Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
191
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
The
Intrusion Policy Name Data Block Fields
table describes the fields in the
Intrusion Policy Name data block.
Access Control Rule Action Record Metadata
The eStreamer service transmits metadata containing the action associated with
a triggered access control rule within an Access Control Rule Action record, the
format of which is shown below. (Access Control Rule Action information is sent
when the version 4 metadata flag—bit 20 in the Request Flags field of a request
message—is set. See
on page 30.) Note that the Access Control
Rule Action record field, which appears after the Message Length field, has a
value of 120, indicating an Access Control Rule Action record.
Intrusion Policy Name Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Intrusion Policy
Name Data
Block Type
uint32
Initiates an Intrusion Policy Name data block.
This value is always 14. The block type is a
series 2 block.
Intrusion Policy
Name Data
Block Length
uint32
Length of the data block. Includes the number
of bytes of data plus the 8 bytes in the two
data block header fields.
Intrusion Policy
UUID
uint8[16]
The unique identifier for the intrusion policy
associated with the connection event.
String Block
Type
uint32
Initiates a String data block containing the
name of the intrusion policy. This value is
always 0.
String Block
Length
uint32
The number of bytes included in the intrusion
policy name String data block, including eight
bytes for the block type and header fields plus
the number of bytes in the intrusion policy
name.
Intrusion Policy
Name
string
The intrusion policy name.