Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

Understanding the eStreamer Application Protocol

Event Data Message Format

Chapter 2

To request only data compatible with Sourcefire 3D 3.2 (including intrusion

events, packets, metadata, impact alerts, policy violation events, and version 2.0

events), use the following:

To request intrusion impact alerts, correlation events, discovery events,

connection events, and intrusion events of type 7 with packets and version 3

metadata in Defense Center 4.6.1+ format, use the following:

Event Data Message Format

The eStreamer service transmits event data and related metadata to clients when

it receives an event request. Event data messages have a message type of 3.

Each message contains a single data record with either event data or metadata.
Note that type 3 messages carry only event data and metadata. eStreamer

transmits host information in type 6 (single-host) and type 7 (multiple-host)

messages. See

Host Data and Multiple Host Data Message Format

on page 51

for information on host message formats.

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0

0 0 1 1 1 1 1 0 1 1 1 1 1 1 1 1 1 0 1 0 1 1 1 0 1 1 0 1 0 0 0 1

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1

Flag Bit

30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0