Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
3-13
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
The following table describes each data field in an impact event.
Impact
Description
String Block Type (0)
String Block Length
Description...
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table 3-5
Impact Event Data Fields
Field
Data Type
Description
Intrusion Impact
Alert Block Type
Alert Block Type
uint32
Indicates that an intrusion impact alert data block follows. This
field will always have a value of
field will always have a value of
20
. See
Intrusion Impact
Alert Block Length
Alert Block Length
uint32
Indicates the length of the intrusion impact alert data block,
including all data that follows and 8 bytes for the intrusion impact
alert block type and length.
including all data that follows and 8 bytes for the intrusion impact
alert block type and length.
Event ID
uint32
Indicates the event identification number.
Device ID
uint32
Indicates the managed device identification number.
Event Second
uint32
Indicates the second (from 01/01/1970) that the event was detected.