Cisco Cisco Firepower Management Center 4000 開発者ガイド
5-18
FireSIGHT System Database Access Guide
Chapter 5 Schema: Statistics Tracking Tables
user_ids_stats_current_timeframe
url_reputation_stats_current_timeframe Joins
You cannot perform joins on the
url_reputation_stats_current_
timeframe
tables.
url_reputation_stats_current_timeframe Sample Query
The following query returns up to 25 URL reputation records from the
url_reputation_stats_current_month
table. Each record contains the bytes of inbound and outbound
traffic, as well as allowed and denied connections over the measurement time interval.
SELECT sensor_name, sensor_address, reputation, start_time_sec, bytes_in, bytes_out,
connections_allowed, connections_denied
FROM url_reputation_stats_current_year
WHERE reputation="High risk"
LIMIT 0, 25;
user_ids_stats_current_timeframe
The
user_ids_stats_current_
timeframe
tables are round-robin tables that contain statistics on access
filtering and impact statistics by user.
For an understanding of the
current_day
,
current_month
, and
current_year
tables in this type, see
For general information on using the round robin statistics tables, see
.
For more information on the
user_ids_stats_current_
timeframe
tables, see the following sections:
•
•
•
user_ids_stats_current_timeframe Fields
The following table describes the fields you can access in the
user_ids_stats_current_
timeframe
tables.
Table 5-15
user_ids_stats_current_timeframe Fields
Field
Description
blocked
The number of connections blocked due to violation of an intrusion policy.
impact_level_1
The number of impact level 1 (vulnerable) intrusion events recorded for the user.
impact_level_2
The number of impact level 2 (potentially vulnerable) intrusion events recorded for
the user.
the user.
impact_level_3
The number of impact level 3 (host currently not vulnerable) intrusion events
recorded for the user.
recorded for the user.