Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
637
Understanding Legacy Data Structures
Legacy Correlation Event Data Structures
Appendix B
Event Data Mask Field Values
The
Event Defined Values
table describes each Event Defined Mask value.
Destination
Criticality
uint16
User-defined criticality value for the destination
host:
• 0 — None
• 0 — None
• 1 — Low
• 2 — Medium
• 3 — High
Destination
User ID
uint32
Identification number for the user logged into the
destination host, as identified by the system.
Destination
Port
uint16
Destination port in the event.
Destination
Server ID
uint32
Identification number for the server running on
the source host.
Correlation Event Data 4.8.0.2 - 4.9.1.x Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Event Defined Values
D
ESCRIPTION
M
ASK
V
ALUE
Event Impact Flags
0x00000001
IP Protocol
0x00000002
Network Protocol
0x00000004
Source IP
0x00000008
Source Host Type
0x00000010
Source VLAN ID
0x00000020
Source Fingerprint ID
0x00000040
Source Criticality
0x00000080
Source Port
0x00000100
Source Server
0x00000200