Cisco Cisco Firepower Management Center 2000 开发者指南

7-17

FireSIGHT System Database Access Guide

Chapter 7 Schema: Connection Log Tables

si_connection_log

si_connection_log Joins

The following table describes the joins you can perform using the

si_connection_log

table.

tcp_flags

The TCP flags detected in the session.

url

The URL requested by the monitored host during the session, if available.

url_category

The category of the URL requested by the monitored host.

url_reputation

The reputation of the URL requested by the monitored host. One of the
following:

•

- High risk

•

- Suspicious sites

•

- Benign sites with security risks

•

- Benign sites

•

- Well known

web_application_id

An internal identification number for the web application.

web_application_name

One of:

•

the name of the application, if a positive identification can be made.

•

web browsing

if the system detects an application protocol of HTTP but

cannot identify a specific web application.

•

blank if the connection has no HTTP traffic.

Table 7-6

si_connection_log Fields (continued)

Field

Description

Table 7-7

si_connection_log Joins

You can join this table on...

And...

application_protocol_name

application_id

client_application_id

web_application_id

application_info.application_id

application_host_map.application_id

application_tag_map.application_id

rna_host_service_info.application_protocol_id

rna_host_client_app_payload.web_application_id

rna_host_client_app_payload.client_application_id

rna_host_client_app.client_application_id

rna_host_client_app.application_protocol_id

rna_host_service_payload.web_application_id

initiator_ipaddr

responder_ipaddr

rna_host_ip_map.ipaddr

user_ipaddr_history.ipaddr