Cisco Cisco Firepower Management Center 2000 Guia Do Programador

The 

 table contains information on security intelligence events. The FireSIGHT 

System generates a Security Intelligence event when a connection is blacklisted or monitored by 
Security Intelligence; the event contains detailed information about the monitored traffic.

For more information, see the following sections:

The following table describes the database fields you can access in the 

 table.

access_control_policy_name

The access control policy that contains the access control rule (or default 
action) that logged the connection.

access_control_reason

The reason that the access control rule logged the connection. One of the 
following:

User Bypass

IP Block

IP Monitor

File Monitor

File Block

File Resume

Intrusion Block

blank if there is no connection logged

access_control_rule_action

The action associated with the access control rule (or default action): 

allow

, 

block

, and so on.

access_control_rule_id

An internal identification number for the rule.

access_control_rule_name

The access control rule (or default action) that logged the connection.

application_protocol_id

An internal identification number of the application protocol.

application_protocol_name

One of:

the name of the application, if a positive identification can be made

unknown

 if the system cannot identify the server based on known server 

fingerprints

pending

 if the system requires more data

blank if there is no application information in the connection

bytes_recv

The total number of bytes transmitted by the session responder.

bytes_sent

Total number of bytes transmitted by the session initiator.