Cisco Cisco Firepower Management Center 2000 Guia Do Programador
7-12
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
si_connection_log
si_connection_log
The
si_connection_log
table contains information on security intelligence events. The FireSIGHT
System generates a Security Intelligence event when a connection is blacklisted or monitored by
Security Intelligence; the event contains detailed information about the monitored traffic.
Security Intelligence; the event contains detailed information about the monitored traffic.
For more information, see the following sections:
•
•
•
si_connection_log Fields
The following table describes the database fields you can access in the
si_connection_log
table.
Table 7-6
si_connection_log Fields
Field
Description
access_control_policy_name
The access control policy that contains the access control rule (or default
action) that logged the connection.
action) that logged the connection.
access_control_reason
The reason that the access control rule logged the connection. One of the
following:
following:
•
User Bypass
•
IP Block
•
IP Monitor
•
File Monitor
•
File Block
•
File Resume
•
Intrusion Block
•
blank if there is no connection logged
access_control_rule_action
The action associated with the access control rule (or default action):
allow
,
block
, and so on.
access_control_rule_id
An internal identification number for the rule.
access_control_rule_name
The access control rule (or default action) that logged the connection.
application_protocol_id
An internal identification number of the application protocol.
application_protocol_name
One of:
•
the name of the application, if a positive identification can be made
•
unknown
if the system cannot identify the server based on known server
fingerprints
•
pending
if the system requires more data
•
blank if there is no application information in the connection
bytes_recv
The total number of bytes transmitted by the session responder.
bytes_sent
Total number of bytes transmitted by the session initiator.