Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
5-5
FireSIGHT System Database Access Guide
Chapter 5 Schema: Statistics Tracking Tables
app_ids_stats_current_timeframe
app_ids_stats_current_timeframe Joins
The following table describes the joins you can perform on the
app_ids_stats_current_
timeframe
tables.
app_ids_stats_current_timeframe Sample Query
The following query returns up to 25 application records from the
app_ids_stats_current_month
table.
Each record contains the number of blocked connections and intrusion events for the application over
the time interval.
the time interval.
SELECT from_unixtime(start_time_sec), sum(blocked)
FROM app_ids_stats_current_day
WHERE start_time_sec = unix_timestamp("2013-12-15");
risk_description
A description of the estimated risk (
very low
,
low
,
medium
,
high
,
critical
).
sensor_address
The IP address of the managed device that generated the event. Format is
ipv4_address,ipv6_address
.
sensor_id
ID of the device that provided the event.
sensor_name
The name of the managed device that generated the intrusion event.
sensor_uuid
A unique identifier for the managed device, or
0
if
sensor_name
is
null
.
start_time_sec
The UNIX timestamp of the date and time the measurement interval starts.
For detailed information, see
For detailed information, see
.
would_have_dropped
Number of packets that would have been dropped if the intrusion policy had
been configured to drop packets in an inline deployment.
been configured to drop packets in an inline deployment.
Table 5-3
app_ids_stats_current_timeframe Fields (continued)
Field
Description
Table 5-4
app_ids_stats_current_timeframe Joins
You can join this table on...
And...
application_id