Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
2-18
FireSIGHT System Database Access Guide
Chapter 2 Setting Up Database Access
Sample Queries
WHERE h.ip_address = INET_ATON('10.10.10.4')
AND h.invalid = 0;
Note that this query left joins the tables on
rna_vuln_id
and
.
Operating System Summary
The following query duplicates the Summary of OS Names page in the Operating System Summary
workflow. If you have not changed the default workflow in your user preferences, this is the first page
you see when you select
workflow. If you have not changed the default workflow in your user preferences, this is the first page
you see when you select
Analysis > Hosts
on the Defense Center web interface, then select
Hosts
:
SELECT vendor, product, count(*) AS total
FROM rna_host_os
GROUP BY vendor, product
ORDER BY total DESC;
Operating System Vulnerabilities for a Host
The following query joins two vulnerability-related tables to give you a list of valid operating
system-related vulnerabilities detected for a particular host, along with whether each vulnerability is
exploitable across a network:
system-related vulnerabilities detected for a particular host, along with whether each vulnerability is
exploitable across a network:
SELECT h.rna_vuln_id, v.title, v.remote
FROM rna_host_os_vulns AS h
LEFT JOIN rna_vuln AS v ON (h.rna_vuln_id = v.rna_vuln_id)
WHERE h.host_id = UNHEX('9610B6E6F1784DA4B39BEA7A210AAD68')
AND h.invalid = 0;
Note that this query left joins the tables on
rna_vuln_id
, as required by Database Access. See
and
.
Host Violation Count
The following query duplicates the Host Violation Count page in the Host Violation Count workflow. If
you have not changed the default Compliance White List Violations workflow in your user preferences,
this is the first page you see when you select
you have not changed the default Compliance White List Violations workflow in your user preferences,
this is the first page you see when you select
Analysis > Correlation > White List Violations
on the Defense
Center’s web interface.
SELECT host_id, HEX(host_id), white_list_name, count(*) AS total
FROM white_list_violation
GROUP BY host_id, white_list_name
ORDER BY total DESC;