Cisco Cisco Firepower Management Center 2000 Guia Do Programador

C H A P T E R

8-1

FireSIGHT System Database Access Guide

Schema: User Activity Tables

This chapter contains information on the schema and supported joins for user activity and identity
events. The FireSIGHT System can detect user activity on your network by tracking various types of user
logins, including LDAP, POP3, IMAP, SMTP, AIM, and SIP.

For more information, see the sections listed in the following table.

discovered_users

The

discovered_users

table contains detailed information about each user detected by the system.

The

discovered_users

table supersedes the deprecated

rua_users

table starting with Version 5.0 of the

FireSIGHT System.

For more information, see the following sections:

•

discovered_users Fields, page 8-1

•

discovered_users Joins, page 8-2

•

discovered_users Sample Query, page 8-2

discovered_users Fields

The following table describes the fields you can access in the

discovered_users

table.

Table 8-1

Schema for User Identity Tables

See...

For the table that stores information on...

Version

discovered_users, page 8-1

information about the users detected by the system.

5.0+

user_discovery_event, page 8-3

user discovery events, which communicate the details of user
activity on your network.

5.0+

Table 8-2

discovered_users Fields

Field

Description

dept

The department of the user.

The email address for the user.

first_name

The first name for the user.