Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
501
Understanding Legacy Data Structures
Legacy Malware Event Data Structures
Appendix B
String Block Length
uint32
The number of bytes included in the
Detection Name String data block,
including eight bytes for the block type
and header fields plus the number of
bytes in the Detection Name field.
Detection Name
string
The name of the detected or
quarantined malware.
String Block Type
uint32
Initiates a String data block containing
the username. This value is always 0.
String Block Length
uint32
The number of bytes included in the
User String data block, including eight
bytes for the block type and header
fields plus the number of bytes in the
User field.
User
string
The user of the computer where the
Sourcefire Agent is installed and where
the malware event occurred. Note that
these users are not tied to user
discovery.
String Block Type
uint32
Initiates a String data block containing
the file name. This value is always 0.
String Block Length
uint32
The number of bytes included in the
File Name String data block, including
eight bytes for the block type and
header fields plus the number of bytes
in the File Name field.
File Name
string
The name of the detected or
quarantined file.
String Block Type
uint32
Initiates a String data block containing
the file path. This value is always 0.
String Block Length
uint32
The number of bytes included in the
File Path String data block, including
eight bytes for the block type and
header fields plus the number of bytes
in the File Path field.
File Path
string
The file path, not including the file
name, of the detected or quarantined
file.
Malware Event Data Block for 5.1.1.x Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION