Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
10-4
FireSIGHT System Database Access Guide
Chapter 10 Schema: File Event Tables
file_event
sandboxed
Indicates whether the file was sent for dynamic analysis. Possible values are:
•
Sent for Analysis
•
Failed to Send
•
File Size is Too Small
•
File Size is Too Large
•
Sent for Analysis
•
Analysis Complete
•
Failure (Network Issue)
•
Failure (Rate Limit)
•
Failure (File Too Large)
•
Failure (File Read Error)
•
Failure (Internal Library Error)
•
File Not Sent, Disposition Unavailable
•
Failure (Cannot Run File)
•
Failure (Analysis Timeout)
•
File Not Supported
score
A numeric value from
0
to
100
based on the potentially malicious behaviors
observed during dynamic analysis.
security_context
Description of the security context (virtual firewall) that the traffic passed
through. Note that the system only populates this field for ASA FirePOWER
devices in multi-context mode.
through. Note that the system only populates this field for ASA FirePOWER
devices in multi-context mode.
sensor_address
A binary representation of the IP address of the device that provided the event.
sensor_id
ID for the device that provided the event.
sensor_name
The text name of the managed device that generated the event record. This field is
null
when the event refers to the reporting device itself, rather than to a connected
device.
sensor_uuid
A unique identifier for the managed device, or
0
if
sensor_name
is
null
.
signature_processed
Indicated whether the file’s signature was processed.
src_continent_name
The name of the continent of the source host.
**
- Unknown
na
- North America
as
- Asia
af
- Africa
eu
- Europe
sa
- South America
au
- Australia
an
- Antarctica
src_country_id
Code for the country of the source host.
src_country_name
Name of the country of the source host.
file_event Fields (continued)
Field
Description