Cisco Cisco Firepower Management Center 4000 Guia Do Programador

dst_continent_name

The name of the continent of the destination host.

**

 - Unknown

na

 - North America

as

 - Asia

af

 - Africa

eu

 - Europe

sa

 - South America

au

 - Australia

an

 - Antarctica

dst_country_id

Code for the country of the destination host.

dst_country_name

Name of the country of the destination host.

dst_ip_address_v6

This field has been deprecated and will now return 

null

.

dst_ipaddr

A binary representation of the IPv4 or IPv6 address for the destination of the connection.

dst_port

Port number for the destination of the connection.

endpoint_user

The user determined by the Cisco FireAMP agent if the event was detected by the Cisco 
cloud. This user is not associated with LDAP and does not appear in the discovered_users 
table.

event_description

The additional event information associated with the event type.

event_id

The internal unique ID of the FireAMP event.

event_subtype

The action that led to malware detection. Each 

event_subtype

 value has an associated 

event_subtype_id

 value. The possible display values and the associated IDs are: 

Create 

- 1

Execute 

- 2

Move 

- 22

Scan 

- 4

event_subtype_id

The internal ID of the action that led to malware detection. Each 

event_subtype_id

 value 

has an associated 

event_subtype

 value. The possible display values and the associated 

subtypes are: 

1

 - Create

2

 - Execute

4

 - Scan

22

 - Move