Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The file event contains information on files that are sent over the network. This includes the connection 
information, whether the file is malware, and specific information to identify the file. The file event has 
a block type of 38 in the series 2 group of blocks. It supersedes block type 32. New fields have been 
added to track dynamic file analysis and file storage.

You request file event records by setting the file event flag—bit 30 in the Request Flags field—in the 
request message with an event version of 3 and an event code of 111. See 

. If 

you enable bit 23, an extended event header is included in the record.

The following graphic shows the structure of the File Event data block.

Protocol

uint8

IANA protocol number specified by the user. For example:

1

 - ICMP

4

 - IP

6

 - TCP

17

 - UDP

This is currently only TCP.

Access Control 
Policy UUID

uint8[16]

Unique identifier for the access control policy that triggered the 
event.

Source Country

uint16

Code for the country of the source host.

Destination 
Country

uint16

Code for the country of the destination host.

Web Application 
ID

uint32

The internal identification number for the web application, if 
applicable.

Client 
Application ID

uint32

The internal identification number for the client application, if 
applicable.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

File Event Block Type (38)

File Event Block Length

Device ID

Connection Instance

Connection Counter

Connection Timestamp

File Event Timestamp