Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
B-6
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Intrusion Data Structures
Intrusion Event (IPv6) Record 5.0.x - 5.1
The fields in the intrusion event (IPv6) record are shaded in the following graphic. The record type is
208.
208.
You request intrusion event records by setting the intrusion event flag or the extended requests flag in
the request message. See
the request message. See
.
For version 5.0.x - 5.1 intrusion events, the event ID, the managed device ID, and the event second form
a unique identifier.
a unique identifier.
Blocked
uint8
Value indicating whether the event was blocked:
•
0
- not blocked
•
1
- blocked
•
2
- would be blocked (but not permitted by configuration)
MPLS Label
uint32
MPLS label.
VLAN ID
uint16
Indicates the ID of the VLAN where the packet originated.
Pad
uint16
Reserved for future use.
Policy UUID
uint8[16]
A policy ID number that acts as a unique identifier for the intrusion
policy.
policy.
User ID
uint32
The internal identification number for the user, if applicable.
Web
Application ID
Application ID
uint32
The internal identification number for the web application, if
applicable.
applicable.
Client
Application ID
Application ID
uint32
The internal identification number for the client application, if
applicable.
applicable.
Application
Protocol ID
Protocol ID
uint32
The internal identification number for the application protocol, if
applicable.
applicable.
Access Control
Rule ID
Rule ID
uint32
A rule ID number that acts as a unique identifier for the access control
rule.
rule.
Access Control
Policy UUID
Policy UUID
uint8[16]
A policy ID number that acts as a unique identifier for the access
control policy.
control policy.
Ingress Interface
UUID
UUID
uint8[16]
An interface ID number that acts as a unique identifier for the ingress
interface.
interface.
Egress Interface
UUID
UUID
uint8[16]
An interface ID number that acts as a unique identifier for the egress
interface.
interface.
Ingress Security
Zone UUID
Zone UUID
uint8[16]
A zone ID number that acts as a unique identifier for the ingress
security zone.
security zone.
Egress Security
Zone UUID
Zone UUID
uint8[16]
A zone ID number that acts as a unique identifier for the egress
security zone.
security zone.
Table B-1
Intrusion Event (IPv4) Record Fields (continued)
Field
Data Type
Description