Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
3-30
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Managed Device Record Metadata
The eStreamer service transmits metadata containing information on the managed device associated with
an intrusion event within a Managed Device record, the format of which is shown below. Managed
device metadata is sent when the Version 4 metadata flag—bit 20 in the Request Flags field of a request
message—is set. See
an intrusion event within a Managed Device record, the format of which is shown below. Managed
device metadata is sent when the Version 4 metadata flag—bit 20 in the Request Flags field of a request
message—is set. See
.) Note that the Record Type field, which appears after
the Message Length field, has a value of
123
, indicating a Managed Device record.
The following table describes the fields in the Managed Device record.
Malware Event Record 5.1.1+
The fields in the malware event record are shaded in the following graphic. The record type is 125.
You request malware event records by setting the malware event flag—bit 30 in the Request Flags
field—in the request message with an event version of
field—in the request message with an event version of
2
and an event code of
101
. See
. If you enable bit 23, an extended event header is included in the record. It contains a Malware
Event data block, one of block types 24, 33, 35, 44, or 47 in the series 2 set of data blocks.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (123)
Record Length
Device ID
Name Length
Name...
Table 3-17
Managed Device Record Fields
Field
Data Type
Description
Device ID
uint32
ID number of the managed device.
Name Length
uint32
The number of bytes included in the name.
Name
string
The managed device name.