Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The eStreamer service transmits metadata containing malware event subtype information for an event 
within a malware event subtype record, the format of which is shown below. (Malware event type 
information is sent when the metadata flag, bit 20 in the request flags field of a request message, is set. 
See 

.) Note that the record type field, which appears after the message length 

field, has a value of 

129

, indicating a malware event subtype record.

The following table describes the fields in the malware event subtype record.

The eStreamer service transmits metadata containing FireAMP detector type information for an event 
within a FireAMP Detector Type record, the format of which is shown below. (FireAMP detector type 
information is sent when one of the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a 
request message—is set. See 

.) Note that the Record Type field, which appears 

after the Message Length field, has a value of 

130

, indicating a FireAMP detector type record.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (129)

Record Length

Malware Event Subtype ID

Malware Event Subtype Length

Malware Event Subtype...

Malware Event Subtype ID

uint32

The malware event subtype ID number.

Malware Event Subtype Length

uint32

The number of bytes included in the malware event 
subtype.

Malware Event Subtype

string

The malware event subtype.