Cisco Cisco Firepower Management Center 4000 개발자 가이드
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
640
Understanding Legacy Data Structures
Legacy Correlation Event Data Structures
Appendix B
The
Correlation Event 4.10.x Data Fields
table describes each data field in a
correlation event.
Source Host Type
Source VLAN ID
Source OS Fprt UUID
Source OS Fprt
Source OS Fingerprint UUID, continued
Source OS Fingerprint UUID, continued
Source OS Fingerprint UUID, continued
Source OS Fingerprint UUID, continued
Source Criticality
Source Criticality, cont
Source User ID
Source User ID, cont
Source Port
Source Server ID
Source Server ID, continued
Destination IP
Destination IP, continued
Dest. Host Type
Dest. VLAN ID
Destination OS Fingerprint UUID
Dest OS F
ingerprint
Destination OS Fingerprint UUID, continued
Destination OS Fingerprint UUID, continued
Destination OS Fingerprint UUID, continued
Destination OS Fingerprint UUID, continued
Dest. Criticality
Dest. User ID
Destination Port
Dest. Server ID
Dest. Server ID, continued
Blocked
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
2
2
2
3
2
4
2
5
2
6
2
7
2
8
2
9
3
0
3
1
Correlation Event 4.10.x Data Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Correlation
Block Type
uint32
Indicates a correlation event data block follows.
This field always has a value of 107.
Correlation
Block Length
uint32
Length of the correlation data block, which
includes 8 bytes for the correlation block type
and length plus the correlation data that follows.