Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
3-54
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
ICMP Code Data Block
The eStreamer service uses the ICMP Code data block to contain information about access control policy
rule IDs. This data block has a record type of 270, and block type of 20 in series 2.
rule IDs. This data block has a record type of 270, and block type of 20 in series 2.
The following diagram shows the structure of the Access Control Policy Rule ID metadata block.
Protocol
uint16
IANA-specified protocol number. For example:
•
0
- IP
•
1
- ICMP
•
6
- TCP
•
17
- UDP
String Block Type
uint32
Initiates a String data block containing the description of the ICMP
type. This value is always
type. This value is always
0
.
String Block
Length
Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus the
number of bytes in the Description field.
including eight bytes for the block type and header fields plus the
number of bytes in the Description field.
Description
string
Description of the ICMP type for the event.
Table 3-33
ICMP Type Data Block Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (270)
ICMP Code Data Block Type (20)
ICMP Code Data Block Length
Code
Type
Description
Protocol
String Block Type (0)
String Block Type (0), continued
String Block Length
String Block Length, continued
Description...