Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
5-6
FireSIGHT System Database Access Guide
Chapter 5 Schema: Statistics Tracking Tables
app_stats_current_timeframe
app_stats_current_timeframe
The
app_stats_current_
timeframe
tables contain statistics on bandwidth usage and access control
actions (connection allowed or denied), by application and by device that monitored the traffic. You can
filter these statistics by the business relevance, estimated risk, and type of the application.
filter these statistics by the business relevance, estimated risk, and type of the application.
For an understanding of the
current_day
,
current_month
, and
current_year
statistics tables, see
.
For more information on the
app_stats_current_
timeframe
tables,
see the following sections:
•
•
•
app_stats_current_timeframe Fields
The following table describes the fields you can access in the
app_stats_current_
timeframe
tables.
Table 5-5
app_stats_current_timeframe Fields
Field
Description
application_id
The internal identification number for the application.
application_name
The application name that appears in the user interface.
business_relevance
An index (from
1
to
5
) of the application’s relevance to business productivity
where
1
is very low and
5
is very high.
business_relevance_description
A description of business relevance (
very low
,
low
,
medium
,
high
,
very high
).
bytes_in
The bytes of inbound traffic for the application during the specified interval.
bytes_out
The bytes of outbound traffic for the application during the specified
interval.
interval.
connections_allowed
The number of connections allowed.
connections_denied
The number of connections denied due to violation of an access control
policy.
policy.
is_client_application
A true-false flag that indicates if the detected application is a client
application.
application.
is_server_application
A true-false flag that indicates if the detected application is an application
protocol.
protocol.
is_web_application
A true-false flag that indicates if the detected application is a web
application.
application.
risk
An index (from
1
to
5
) of the application’s estimated risk where
1
is very low
risk and
5
is critical risk.
risk_description
A description of the estimated risk (
very low
,
low
,
medium
,
high
,
critical
).
sensor_address
The IP address of the managed device that monitored the traffic. Format is
ipv4_address,ipv6_address
.
sensor_id
The internal identification number of the managed device that detected the
traffic.
traffic.
sensor_name
The name of the managed device that detected the traffic.