Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The eStreamer service uses the malware event data block to store information on malware events. These 
events contain information on malware detected or quarantined within a cloud, the detection method, and 
hosts and users affected by the malware. The malware event data block has a block type of 24 in the 
series 2 group of blocks. You request the event as part of the malware event record by setting the malware 
event flag—bit 30 in the request flags field—in the request message with an event version of 2 and an 
event code of 101. 

The following graphic shows the structure of the malware event data block:

String  Block  Length

uint32

The number of bytes included in the Event Description String 
data block, including eight bytes for the block type and 
header fields plus the number of bytes in the Event 
Description field.

Event Description

string

The additional event information associated with the event 
type.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Malware Event Block Type (24)

Malware Event Block Length

Agent UUID

Agent UUID, continued

Agent UUID, continued

Agent UUID, continued

Cloud UUID

Cloud UUID, continued

Cloud UUID, continued

Cloud UUID, continued

Malware Event Timestamp

Event Type ID

Event Subtype ID

Host IP Address