Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

619

Understanding Legacy Data Structures

Legacy File Event Data Structures

Appendix B

Legacy File Event Data Structures

The following topics describe other legacy file event data structures:

File Event for 5.1.1.x

The file event contains information on files that are sent over the network. This 

includes the connection information, whether the file is malware, and specific 

information to identify the file. The file event has a block type of 23 in the series 2 

group of blocks.
The following graphic shows the structure of the File Event data block.:

Security 

Intelligence 

Source/ 

Destination

uint8

Whether the source or destination IP address 

matched the IP blacklist.

Security 

Intelligence 

Layer

uint8

The IP layer that matched the IP blacklist.

File Event 

Count

uint16

Value used to distinguish between file events 

that happen during the same second.

Intrusion Event 

Count

uint16

Value used to distinguish between intrusion 

events that happen during the same second.

Connection Statistics Data Block 5.1.1.x Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

File Event Block Type (23)

File Event Block Length

Device ID

Connection Instance

Connection Counter

Connection Timestamp