Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

The fields in the intrusion event (IPv6) record are shaded in the following graphic. The record type is 
208.

You request intrusion event records by setting the intrusion event flag or the extended requests flag in 
the request message. See 

.

For version 5.0.x - 5.1 intrusion events, the event ID, the managed device ID, and the event second form 
a unique identifier.

Blocked

uint8 

Value indicating whether the event was blocked:

0

 - not blocked

1

 - blocked

2

 - would be blocked (but not permitted by configuration)

MPLS Label

uint32 

MPLS label.

VLAN ID

uint16

Indicates the ID of the VLAN where the packet originated.

Pad

uint16

Reserved for future use.

Policy UUID

uint8[16]

A policy ID number that acts as a unique identifier for the intrusion 
policy.

User ID

uint32

The internal identification number for the user, if applicable.

Web 
Application ID

uint32

The internal identification number for the web application, if 
applicable.

Client 
Application ID

uint32

The internal identification number for the client application, if 
applicable.

Application 
Protocol ID

uint32

The internal identification number for the application protocol, if 
applicable.

Access Control 
Rule ID

uint32

A rule ID number that acts as a unique identifier for the access control 
rule.

Access Control 
Policy UUID

uint8[16]

A policy ID number that acts as a unique identifier for the access 
control policy.

Ingress Interface 
UUID

uint8[16]

An interface ID number that acts as a unique identifier for the ingress 
interface.

Egress Interface 
UUID

uint8[16]

An interface ID number that acts as a unique identifier for the egress 
interface.

Ingress Security 
Zone UUID

uint8[16]

A zone ID number that acts as a unique identifier for the ingress 
security zone.

Egress Security 
Zone UUID

uint8[16]

A zone ID number that acts as a unique identifier for the egress 
security zone.