Manualsbrain.com
  1. Manuais
  2. Marcas
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Guia Do Programador

Cisco Cisco Firepower Management Center 4000 Guia Do Programador

Download
Página de 180
 
7-13
FireSIGHT System Database Access Guide
 
Chapter 7      Schema: Connection Log Tables
  si_connection_log
client_application_id
An internal identification number for the client application that was used in 
the intrusion event.
client_application_name
The client application, if available, that was used in the intrusion event. One 
of:
  •
the name of the application, if a positive identification can be made
  •
a generic client name if the system detects a client application but 
cannot identify a specific one
  •
blank if there is no client application information in the connection
client_application_version
The version of the client application.
connection_type
The detection source for the connection information. Either:
  •
rna
, if detected by a Cisco device
  •
netflow
, if exported by a NetFlow-enabled device
counter
Counter for the intrusion event associated with the connection event. 
file_count
The number of files identified by snort in a session. A record is generated 
for each file identified in the session.
first_packet_sec
The UNIX timestamp of the date and time the first packet of the session was 
seen.
icmp_code
ICMP code if the event is ICMP traffic, or 
null
 if the event was not 
generated from ICMP traffic.
icmp_type
ICMP type if the event is ICMP traffic, or 
null
 if the event was not 
generated from ICMP traffic.
initiator_continent_name
The name of the continent of the host that initiated the session.
**
 - Unknown
na
 - North America
as
 - Asia
af
 - Africa
eu
 - Europe
sa
 - South America
au
 - Australia
an
 - Antarctica
initiator_country_id
Code for the country of the host that initiated the session.
initiator_country_name
Name of the country of the host that initiated the session.
initiator_ipaddr
A binary representation of the IP address of the host that initiated the 
session.
initiator_port
The port used by the session initiator.
initiator_user_dept
The department of the user who last logged into the initiator host.
initiator_user_email
The email address of the user who last logged into the initiator host.
initiator_user_first_name
The first name of the user who last logged into the initiator host.
Table 7-6
si_connection_log Fields (continued)
Field
Description