Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

505

Understanding Legacy Data Structures

Legacy Malware Event Data Structures

Appendix B

Malware Event Data Block 5.2.x

The eStreamer service uses the malware event data block to store information on 

malware events. These events contain information on malware detected or 

quarantined within a cloud, the detection method, and hosts and users affected 

by the malware. The malware event data block has a block type of 33 in the series 

2 group of blocks. You request the event as part of the malware event record by 

setting the malware event flag—bit 30 in the request flags field—in the request 

message with an event version of 3 and an event code of 101. 
The following graphic shows the structure of the malware event data block:

Source Port

uint16

Port number for the source of the 

connection.

Destination Port

uint16

Port number for the destination of the 

connection.

Malware Event Data Block for 5.1.1.x Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Malware Event Block Type (33)

Malware Event Block Length

Agent UUID

Agent UUID, continued

Agent UUID, continued

Agent UUID, continued

Cloud UUID

Cloud UUID, continued

Cloud UUID, continued

Cloud UUID, continued

Malware Event Timestamp

Event Type ID