Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
7-9
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
connection_summary
The aggregated data in a connection summary includes the total number of packets and bytes sent by the
initiator and responder hosts, as well as the number of connections in the summary.
initiator and responder hosts, as well as the number of connections in the summary.
The
connection_summary
table supersedes the deprecated
rna_flow_summary
table starting with Version
5.0 of the FireSIGHT System.
For more information, see the following sections:
•
•
•
connection_summary Fields
The following table describes the database fields you can access in the
connection_summary
table.
Table 7-4
connection_summary Fields
Field
Description
application_protocol_id
An internal identification number for the application protocol.
application_protocol_name
One of:
•
the name of the application, if a positive identification can be made
•
unknown
if the system cannot identify the server based on known server
fingerprints
•
pending
if the system requires more data
•
blank if there is no application information in the connection
bytes_recv
The total number of bytes transmitted by the session responder.
bytes_sent
The total number of bytes transmitted by the session initiator.
connection_type
The detection source for the connection information. Either:
•
rna
, if detected by a Cisco device
•
netflow
, if exported by a NetFlow-enabled device
flow_type
Field deprecated in Version 5.0. Returns
null
for all queries.
id
An internal identification number for the connection summary.
initiator_ip_address
Field deprecated in Version 5.2. Returns
null
for all queries.
initiator_ipaddr
A binary representation of the IP address of the host that initiated the
session.
session.
initiator_user_dept
The department of the user who last logged into the initiator host.
initiator_user_email
The email address of the user who last logged into the initiator host.
initiator_user_first_name
The first name of the user who last logged into the initiator host.
initiator_user_id
An internal identification number for the user who last logged into the
initiator host.
initiator host.
initiator_user_last_name
The last name of the user who last logged into the initiator host.
initiator_user_last_seen_sec
The UNIX timestamp of the date and time the FireSIGHT System last
detected user activity for the user who last logged into the initiator host.
detected user activity for the user who last logged into the initiator host.