Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
4-8
FireSIGHT System Database Access Guide
Chapter 4 Schema: Intrusion Tables
rule_message
intrusion_event_packet Joins
You cannot perform joins on the
intrusion_event_packet
table.
intrusion_event_packet Sample Query
The following query returns the packet information for all packets matching the selected event id.
SELECT event_id, packet_time_sec, sensor_address, packet_data
FROM intrusion_event_packet
WHERE event_id="1";
rule_message
The
rule_message
table is a master list of the rule messages for intrusion rules. Each rule message is
accompanied by its identifying information.
For more information, see the following sections:
•
•
•
rule_message Fields
The following table describes the database fields you can access in the
rule_message
table.
rule_message Joins
You cannot perform joins on the
rule_message
table.
Table 4-5
rule_message Fields
Field
Description
generator_id
The GID of the component that triggers the rule.
message
The message associated with the rule that is triggered.
rev_uuid
A unique identifier for the rule revision.
revision
The revision number for the rule.
signature_id
The rule identification number as it is rendered in the appliance user interface.
uuid
A unique identifier for the rule.