Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
11
Introduction
Major Changes in eStreamer Version 5.3
Chapter 1
Major Changes in eStreamer Version 5.3
If you are upgrading your Sourcefire 3D System deployment to Version 5.3,
please note the following changes, some of which may require you to update your
eStreamer client:
•
on page 77 for more information. Added the following data structures:
•
•
Added
on page 158 to provide
information on the dynamic analysis of files.
•
Added
on page 160 to provide
information about Indications of Compromise (IOCs).
•
Added
on page 158 to store information
about IOCs.
•
Replaced the following blocks:
•
•
Replaced
on page 388, which has new fields supporting
IOC information.
•
Replaced
on page 300, which has fields for
NetFlow support.
•
Replaced
on page 140, which has new fields supporting
IOC information.
•
Replaced
page 133, which has new fields supporting IOC information.
•
Replaced
on page 70, which has new fields supporting IOC
information.
Using this Guide
At the highest level, the eStreamer service is a mechanism for streaming data
from the Sourcefire 3D System to a requesting client. The service can stream the
following categories of data:
•
Intrusion event data and event extra data
•
Correlation (compliance) event data
•
Discovery event data
•
User event data
•
Metadata for events
•
Host information
•
Malware event data