Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Both series 2 and series 1 blocks include a set of primitives that are used to encapsulate lists of 
variable-length blocks as well as variable-length strings and BLOBs within messages. These primitive 
blocks have the standard eStreamer block header discussed above in 

, but 

they appear only within other data blocks. Any number can be included in a given block type. For details 
on the structure of these blocks, see the following:

38

File Event

Legacy

Contains information on file events, such as the source, 
SHA hash, and the disposition of the file. See 

. It deprecates block 32. Deprecated by 

block 43, 

.

39

IOC Name Data 
Block

Current

Contains information about IOCs. See 

40

File Event SHA 
Hash

Current

Contains the SHA hash and name of files that have been 
identified as containing malware. See 

. Deprecates block 26, 

41

Intrusion Event

Legacy

Contains information on intrusion events, including 
information to match intrusion events with IOCs. See 

. Deprecates block 

34. Deprecated by block 42, 

42

Intrusion Event

Current

Contains information on intrusion events, including 
information to match intrusion events with IOCs. See 

. Deprecates block 

41, 

.

43

File Event

Current

Contains information on file events, such as the source, 
SHA hash, and the disposition of the file. See 

. Deprecates block 38, 

.

44

Malware Event

Current

Contains information on malware events, including IOC 
information. See 

. Deprecates block 35,