Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
B-113
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy File Event Data Structures
File Event for 5.2.x
The file event contains information on files that are sent over the network. This includes the connection
information, whether the file is malware, and specific information to identify the file. The file event has
a block type of 32 in the series 2 group of blocks. It supersedes block type 23. New fields have been
added to track source and destination country, as well as the client and web application instances.
information, whether the file is malware, and specific information to identify the file. The file event has
a block type of 32 in the series 2 group of blocks. It supersedes block type 23. New fields have been
added to track source and destination country, as well as the client and web application instances.
The following graphic shows the structure of the File Event data block:
Protocol
uint8
IANA protocol number specified by the user. For example:
•
1
- ICMP
•
4
- IP
•
6
- TCP
•
17
- UDP
This is currently only TCP.
Access Control
Policy UUID
Policy UUID
uint8[16]
Unique identifier for the access control policy that triggered the
event.
event.
Table B-25
File Event Data Block Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
File Event Block Type (32)
File Event Block Length
Device ID
Connection Instance
Connection Counter
Connection Timestamp
File Event Timestamp
Source IP Address
Source IP Address, continued
Source IP Address, continued
Source IP Address, continued