Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The following table describes the fields in the Access Control Rule ID data block.

The IOC State data block provides information about an Indication of Compromise (IOC). It is block 
type of 150 in series 1. It is used by the host tracker to store information about a compromise on a host. 
The following diagram shows the structure of an IOC State data block:

Access Control Rule 
Reason Block Type

uint32

Initiates an Access Control Rule Reason block. This value is 
always 

21

. This is a series 2 data block.

Access Control Rule 
Reason Block Length

uint32

Total number of bytes in the Access Control Rule Reason 
block, including eight bytes for the Access Control Rule 
Reason block type and length fields, plus the number of bytes 
of data that follows.

Access Control Rule 
Reason

uint16

The reason the Access Control rule logged the connection.

String Block Type

uint32

Initiates a String data block containing the descriptive name 
associated with the access control rule reason. This value is 
always 

0

.

String Block Length

uint32

The number of bytes included in the name String data block, 
including eight bytes for the block type and header fields plus 
the number of bytes in the Description field.

Description

string

Description of the Access Control rule reason.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

IOC State Block Type (150)

IOC State Block Length

IOC ID Number

Disabled

First Seen

First Seen, continued

First Event ID

First Event ID, cont.

First Device ID

First Device ID, cont.

First Instance ID

First Connection Time

First Connection Time, cont.

First Counter

First Counter, cont.

Last Seen

Last Seen, cont.

Last Event ID