Skip to main content

 

 

Cisco Defense Orchestrator

Event Attributes in Security Analytics and Logging

Event Attribute Descriptions

These and the rest of the event attributes are largely the same as what is reported by Firepower Device Manager. For a complete description of Firepower Threat Defense event attributes, see Cisco Firepower Threat Defense Syslog Messages.

Time Attributes

Understanding the purposes of the different time-stamps in the Event Logging page will help you filter and find the events that interest you. 

event_time_description.jpg

 

Number Label Description
1

Date/Time

 

The time the Secure Event Connector (SEC) processed the event. This may not be the same as the time the firewall inspected that traffic. Same value as timestamp.

2 timestamp The time the Secure Event Connector (SEC) processed the event. This may not be the same as the time the firewall inspected that traffic. Same value as Date/Time.
3 FirstPacketSecond

The time at which the connection opened. The firewall inspects the packet at this time. 

The value of the FirstPacketSecond is calculated by subtracting the ConnectionDuration from the LastPacketSecond.

For connection events logged at the beginning of the connection, the value of FirstPacketSecond, LastPacketSecond, and EventSecond will all be the same.

4

LastPacketSecond

The time at which the connection closed. For connection events logged at the end of the connection, LastPacketSecond and EventSecond will be equal.

5 EventSecond Equals with LastPacketSecond.