Cisco Cisco Firepower Management Center 2000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
115
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
The
table describes each Event Defined Mask value.
Egress Zone
UUID
uint8[16]
A zone ID that acts as the unique identifier for
the egress security zone associated with
correlation event.
Source IPv6
Address
uint8[16]
IP address of the source host in the event, in
IPv6 address octets.
Destination
IPv6 Address
uint8[16]
IP address of the destination host in the event, in
IPv6 address octets.
Correlation Event 5.1+ Data Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Event Defined Values
D
ESCRIPTION
M
ASK
V
ALUE
Event Impact Flags
0x00000001
IP Protocol
0x00000002
Network Protocol
0x00000004
Source IP
0x00000008
Source Host Type
0x00000010
Source VLAN ID
0x00000020
Source Fingerprint ID
0x00000040
Source Criticality
0x00000080
Source Port
0x00000100
Source Server
0x00000200
Destination IP
0x00000400
Destination Host Type
0x00000800
Destination VLAN ID
0x00001000
Destination Fingerprint ID
0x00002000