Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

133

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

The 

 table describes the fields in the IP 

Reputation Category Data Block.

File Event for 5.3+

The file event contains information on files that are sent over the network. This 

includes the connection information, whether the file is malware, and specific 

information to identify the file. The file event has a block type of 38 in the series 2 

group of blocks. It supersedes block type 32. New fields have been added to track 

dynamic file analysis and file storage.
You request file event records by setting the file event flag—bit 30 in the Request 

Flags field—in the request message with an event version of 3 and an event code 

of 111. See 

 on page 30. If you enable bit 23, an extended event 

header is included in the record.

IP Reputation Category Data Block Fields 

IP Reputation 

Category Data 

Block Type

uint32

Initiates a IP Reputation Category data block. 

This value is always 22.

IP Reputation 

Category Data 

Block Length

uint32

Total number of bytes in the IP Reputation 

Category data block, including eight bytes for 

the IP Reputation Category data block type 

and length fields, plus the number of bytes of 

data that follows. 

Rule ID

uint32

Internal identifier for the rule that triggered the 

event.

Policy UUID

uint8[16]

UUID of the policy that triggered the event.

String Block 

Type

uint32

Initiates a String data block containing the 

description of the IP Reputation Category. This 

value is always 0.

String Block 

Length

uint32

The number of bytes included in the Category 

Name String data block, including eight bytes 

for the block type and header fields plus the 

number of bytes in the Category Name field.

Category Name

string

Name of the category for the rule.