Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
9-6
FireSIGHT System Database Access Guide
Chapter 9 Schema: Correlation Tables
remediation_status
compliance_event Sample Query
The following query returns up to 25 correlation event records from a week, with event information such
as the event time, source and destination IP addresses, source and destination ports, policy information,
and so on.
as the event time, source and destination IP addresses, source and destination ports, policy information,
and so on.
SELECT event_id, policy_time_sec, impact, blocked, src_ipaddr, dst_ipaddr, src_port,
dst_port, description, policy_name, policy_rule_name, priority, src_host_criticality,
dst_host_criticality, security_zone_egress_name, security_zone_ingress_name,
sensor_name, interface_egress_name, interface_ingress_name
FROM compliance_event WHERE event_type!="whitelist"
AND policy_time_sec
BETWEEN UNIX_TIMESTAMP("2011-10-01 00:00:00")
AND UNIX_TIMESTAMP("2011-10-07 23:59:59")
ORDER BY policy_time_sec
DESC LIMIT 0, 25;
remediation_status
The
remediation_status
table contains information about remediation events, which are generated
when the Defense Center launches a remediation in response to a correlation policy violation.
For more information, see the following sections:
•
•
•
remediation_status Fields
The following table describes the database fields you can access in the
remediation_status
table.
Table 9-4
remediation_status Fields
Field
Description
id
The identification number of the policy that was violated and triggered the remediation.
policy_name
The correlation policy that was violated and triggered the remediation.
policy_rule_name
The specific correlation rule that triggered the remediation.
policy_rule_uuid
A unique identifier for the correlation rule.
policy_time_sec
The UNIX timestamp of the date and time that the correlation event that triggered the
remediation was generated.
remediation was generated.
policy_uuid
A unique identifier for the correlation policy that triggered the correlation event.
remediation_name
The remediation that was launched.