Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

434

Data Structure Examples

Intrusion Event Data Structure Examples

Appendix A

In the preceding example, the following event information appears:

A. The first two bytes of the line indicate the standard header value of 1. The

second two bytes indicate that the message is a data message (message

type four).

B. This line indicates that the message that follows is 92 bytes long.

C. This line indicates a record type value of 67, which represents a classification

record.

D. This line indicates that the classification record that follows is 84 bytes long.

E. This line indicates that the Classification ID is 35.

F. The first two bytes of this line indicate that the classification name that

follows it is 15 bytes long. The second two bytes begin the classification

name itself, which, in this case, is “trojan-activity”.

G. The first byte in this line is a continuation of the classification name described

in F. The next two bytes in this line indicate that the classification description

that follows it is 29 bytes long. The remaining bye begin the classification

description, which, in this case, is “A Network Trojan was Detected.”

H. This line indicates the classification ID number that acts as a unique identifier

for the classification.

This line indicates the classification revision ID number that acts as a unique

identifier for the classification revision, which is null because there are no

revisions to the classification.

Example of a Priority Record

The following example shows a sample priority record:

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0