Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
3-5
FireSIGHT System Database Access Guide
Chapter 3 Schema: System-Level Tables
fireamp_event
event_type
The type of FireAMP event. Each
event_type
value has an associated
event_type_id
value. The possible display values and the associated IDs are:
•
Blocked Execution
- 553648168
•
Cloud Recall Quarantine
- 553648155
•
Cloud Recall Quarantine Attempt Failed
- 2164260893
•
Cloud Recall Quarantine Started
- 553648147
•
Cloud Recall Restore from Quarantine
- 553648154
•
Cloud Recall Restore from Quarantine Failed
- 2164260892
•
Cloud Recall Restore from Quarantine Started
- 553648146
•
FireAMP IOC
- 1107296256
•
Quarantine Failure
- 2164260880
•
Quarantined Item Restored
- 553648149
•
Quarantine Restore Failed
- 2164260884
•
Quarantine Restore Started
- 553648150
•
Scan Completed, No Detections
- 554696715
•
Scan Completed With Detections
- 1091567628
•
Scan Failed
- 2165309453
•
Scan Started
- 554696714
•
Threat Detected
- 1090519054
•
Threat Detected in Exclusion
- 553648145
•
Threat Detected in Network File Transfer
- 1
•
Threat Detected in Network File Transfer (Retrospective)
- 2
•
Threat Quarantined
- 553648143
Table 3-3
fireamp_event Fields (continued)
Field
Description