Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
B-30
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Intrusion Data Structures
The following table describes each data field in an impact event.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (9)
Record Length
Intrusion Impact Alert Block Type (20)
Intrusion Impact Alert Block Length
Event ID
Device ID
Event Second
Impact
Source IP Address
Destination IP Address
Impact
Description
String Block Type (0)
String Block Length
Description...
Table B-6
Impact Event Data Fields
Field
Data Type
Description
Intrusion Impact
Alert Block Type
Alert Block Type
uint32
Indicates that an intrusion impact alert data block follows. This
field will always have a value of
field will always have a value of
20
. See
Intrusion Impact
Alert Block Length
Alert Block Length
uint32
Indicates the length of the intrusion impact alert data block,
including all data that follows and 8 bytes for the intrusion impact
alert block type and length.
including all data that follows and 8 bytes for the intrusion impact
alert block type and length.
Event ID
uint32
Indicates the event identification number.
Device ID
uint32
Indicates the managed device identification number.
Event Second
uint32
Indicates the second (from 01/01/1970) that the event was detected.