a specific web application
•
blank if the connection has no HTTP traffic
Table 4-2
intrusion_event Fields (continued)
Field
Description
Table 4-3
intrusion_event Joins
You can join this table on...
And...
application_protocol_id
or
client_application_id
or
web_application_id
dst_ipaddr
or
src_ipaddr