Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
4-24
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
The following table describes the fields in the URL Reputation record.
Access Control Rule Reason Metadata
The eStreamer service transmits metadata containing information about the reason an access control rule
triggered an intrusion event or connection event within an Access Control Rule Reason record, the
format of which is shown below. Access control rule reason metadata is sent when the Version 4
metadata flag—bit 20 in the Request Flags field of a request message—is set. See
triggered an intrusion event or connection event within an Access Control Rule Reason record, the
format of which is shown below. Access control rule reason metadata is sent when the Version 4
metadata flag—bit 20 in the Request Flags field of a request message—is set. See
. Note that the Record Type field, which appears after the Message Length field, has a value
of
124
, indicating an Access Control Rule Reason record. It contains an Access Control Rule Reason
Block (as documented in
). The Access
Control Rule Reason data block is block type 21 in series 2.
Table 4-19
URL Reputation Record Fields
Field
Data Type
Description
URL Reputation ID uint32
ID number of the URL reputation.
Name Length
uint32
The number of bytes included in the name.
Name
string
The URL reputation name.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (124)
Record Length
Access Control Rule Reason Block Type (21)
Access Control Rule Block Length
Access Control Rule Reason
String Block Type (0)
String Block Type (0), cont.
String Block Length
String Block Length, cont.
Description...