Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
502
Understanding Legacy Data Structures
Legacy Malware Event Data Structures
Appendix B
String Block Type
uint32
Initiates a String data block containing
the file SHA hash. This value is always
0.
String Block Length
uint32
The number of bytes included in the
File SHA Hash String data block,
including eight bytes for the block type
and header fields plus the number of
bytes in the File SHA Hash field.
File SHA Hash
string
The rendered string of the SHA-256
hash value of the detected or
quarantined file.
File Size
uint32
The size in bytes of the detected or
quarantined file.
File Type
uint8
The file type of the detected or
quarantined file.
File Timestamp
uint32
UNIX timestamp (seconds since 01/01/
1970) of the creation of the detected or
quarantined file.
String Block Type
uint32
Initiates a String data block containing
the parent file name. This value is
always 0.
String Block Length
uint32
The number of bytes included in the
Parent File Name String data block,
including eight bytes for the block type
and header fields plus the number of
bytes in the Parent File Name field.
Parent File Name
string
The name of the file accessing the
detected or quarantined file when
detection occurred.
String Block Type
uint32
Initiates a String data block containing
the parent file SHA hash. This value is
always 0.
String Block Length
uint32
The number of bytes included in the
Parent File SHA Hash String data block,
including eight bytes for the block type
and header fields plus the number of
bytes in the Parent File SHA Hash field.
Malware Event Data Block for 5.1.1.x Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION