Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Impact Flags

bits[8]

Impact flag value of the event. The low-order eight bits indicate the 
impact level. Values are:

0x01

 (bit 0) - Source or destination host is in a network monitored 

by the system.

0x02

 (bit 1) - Source or destination host exists in the network map.

0x04

 (bit 2) - Source or destination host is running a server on the 

port in the event (if TCP or UDP) or uses the IP protocol.

0x08

 (bit 3) - There is a vulnerability mapped to the operating 

system of the source or destination host in the event.

0x10

 (bit 4) - There is a vulnerability mapped to the server 

detected in the event.

0x20

 (bit 5) - The event caused the managed device to drop the 

session (used only when the device is running in inline, switched, 
or routed deployment). Corresponds to blocked status in the 
FireSIGHT System web interface.

0x40

 (bit 6) - The rule that generated this event contains rule 

metadata setting the impact flag to red. The source or destination 
host is potentially compromised by a virus, trojan, or other piece 
of malicious software.

0x80

 (bit 7) - There is a vulnerability mapped to the client detected 

in the event. (version 5.0+ only)

The following impact level values map to specific priorities on the 
Defense Center. An 

X

 indicates the value can be 

0

 or 

1

:

gray (0, unknown): 

00X00000

red (1, vulnerable): 

XXXX1XXX, XXX1XXXX, X1XXXXXX, 1XXXXXXX 

(version 5.0+ only)

orange (2, potentially vulnerable): 

00X0011X

yellow (3, currently not vulnerable): 

00X0001X

blue (4, unknown target): 

00X00001

Impact

uint8 

Impact flag value of the event. Values are:

1

 - Red (vulnerable)

2

 - Orange (potentially vulnerable)

3

 - Yellow (currently not vulnerable)

4

 - Blue (unknown target)

5

 - Gray (unknown impact)

Blocked

uint8 

Value indicating whether the event was blocked:

0

 - not blocked

1

 - blocked

2

 - would be blocked (but not permitted by configuration)