Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

420

Configuring eStreamer

Configuring the eStreamer Reference Client

Chapter 6

In all event types, prior to version 5.x, the reference client labels 

detection engine ID

 fields as 

sensor ID

.

Creating a Certificate for the Perl Reference Client

: Any

Before you can use the Perl reference client, you need to create a certificate on 

the Defense Center or Device for the computer where you want to run the client. 

You then download the certificate file to the client computer and use it to create a 

certificate (

server.crt

) and RSA key file (

server.key

).

$FLAG_POLICY_EVENTS_4

19

Version 4 correlation events

$FLAG_METADATA_4

20

Version 4 metadata

$FLAG_RUA

21

User activity events

$FLAG_POLICY_EVENTS_5

22

Version 5 correlation events

$FLAGS_SEND_ARCHIVE_ 

TIMESTAMP

23

Extended event headers that 

include the timestamp applied 

when the event was archived for 

eStreamer server to process

$FLAG_RNA_EVENTS_5 

24

Version 5 discovery events

$FLAG_RNA_EVENTS_6

25

Version 6 discovery events

$FLAG_RNA_FLOW_5

26

Version 5 connection data

$FLAG_EXTRA_DATA

27

Intrusion event extra data record

$FLAG_RNA_EVENTS_7

28

Version 7 discovery events

$FLAG_POLICY_EVENTS_6

29

Version 6 correlation events

$FLAG_DETAIL_REQUEST

30

Extended request to eStreamer

Request Flag Variables Used in Sample Scripts (Continued)