Cisco Cisco Firepower Management Center 2000 开发者指南
9-8
FireSIGHT System Database Access Guide
Chapter 9 Schema: Correlation Tables
white_list_event
white_list_event Fields
The following table describes the database fields you can access in the
white_list_event
table.
Table 9-5
white_list_event Fields
Field
Description
description
A description of how the white list was violated.
detection_engine_name
Field deprecated in Version 5.0. Returns
null
for all queries.
detection_engine_uuid
Field deprecated in Version 5.0. Returns
null
for all queries.
host_criticality
The user-assigned criticality of the host that is out of compliance with the white list: None,
Low, Medium, or High.
Low, Medium, or High.
host_type
The host type:
Host
,
Router
,
Bridge
,
NAT Device
, or
Load Balancer
.
id
An internal unique identifier for the white list event.
ip_address
Field deprecated in Version 5.2. Returns
null
for all queries.
ip_address_v6
Field deprecated in Version 5.2. Returns
null
for all queries.
ipaddr
A binary representation of the IP address of the non-compliant host.
os_product
The operating system’s product name.
os_vendor
The operating system’s vendor.
os_version
The operating system’s version number.
policy_name
The violated compliance policy that includes the white list.
policy_time_sec
The UNIX timestamp of the date and time the event was generated.
policy_uuid
A unique identifier for the compliance policy that includes the white list event.
port
The port, if any, associated with the event that triggered a service white list violation (that
is, when a violation occurs as a result of a non-compliant service). For other types of white
list violations, the field is blank.
is, when a violation occurs as a result of a non-compliant service). For other types of white
list violations, the field is blank.
priority
The priority for the white list event, which is set in the user interface.
protocol_name
The protocol associated with the event, if available.
protocol_num
The IANA-specified protocol number, if available.
rna_service
The service that triggered the white list violation, if available.
sensor_address
IP address of the managed device that detected the traffic. Format is
ipv4_address,ipv6_address
.
sensor_name
The device that generated the white list event.
sensor_uuid
A unique identifier for the managed device, or
0
if
sensor_name
is
null
.
user_dept
The department of the user.
user_email
The email address for the user.
user_first_name
The first name for the user.
user_id
Internal identification number of the user who last logged into the host before the event
occurred.
occurred.
user_last_name
The last name for the user.
user_last_seen_sec
The UNIX timestamp of the date and time the system last reported a login for the user.