Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
83
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
The
table describes each rule-specific field.
Classification Record for 4.6.1+
The eStreamer service transmits the classification information for an event in a
Classification record for 4.6.1+, the format of which is shown below. The
Classification record for 4.6.1+ contains the same fields as the Classification
Rul
e
UU
ID
Rule UUID cont.
Rule UUID cont.
Rule UUID cont.
Rule UUID cont.
Rule Revision UUID
Rule R
evision
UU
ID
Rule Revision UUID cont.
Rule Revision UUID cont.
Rule Revision UUID cont.
Rule Revision UUID cont.
Message...
Rule Message Record Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Generator ID
uint32
The generator identification number.
Rule ID
uint32
The rule identification number for the local
computer.
Rule
Revision
uint32
The rule revision number. This is currently set to
zero for all rule messages.
Rendered
Signature ID
uint32
The rule identification number rendered to the
Sourcefire 3D System interface.
Message
Length
uint16
The number of bytes included in the rule text.
UUID
uint8[16]
A rule ID number that acts as a unique identifier
for the rule.
Revision
UUID
uint8[16]
A rule revision ID number that acts as a unique
identifier for the revision.
Message
variable
Rule message that triggered the event.