Cisco Cisco Firepower Management Center 4000 Guida Dello Sviluppatore
7-16
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
si_connection_log
responder_country_id
Code for the country of the host that responded to the session initiator.
responder_country_name
Name of the country of the host that responded to the session initiator.
responder_ipaddr
A binary representation of the IPv4 or IPv6 address for the host that
responded to the session initiator.
responded to the session initiator.
responder_port
The port used by the session responder.
responder_user_dept
The department of the user who last logged into the host that responded to
the session initiator.
the session initiator.
responder_user_email
The email address of the user who last logged into the host that responded
to the session initiator.
to the session initiator.
responder_user_first_name
The first name of the user who last logged into the host that responded to
the session initiator.
the session initiator.
responder_user_id
An internal identification number for the user who last logged into the host
that responded to the session initiator.
that responded to the session initiator.
responder_user_last_name
The last name of the user who last logged into the host that responded to the
session initiator.
session initiator.
responder_user_last_seen_sec
The UNIX timestamp of the date and time the FireSIGHT System last
detected user activity for the user who last logged into the host that
responded to the session initiator.
detected user activity for the user who last logged into the host that
responded to the session initiator.
responder_user_last_updated_sec
The UNIX timestamp of the date and time the FireSIGHT System last
updated the user record for the user who last logged into the host that
responded to the session initiator.
updated the user record for the user who last logged into the host that
responded to the session initiator.
responder_user_name
The user name of the user who last logged into the host that responded to
the session initiator.
the session initiator.
responder_user_phone
The phone number of the user who last logged into the host that responded
to the session initiator.
to the session initiator.
security_context
Description of the security context (virtual firewall) that the traffic passed
through. Note that the system only populates this field for
ASA FirePOWER devices in multi-context mode.
through. Note that the system only populates this field for
ASA FirePOWER devices in multi-context mode.
security_intelligence_category
The Security Intelligence category associated with the connection.
security_intelligence_ip
Whether the Security Intelligence-monitored IP address associated with the
connection is a source IP (
connection is a source IP (
src
) or destination IP (
dst
).
security_zone_egress_name
The egress security zone in the connection event.
security_zone_ingress_name
The ingress security zone in the connection event.
sensor_address
The IP address of the managed device that generated the event. Format is
ipv4 address,ipv6 address
.
sensor_name
The name of the managed device that monitored the session.
sensor_uuid
A unique identifier for the managed device, or
0
if
sensor_name
is
null
.
src_device_ipaddr
Either:
•
A binary representation of the IP address of the NetFlow-enabled
device that exported the connection data
device that exported the connection data
•
0
, for connections detected by Cisco managed devices.
Table 7-6
si_connection_log Fields (continued)
Field
Description