Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The following table describes the fields in the Intrusion Policy Name data block.

The eStreamer service transmits metadata containing the action associated with a triggered access 
control rule within an Access Control Rule Action record, the format of which is shown below. (Access 
Control Rule Action information is sent when the version 4 metadata flag—bit 20 in the Request Flags 
field of a request message—is set. See 

.) Note that the Access Control Rule 

Action record field, which appears after the Message Length field, has a value of 

120

, indicating an 

Access Control Rule Action record.

Intrusion Policy UUID, continued

Intrusion Policy UUID, continued

Intrusion Policy UUID, continued

String Block Type (0)

String Block Length

Intrusion Policy Name...

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Intrusion Policy Name 
Data Block Type

uint32

Initiates an Intrusion Policy Name data block. This value is 
always 

14

. The block type is a series 2 block.

Intrusion Policy Name 
Data Block Length

uint32

Length of the data block. Includes the number of bytes of data 
plus the 8 bytes in the two data block header fields.

Intrusion Policy UUID

uint8[16]

The unique identifier for the intrusion policy associated with 
the connection event.

String Block Type

uint32

Initiates a String data block containing the name of the 
intrusion policy. This value is always 

0

.

String Block Length

uint32

The number of bytes included in the intrusion policy name 
String data block, including eight bytes for the block type and 
header fields plus the number of bytes in the intrusion policy 
name.

Intrusion Policy Name

string

The intrusion policy name.