Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
4-22
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
The following table describes the fields in the Access Control Rule Action record.
URL Category Record Metadata
The eStreamer service transmits metadata containing the category name associated with a URL in a
connection log within a URL Category record, the format of which is shown below. (URL category
information is sent when the version 4 metadata flag—bit 20 in the Request Flags field of a request
message—is set. See
connection log within a URL Category record, the format of which is shown below. (URL category
information is sent when the version 4 metadata flag—bit 20 in the Request Flags field of a request
message—is set. See
.) Note that the record field, which appears after the
Message Length field, has a value of
121
, indicating a URL Category record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (120)
Record Length
Access Control Rule Action ID
Name Length
Name...
Table 4-17
Access Control Rule Action Record Fields
Field
Data Type
Description
Access Control Rule Action ID
uint32
ID number of the access control rule action.
Name Length
uint32
The number of bytes included in the name.
Name
string
The firewall rule action name.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (121)
Record Length
URL Category ID