Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
434
Data Structure Examples
Intrusion Event Data Structure Examples
Appendix A
In the preceding example, the following event information appears:
A. The first two bytes of the line indicate the standard header value of 1. The
second two bytes indicate that the message is a data message (message
type four).
B. This line indicates that the message that follows is 92 bytes long.
C. This line indicates a record type value of 67, which represents a classification
record.
D. This line indicates that the classification record that follows is 84 bytes long.
E. This line indicates that the Classification ID is 35.
F. The first two bytes of this line indicate that the classification name that
follows it is 15 bytes long. The second two bytes begin the classification
name itself, which, in this case, is “trojan-activity”.
G. The first byte in this line is a continuation of the classification name described
in F. The next two bytes in this line indicate that the classification description
that follows it is 29 bytes long. The remaining bye begin the classification
description, which, in this case, is “A Network Trojan was Detected.”
H. This line indicates the classification ID number that acts as a unique identifier
for the classification.
I.
This line indicates the classification revision ID number that acts as a unique
identifier for the classification revision, which is null because there are no
revisions to the classification.
Example of a Priority Record
The following example shows a sample priority record:
I
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
A
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0
B
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0
C
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0