Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
3-34
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Malware Event Subtype Metadata
The eStreamer service transmits metadata containing malware event subtype information for an event
within a malware event subtype record, the format of which is shown below. (Malware event type
information is sent when the metadata flag, bit 20 in the request flags field of a request message, is set.
See
within a malware event subtype record, the format of which is shown below. (Malware event type
information is sent when the metadata flag, bit 20 in the request flags field of a request message, is set.
See
.) Note that the record type field, which appears after the message length
field, has a value of
129
, indicating a malware event subtype record.
The following table describes the fields in the malware event subtype record.
FireAMP Detector Type Metadata
The eStreamer service transmits metadata containing FireAMP detector type information for an event
within a FireAMP Detector Type record, the format of which is shown below. (FireAMP detector type
information is sent when one of the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a
request message—is set. See
within a FireAMP Detector Type record, the format of which is shown below. (FireAMP detector type
information is sent when one of the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a
request message—is set. See
.) Note that the Record Type field, which appears
after the Message Length field, has a value of
130
, indicating a FireAMP detector type record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (129)
Record Length
Malware Event Subtype ID
Malware Event Subtype Length
Malware Event Subtype...
Table 3-21
Malware Event Subtype Record Fields
Field
Data Type
Description
Malware Event Subtype ID
uint32
The malware event subtype ID number.
Malware Event Subtype Length
uint32
The number of bytes included in the malware event
subtype.
subtype.
Malware Event Subtype
string
The malware event subtype.