Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
137
Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Chapter 3
Disposition
uint8
The malware status of the file. Possible
values include:
•
•
1
— CLEAN — The file is clean and does
not contain malware.
•
2
— UNKNOWN — It is unknown
whether the file contains malware.
•
3
— MALWARE — The file contains
malware.
•
4
— UNAVAILABLE — The software was
unable to send a request to the
Sourcefire cloud for a disposition, or the
Sourcefire cloud services did not respond
to the request.
•
5
— CUSTOM SIGNATURE — The file
matches a user-defined hash, and is
treated in a fashion designated by the
user.
SPERO
Disposition
uint8
Indicates whether the SPERO signature
was used in file analysis. If the value is
1
,
2
,
or
3
, SPERO analysis was used. If there is
any other value SPERO analysis was not
used.
File Storage
Status
uint8
The storage status of the file. Possible
values are:
•
1
— File Stored
•
2
— File Stored
•
3
— Unable to Store File
•
4
— Unable to Store File
•
5
— Unable to Store File
•
6
— Unable to Store File
•
7
— Unable to Store File
•
8
— File Size is Too Large
•
9
— File Size is Too Small
•
10
— Unable to Store File
•
11
— File Not Stored, Disposition
Unavailable
File Event Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION