Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
B-21
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Intrusion Data Structures
Rule ID
(Signature ID)
(Signature ID)
uint32
Rule identification number that corresponds with the event.
Generator ID
uint32
Identification number of the FireSIGHT System preprocessor that
generated the event.
generated the event.
Rule Revision
uint32
Rule revision number.
Classification
ID
ID
uint32
Identification number of the event classification message.
Priority ID
uint32
Identification number of the priority associated with the event.
Source IP
Address
Address
uint8[16]
Source IPv4 or IPv6 address used in the event.
Destination IP
Address
Address
uint8[16]
Destination IPv4 or IPv6 address used in the event.
Source Port or
ICMP Type
ICMP Type
uint16
The source port number if the event protocol type is TCP or UDP, or
the ICMP type if the event is caused by ICMP traffic.
the ICMP type if the event is caused by ICMP traffic.
Destination Port
or ICMP Code
or ICMP Code
uint16
The destination port number if the event protocol type is TCP or UDP,
or the ICMP code if the event is caused by ICMP traffic.
or the ICMP code if the event is caused by ICMP traffic.
IP Protocol
Number
Number
uint8
IANA-specified protocol number. For example:
•
0
- IP
•
1
- ICMP
•
6
- TCP
•
17
- UDP
Table B-4
Intrusion Event Record 5.3 Fields (continued)
Field
Data Type
Description