Cisco Cisco Firepower Management Center 4000 Guia Do Programador
3-4
FireSIGHT System Database Access Guide
Chapter 3 Schema: System-Level Tables
fireamp_event
dst_continent_name
The name of the continent of the destination host.
**
- Unknown
na
- North America
as
- Asia
af
- Africa
eu
- Europe
sa
- South America
au
- Australia
an
- Antarctica
dst_country_id
Code for the country of the destination host.
dst_country_name
Name of the country of the destination host.
dst_ip_address_v6
This field has been deprecated and will now return
null
.
dst_ipaddr
A binary representation of the IPv4 or IPv6 address for the destination of the connection.
dst_port
Port number for the destination of the connection.
endpoint_user
The user determined by the Cisco FireAMP agent if the event was detected by the Cisco
cloud. This user is not associated with LDAP and does not appear in the discovered_users
table.
cloud. This user is not associated with LDAP and does not appear in the discovered_users
table.
event_description
The additional event information associated with the event type.
event_id
The internal unique ID of the FireAMP event.
event_subtype
The action that led to malware detection. Each
event_subtype
value has an associated
event_subtype_id
value. The possible display values and the associated IDs are:
•
Create
- 1
•
Execute
- 2
•
Move
- 22
•
Scan
- 4
event_subtype_id
The internal ID of the action that led to malware detection. Each
event_subtype_id
value
has an associated
event_subtype
value. The possible display values and the associated
subtypes are:
•
1
- Create
•
2
- Execute
•
4
- Scan
•
22
- Move
Table 3-3
fireamp_event Fields (continued)
Field
Description