Cisco Cisco Firepower Management Center 4000 Guia Do Programador
3-7
FireSIGHT System Database Access Guide
Chapter 3 Schema: System-Level Tables
fireamp_event
retroactive_
disposition
Disposition of the file if the disposition is updated. If the disposition is not updated, this
field contains the same value as the
field contains the same value as the
disposition
field. The possible values are the same
as the
disposition
field.
security_context
Description of the security context (virtual firewall) that the traffic passed through. Note
that the system only populates this field for ASA FirePOWER devices in multi-context
mode.
that the system only populates this field for ASA FirePOWER devices in multi-context
mode.
score
A numeric value from
0
to
100
based on the potentially malicious behaviors observed
during dynamic analysis.
sensor_address
IP address of the device that generated the event.
sensor_id
ID of the device that generated the event.
sensor_name
The text name of the managed device that generated the event record. This field is
null
when the event refers to the reporting device itself, rather than to a connected device.
sensor_uuid
A unique identifier for the managed device, or
0
if
fireamp_event.sensor_name
is
null
.
src_continent_name
The name of the continent of the source host.
**
- Unknown
na
- North America
as
- Asia
af
- Africa
eu
- Europe
sa
- South America
au
- Australia
an
- Antarctica
src_country_id
Code for the country of the source host.
src_country_name
Name of the country of the source host.
src_ip_address_v6
Field deprecated in Version 5.2. Returns
null
for all queries.
src_ipaddr
A binary representation of the IPv4 or IPv6 address for the source of the connection.
src_port
Port number for the source of the connection.
threat_name
Name of the threat.
timestamp
The FireAMP event generation timestamp.
url
The URL of the source of the connection.
user_id
An internal identification number for the user who last logged into the host that sent or
received the file. This user is in the
received the file. This user is in the
discovered_users
table.
username
The name of the user who last logged into the host that sent or received the file.
web_application_id
The internal identification number for the web application, if applicable.
web_application_name
Name of the web application, if applicable.
Table 3-3
fireamp_event Fields (continued)
Field
Description