Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
3-52
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Access Control Policy Rule ID Metadata Block
The eStreamer service uses the Access Control Policy Rule ID metadata block to contain information
about access control policy rule IDs. This data block has a block type of 15 in series 2.
about access control policy rule IDs. This data block has a block type of 15 in series 2.
The following diagram shows the structure of the Access Control Policy Rule ID metadata block.
The following table describes the fields in the Access Control Policy Rule ID Metadata block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Access Control Policy Rule ID Metadata Block Type (15)
Access Control Policy Rule ID Metadata Block Length
Revision
Revision, continued
Revision, continued
Revision, continued
Rule ID
Name
String Block Type (0)
String Block Length
Name...
Table 3-32
Access Control Policy Rule ID Metadata Block Fields
Field
Data Type
Description
Access Control
Policy Rule ID
Metadata Block
Type
Policy Rule ID
Metadata Block
Type
uint32
Initiates a Access Control Policy Rule ID Metadata block. This
value is always
value is always
15
.
Access Control
Policy Rule ID
Metadata Block
Length
Policy Rule ID
Metadata Block
Length
uint32
Total number of bytes in the Access Control Policy Rule ID block,
including eight bytes for the Access Control Policy Rule ID
metadata block type and length fields, plus the number of bytes of
data that follows.
including eight bytes for the Access Control Policy Rule ID
metadata block type and length fields, plus the number of bytes of
data that follows.
Revision
uint8[16]
Revision number of the rule associated with the triggered
correlation event.
correlation event.
Rule ID
uint32
Internal identifier for the rule that triggered the event.
String Block Type
uint32
Initiates a String data block containing the descriptive name
associated with the access control policy rule. This value is always
associated with the access control policy rule. This value is always
0
.