Cisco Cisco Firepower Management Center 2000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
114
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
Destination
OS
Fingerprint
UUID
uint8[16]
A fingerprint ID number that acts as a unique
identifier for the destination host’s operating
system.
See
See
on page 182 for information
about obtaining the values that map to the
fingerprint IDs.
Destination
Criticality
uint16
User-defined criticality value for the destination
host:
• 0 — None
• 0 — None
• 1 — Low
• 2 — Medium
• 3 — High
Destination
User ID
uint32
Identification number for the user logged into the
destination host, as identified by the system.
Destination
Port
uint16
Destination port in the event.
Destination
Service ID
uint32
Identification number for the server running on
the source host.
Blocked
uint8
Value indicating what happened to the packet
that triggered the intrusion event.
• 0 — Intrusion event not dropped
• 0 — Intrusion event not dropped
• 1 — Intrusion event was dropped (drop when
deployment is inline, switched, or routed)
• 2 — The packet that triggered the event would
have been dropped, if the intrusion policy had
been applied to a device in inline, switched, or
routed deployment.
Ingress
Interface
UUID
uint8[16]
An interface ID that acts as the unique identifier
for the ingress interface associated with
correlation event.
Egress
Interface
UUID
uint8[16]
An interface ID that acts as the unique identifier
for the egress interface associated with
correlation event.
Ingress Zone
UUID
uint8[16]
A zone ID that acts as the unique identifier for
the ingress security zone associated with
correlation event.
Correlation Event 5.1+ Data Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION