Cisco Cisco Firepower Management Center 4000 Guia Do Programador
4-3
FireSIGHT System Database Access Guide
Chapter 4 Schema: Intrusion Tables
intrusion_event
dst_continent_name
The name of the continent of the destination host.
**
- Unknown
na
- North America
as
- Asia
af
- Africa
eu
- Europe
sa
- South America
au
- Australia
an
- Antarctica
dst_country_id
Code for the country of the destination host.
dst_country_name
Name of the country of the destination host.
dst_ip_address
Field deprecated in Version 5.2. Due to backwards compatibility the value in this
field is not set to
field is not set to
null
, but it is not reliable.
dst_ip_address_v6
Field deprecated in Version 5.2. Due to backwards compatibility the value in this
field is not set to
field is not set to
null
, but it is not reliable.
dst_ipaddr
A binary representation of the IPv4 or IPv6 address for the destination host
involved in the triggering event.
involved in the triggering event.
dst_port
Either:
•
the destination port number, if the event protocol type is TCP or UDP
•
the ICMP code, if the event protocol type is ICMP
dst_user_dept
The department of the destination user.
dst_user_email
The email address of the destination user.
dst_user_first_name
The first name of the destination user.
dst_user_id
The internal identification number for the destination user; that is, the user who
last logged into the destination host before the intrusion event occurred.
last logged into the destination host before the intrusion event occurred.
dst_user_last_name
The last name of the destination user.
dst_user_last_seen_sec
The UNIX timestamp of the date and time when the system last reported a login
for the destination user.
for the destination user.
dst_user_last_updated_sec
The UNIX timestamp of the date and time when the system last updated the
destination user’s record.
destination user’s record.
dst_user_name
The user name for the destination user.
dst_user_phone
The telephone number for the destination user.
event_id
The internal identification number for the event. Uniquely identifies an event on
the Defense Center.
the Defense Center.
event_time_sec
The UNIX timestamp of the date and time when the event packet was captured.
event_time_usec
The microsecond increment of the event timestamp. If microsecond resolution is
not available, this value is
not available, this value is
0
.
Table 4-2
intrusion_event Fields (continued)
Field
Description