Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
478
Understanding Legacy Data Structures
Legacy Intrusion Data Structures
Appendix B
Intrusion Event Record 5.2.x
The fields in the intrusion event record are shaded in the following graphic. The
record type is 400 and the block type is 34.
You can request 5.2.x intrusion events from eStreamer only by extended request,
You can request 5.2.x intrusion events from eStreamer only by extended request,
for which you request event type code 12 and version code 5 in the Stream
Request message (see
information about submitting extended requests).
For version 5.2.x intrusion events, the event ID, the managed device ID, and the
For version 5.2.x intrusion events, the event ID, the managed device ID, and the
event second form a unique identifier. The connection second, connection
instance, and connection counter together form a unique identifier for the
connection event associated with the intrusion event.
Ingress
Security Zone
UUID
uint8[16]
A zone ID number that acts as a unique identifier
for the ingress security zone.
Egress
Security Zone
UUID
uint8[16]
A zone ID number that acts as a unique identifier
for the egress security zone.
Intrusion Event (IPv6) Record Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (400)
Record Length
eStreamer Server Timestamp (in events, only if bit 23 is set)
Reserved for Future Use (in events, only if bit 23 is set)
Block Type (34)
Block Length
Device ID
Event ID
Event Second