Cisco Cisco Firepower Management Center 2000 开发者指南
C H A P T E R
6-1
FireSIGHT System Database Access Guide
6
Schema: Discovery Event and Network Map
Tables
Tables
This chapter contains information on the schema and supported joins for tables related to discovery
events and the Cisco network map.
events and the Cisco network map.
Your FireSIGHT System generates discovery events continuously as it monitors the traffic produced by
your hosts and network devices.
your hosts and network devices.
The network map is a repository of information about the network assets reported in discovery events.
For each detected host and network device, the network map contains information such as operating
system, servers, client applications, host attributes, vulnerabilities, and so on.
For each detected host and network device, the network map contains information such as operating
system, servers, client applications, host attributes, vulnerabilities, and so on.
Vulnerabilities are descriptions of specific compromises or exploits to which hosts may be susceptible.
Cisco maintains its own vulnerability database (VDB), which cross-references the Bugtraq database and
MITRE’s CVE database. You can also import third-party vulnerability data using the host input feature.
Cisco maintains its own vulnerability database (VDB), which cross-references the Bugtraq database and
MITRE’s CVE database. You can also import third-party vulnerability data using the host input feature.
Note that the information about a given host in the network map can vary according to the type of host
and the information available in the monitored traffic.
and the information available in the monitored traffic.
For more information, see the sections listed in the following table. The Version column indicates the
FireSIGHT System versions that support each table. While support for deprecated tables continues in
the current product release, Cisco strongly recommends avoiding the use of deprecated tables and fields,
to ensure continued support in the future.
FireSIGHT System versions that support each table. While support for deprecated tables continues in
the current product release, Cisco strongly recommends avoiding the use of deprecated tables and fields,
to ensure continued support in the future.
Table 6-1
Schema for Discovery Event and Network Map Tables
See...
For the table that stores information on...
Version
applications detected on the hosts in your monitored
network.
network.
5.0+
the category, tags, productivity, and risk associated with
an application detected in your monitored network.
an application detected in your monitored network.
5.2+
the category, tags, productivity, and risk associated with
an application detected in your monitored network.
an application detected in your monitored network.
deprecated in Version 5.2. Superseded by
5.0-5.1.x
the tags associated with an application detected in your
monitored network.
monitored network.
5.0+
discovery and host input events.
5.0+
basic information on the hosts in your monitored network. 5.2+