Cisco Cisco Firepower Management Center 4000 Guia Do Programador
7-13
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
si_connection_log
client_application_id
An internal identification number for the client application that was used in
the intrusion event.
the intrusion event.
client_application_name
The client application, if available, that was used in the intrusion event. One
of:
of:
•
the name of the application, if a positive identification can be made
•
a generic client name if the system detects a client application but
cannot identify a specific one
cannot identify a specific one
•
blank if there is no client application information in the connection
client_application_version
The version of the client application.
connection_type
The detection source for the connection information. Either:
•
rna
, if detected by a Cisco device
•
netflow
, if exported by a NetFlow-enabled device
counter
Counter for the intrusion event associated with the connection event.
file_count
The number of files identified by snort in a session. A record is generated
for each file identified in the session.
for each file identified in the session.
first_packet_sec
The UNIX timestamp of the date and time the first packet of the session was
seen.
seen.
icmp_code
ICMP code if the event is ICMP traffic, or
null
if the event was not
generated from ICMP traffic.
icmp_type
ICMP type if the event is ICMP traffic, or
null
if the event was not
generated from ICMP traffic.
initiator_continent_name
The name of the continent of the host that initiated the session.
**
- Unknown
na
- North America
as
- Asia
af
- Africa
eu
- Europe
sa
- South America
au
- Australia
an
- Antarctica
initiator_country_id
Code for the country of the host that initiated the session.
initiator_country_name
Name of the country of the host that initiated the session.
initiator_ipaddr
A binary representation of the IP address of the host that initiated the
session.
session.
initiator_port
The port used by the session initiator.
initiator_user_dept
The department of the user who last logged into the initiator host.
initiator_user_email
The email address of the user who last logged into the initiator host.
initiator_user_first_name
The first name of the user who last logged into the initiator host.
Table 7-6
si_connection_log Fields (continued)
Field
Description