Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
7-17
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
si_connection_log
si_connection_log Joins
The following table describes the joins you can perform using the
si_connection_log
table.
tcp_flags
The TCP flags detected in the session.
url
The URL requested by the monitored host during the session, if available.
url_category
The category of the URL requested by the monitored host.
url_reputation
The reputation of the URL requested by the monitored host. One of the
following:
following:
•
1
- High risk
•
2
- Suspicious sites
•
3
- Benign sites with security risks
•
4
- Benign sites
•
5
- Well known
web_application_id
An internal identification number for the web application.
web_application_name
One of:
•
the name of the application, if a positive identification can be made.
•
web browsing
if the system detects an application protocol of HTTP but
cannot identify a specific web application.
•
blank if the connection has no HTTP traffic.
Table 7-6
si_connection_log Fields (continued)
Field
Description
Table 7-7
si_connection_log Joins
You can join this table on...
And...
application_protocol_name
or
application_id
or
client_application_id
or
web_application_id
initiator_ipaddr
or
responder_ipaddr