Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
3-64
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Malware Event Data Block 5.3.1+
The eStreamer service uses the malware event data block to store information on malware events. These
events contain information on malware detected or quarantined within a cloud, the detection method, and
hosts and users affected by the malware. The malware event data block has a block type of 44 in the
series 2 group of blocks. It supersedes block 35. You request the event as part of the malware event record
by setting the malware event flag—bit 30 in the request flags field—in the request message with an event
version of 5 and an event code of 101.
events contain information on malware detected or quarantined within a cloud, the detection method, and
hosts and users affected by the malware. The malware event data block has a block type of 44 in the
series 2 group of blocks. It supersedes block 35. You request the event as part of the malware event record
by setting the malware event flag—bit 30 in the request flags field—in the request message with an event
version of 5 and an event code of 101.
The following graphic shows the structure of the malware event data block:
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Malware Event Block Type (44)
Malware Event Block Length
Agent UUID
Agent UUID, continued
Agent UUID, continued
Agent UUID, continued
Cloud UUID
Cloud UUID, continued
Cloud UUID, continued
Cloud UUID, continued
Malware Event Timestamp
Event Type ID
Event Subtype ID
Detection Name
Detector ID
String Block Type (0)
String Block Type (0),
cont.
String Block Length
String Block Length,
cont.
Detection Name...
User
String Block Type (0)
String Block Length
User...