Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
B-20
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Intrusion Data Structures
The following table describes each intrusion event record data field.
Interface Egress UUID, continued
Interface Egress UUID, continued
Interface Egress UUID, continued
Security Zone Ingress UUID
Security Zone Ingress UUID, continued
Security Zone Ingress UUID, continued
Security Zone Ingress UUID, continued
Security Zone Egress UUID
Security Zone Egress UUID, continued
Security Zone Egress UUID, continued
Security Zone Egress UUID, continued
Connection Timestamp
Connection Instance ID
Connection Counter
Source Country
Destination Country
IOC Number
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table B-4
Intrusion Event Record 5.3 Fields
Field
Data Type
Description
Block Type
unint32
Initiates an Intrusion Event data block. This value is always
34
.
Block Length
unint32
Total number of bytes in the Intrusion Event data block, including
eight bytes for the Intrusion Event block type and length fields, plus
the number of bytes of data that follows.
eight bytes for the Intrusion Event block type and length fields, plus
the number of bytes of data that follows.
Device ID
unit32
Contains the identification number of the detecting managed device.
You can obtain the managed device name by requesting Version 3 or 4
metadata. See
You can obtain the managed device name by requesting Version 3 or 4
metadata. See
information.
Event ID
uint32
Event identification number.
Event Second
uint32
UNIX timestamp (seconds since 01/01/1970) of the event’s detection.
Event
Microsecond
Microsecond
uint32
Microsecond (one millionth of a second) increment of the timestamp
of the event’s detection.
of the event’s detection.