Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The fields in the intrusion event (IPv4) record are shaded in the following graphic. The record type is 
207.

You request intrusion event records by setting the intrusion event flag or the extended requests flag in 
the request message. See 

.

For version 5.0.x - 5.1 intrusion events, the event ID, the managed device ID, and the event second form 
a unique identifier.

Byt

e

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (207)

Record Length

eStreamer Server Timestamp (in events, only if bit 23 is set)

Reserved for Future Use (in events, only if bit 23 is set)

Device ID

Event ID

Event Second

Event Microsecond

Rule ID (Signature ID)

Generator ID

Rule Revision

Classification ID

Priority ID

Source IPv4 Address

Destination IPv4 Address

Source Port

Destination Port

IP Protocol ID

Impact Flags

Impact

Blocked

MPLS Label