Manualsbrain.com
  1. Инструкции и руководства
  2. Бренды
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Руководство Разработчика

Руководство Разработчика для Cisco Cisco Firepower Management Center 4000

Скачать
Страница из 180
 
3-6
FireSIGHT System Database Access Guide
 
Chapter 3      Schema: System-Level Tables 
  fireamp_event
event_type_id
The internal ID of the FireAMP event type. Each 
event_type_id
 value has an associated 
event_type
 value. The possible display values and the associated types are:
  •
553648143
 - Threat Quarantined
  •
553648145
 - Threat Detected in Exclusion
  •
553648146
 - Cloud Recall Restore from Quarantine Started
  •
553648147
 - Cloud Recall Quarantine Started
  •
553648149
 - Quarantined Item Restored
  •
553648150
 - Quarantine Restore Started
  •
553648154
 - Cloud Recall Restore from Quarantine
  •
553648155
 - Cloud Recall Quarantine
  •
553648168
 - Blocked Execution
  •
554696714
 - Scan Started
  •
554696715
 - Scan Completed, No Detections
  •
1090519054
 - Threat Detected
  •
1091567628
 - Scan Completed With Detections
  •
1107296256
 - FireAMP IOC
  •
2164260880
 - Quarantine Failure
  •
2164260893
 - Cloud Recall Quarantine Attempt Failed
  •
2164260884
 - Quarantine Restore Failed
  •
2164260892
 - Cloud Recall Restore from Quarantine Failed
  •
2165309453
 - Scan Failed
file_name
The name of the detected or quarantined file.
file_path
The file path, not including the file name, of the detected or quarantined file.
file_sha
The SHA-256 hash value of the detected or quarantined file.
file_size
The size in bytes of the detected or quarantined file.
file_timestamp
The creation timestamp of the detected or quarantined file.
file_type
The file type of the detected or quarantined file.
file_type_id
The internal ID of the file type of the detected or quarantined file.
instance_id
Numerical ID of the Snort instance on the managed device that generated the event. 
ioc_count
Number of indications of compromise found in the event.
parent_file_name
The name of the file accessing the detected or quarantined file when detection occurred.
parent_file_sha
The SHA-256 hash value of the parent file accessing the detected or quarantined file when 
detection occurred.
policy_uuid
Identification number that acts as a unique identifier for the access control policy that 
triggered the event. 
Table 3-3
fireamp_event Fields (continued)
Field
Description