Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
7-4
FireSIGHT System Database Access Guide
Chapter 7 Schema: Connection Log Tables
connection_log
initiator_user_last_seen_sec
The UNIX timestamp of the date and time the FireSIGHT System last
detected user activity for the user who last logged into the initiator host.
detected user activity for the user who last logged into the initiator host.
initiator_user_last_updated_sec
The UNIX timestamp of the date and time the FireSIGHT System last
updated the user record for the user who last logged into the initiator host.
updated the user record for the user who last logged into the initiator host.
initiator_user_name
The user name of the user who last logged into the initiator host.
initiator_user_phone
The phone number of the user who last logged into the initiator host.
instance_id
Numerical ID of the Snort instance on the managed device that generated
the event.
the event.
interface_egress_name
The ingress interface associated with the connection.
interface_ingress_name
The egress interface associated with the connection.
ioc_count
Number of indications of compromise found in the connection.
ips_event_count
The number of intrusion events generated in the connection prior to
intrusion event thresholding.
intrusion event thresholding.
last_packet_sec
The UNIX timestamp of the date and time the last packet of the session was
seen.
seen.
monitor_rule_id_1
The ID of the first monitor rule associated with the connection. This ID is
associated with the name stored in
associated with the name stored in
monitor_rule_name_1
.
monitor_rule_id_2
The ID of the second monitor rule associated with the connection. This ID
is associated with the name stored in
is associated with the name stored in
monitor_rule_name_2
.
monitor_rule_id_3
The ID of the third monitor rule associated with the connection. This ID is
associated with the name stored in
associated with the name stored in
monitor_rule_name_3
.
monitor_rule_id_4
The ID of the fourth monitor rule associated with the connection. This ID
is associated with the name stored in
is associated with the name stored in
monitor_rule_name_4
.
monitor_rule_id_5
The ID of the fifth monitor rule associated with the connection. This ID is
associated with the name stored in
associated with the name stored in
monitor_rule_name_5
.
monitor_rule_id_6
The ID of the sixth monitor rule associated with the connection. This ID is
associated with the name stored in
associated with the name stored in
monitor_rule_name_6
.
monitor_rule_id_7
The ID of the seventh monitor rule associated with the connection. This ID
is associated with the name stored in
is associated with the name stored in
monitor_rule_name_7
.
monitor_rule_id_8
The ID of the eighth monitor rule associated with the connection. This ID
is associated with the name stored in
is associated with the name stored in
monitor_rule_name_8
.
monitor_rule_name_1
The name of the first monitor rule associated with the connection. This
name is associated with the ID stored in
name is associated with the ID stored in
monitor_rule_id_1
.
monitor_rule_name_2
The name of the second monitor rule associated with the connection. This
name is associated with the ID stored in
name is associated with the ID stored in
monitor_rule_id_2
.
monitor_rule_name_3
The name of the third monitor rule associated with the connection. This
name is associated with the ID stored in
name is associated with the ID stored in
monitor_rule_id_3
.
monitor_rule_name_4
The name of the fourth monitor rule associated with the connection. This
name is associated with the ID stored in
name is associated with the ID stored in
monitor_rule_id_4
.
monitor_rule_name_5
The name of the fifth monitor rule associated with the connection. This
name is associated with the ID stored in
name is associated with the ID stored in
monitor_rule_id_5
.
Table 7-2
connection_log Fields (continued)
Field
Description