Guest

Preview Tool

Cisco Bug: CSCvu31876 - Underlying COUNT(*) query is missing join table info : externalization

Last Modified

Jun 02, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.7.0

Description (partial)

Symptom:
SELECT src_user_name,security_zone_ingress_name,interface_egress_name,intrusion_event_policy_UUID,dst_user_last_updated_sec,ssl_issuer_country,blocked,dst_user_last_seen_sec,src_user_id,detection_engine_name,dst_user_first_name,dst_port,ssl_subject_organization,interface_ingress_name,application_protocol_name,dst_user_id,dst_ipaddr,dst_ip_address_v6,ssl_issuer_organization_unit,ssl_issuer_organization,domain_uuid,src_user_email,rule_message,security_context,rule_classification,protocol_num,connection_sec,dst_country_name,intrusion_event_policy_name,src_country_name,src_user_dept,http_response_code,ssl_serial_number,web_application_id,dst_continent_name,event_time_sec,cert_valid_end_date,src_user_last_name,cert_valid_start_date,access_control_rule_id,src_ipaddr,network_analysis_policy_UUID,src_user_last_seen_sec,src_port,sensor_address,rule_generator,ioc_count,client_application_id,access_control_rule_name,src_country_id,deploy_revision_UUID,counter,rule_classification_id,application_protocol_id,priority,src_continent_name,event_id,src_user_phone,ssl_subject_organization_unit,access_control_policy_name,netmap_num,dst_user_dept,rule_generator_id,dst_ip_address,icmp_code,event_time_usec,src_user_last_updated_sec,detection_engine_uuid,dst_country_id,dst_user_name,sensor_name,protocol_name,network_analysis_policy_name,src_ip_address_v6,security_zone_egress_name,dst_user_last_name,icmp_type,impact,reviewed,ssl_subject_country,sensor_uuid,rule_signature_id,access_control_policy_UUID,instance_id,src_user_first_name,ssl_issuer_common_name,rule_revision,vlan_id,src_ip_address,domain_name,dst_user_email,web_application_name,client_application_name,dst_user_phone,ssl_subject_common_name FROM intrusion_event WHERE src_user_name = NULL;


Underlying sql that gets built :

SELECT COUNT(*) FROM event_1589814000_0 intrusion_event WHERE (user_identities_join_0.username = NULL) /* EQE_ID=104195628293343 */  /* USER=system */ 

[INFO][0][QueryEngine.pm:1393][id=104195628293343] Error: Failed Executing Count Query with DBD::mysql::st execute failed: Unknown column 'user_identities_join_0.username' in 'where clause'
[STORE_RESULTS][0][QueryEngine.pm:225][id=104195628293343] GetData failed: DBD::mysql::st execute failed: Unknown column 'user_identities_join_0.username' in 'where clause' at /usr/local/sf/lib/perl/5.10.1/SF/QueryEngine.pm line 1389.

[STORE_RESULTS][0][QueryEngine.pm:226][id=104195628293343] Unknown column 'user_identities_join_0.username' in 'where clause'
Error: Table 'external_data.result_104195628293343' doesn't exist
DBD::mysql::db do failed: Unknown table 'external_data.result_104195628293343' at /usr/local/sf/bin/OmniQuery.pl line 941, <STDIN> line 2.

Conditions:
For verification. Please load data into intrusion event tables , connection, file , malware and SI events .
Run externalization automation review contraints tests.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.