Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
5-13
FireSIGHT System Database Access Guide
Chapter 5 Schema: Statistics Tracking Tables
storage_stats_by_file_type_current_timeframe
storage_stats_by_disposition_current_timeframe Joins
You cannot perform joins on the
session_stats_current_
timeframe
tables.
storage_stats_by_disposition_current_timeframe Sample Query
The following query returns the number of dropped and stored files for each sensor, in descending order
by
by
sensor_name
during the current day.
SELECT sensor_name, number_dropped, number_stored
FROM storage_stats_by_disposition_current_day
ORDER BY sensor_name DESC;
storage_stats_by_file_type_current_timeframe
The
storage_stats_by_file_type_current_
timeframe
tables contain statistics for stored files by file
type. Statistics can be extracted based on bytes, connection, sensor, and time.
For an understanding of the
current_day
,
current_month
, and
current_year
statistics tables, see
.
For more information on the
storage_stats_by_file_type_current_
timeframe
tables, see the following
sections:
•
•
•
storage_stats_by_file_type_current_timeframe Fields
The following table describes the fields you can access in the
storage_stats_by_file_type_current_
timeframe
tables. All tables of this type contain the same fields.
Table 5-11
storage_stats_by_file_type_current_timeframe Fields
Field
Description
bytes_written
The size of the file, in bytes.
file_type
The file type of the detected or quarantined file.
file_type_id
ID number that maps to the file type.
number_dropped
Number of files of this type dropped.
number_stored
Number of files of this type stored.
sensor
ID of the device that detected the file.
sensor_address
The IP address of the managed device that generated the event. Format is
ipv4_address,ipv6_address
.
sensor_name
The name of the managed device that generated the intrusion event.