Cisco Cisco Firepower Management Center 2000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
127
Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Chapter 3
The
table describes the
fields in the Access Control Policy Rule ID Metadata block.
Revision, continued
Revision, continued
Rule ID
Nam
e
String Block Type (0)
String Block Length
Name...
Access Control Policy Rule ID Metadata Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Access Control
Policy Rule ID
Metadata Block
Type
uint32
Initiates a Access Control Policy Rule ID
Metadata block. This value is always 15.
Access Control
Policy Rule ID
Metadata Block
Length
uint32
Total number of bytes in the Access Control
Policy Rule ID block, including eight bytes for
the Access Control Policy Rule ID metadata
block type and length fields, plus the number
of bytes of data that follows.
Revision
uint8[16]
Revision number of the rule associated with
the triggered correlation event.
Rule ID
uint32
Internal identifier for the rule that triggered the
event.
String Block
Type
uint32
Initiates a String data block containing the
descriptive name associated with the access
control policy rule. This value is always 0.
String Block
Length
uint32
The number of bytes included in the name
String data block, including eight bytes for the
block type and header fields plus the number
of bytes in the Name field.
Name
string
The descriptive name of the access control
policy rule.