Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
645
Understanding Legacy Data Structures
Legacy Correlation Event Data Structures
Appendix B
Event Data Mask Field Values
The
Event Defined Values
table describes each value in the Event Defined Mask.
Destination
OS
Fingerprint
UUID
uint8[16]
A fingerprint ID number that acts as a unique
identifier for the destination host’s operating
system.
See
See
on page 182 for information
about obtaining the values that map to the
fingerprint IDs.
Destination
Criticality
uint16
User-defined criticality value for the destination
host:
• 0 — None
• 0 — None
• 1 — Low
• 2 — Medium
• 3 — High
Destination
User ID
uint32
Identification number for the user logged into the
destination host, as identified by the system.
Destination
Port
uint16
Destination port in the event.
Destination
Server ID
uint32
Identification number for the server running on
the source host.
Blocked
uint8
Value indicating what happened to the packet
that triggered the intrusion event.
• 0 — Intrusion event not dropped
• 0 — Intrusion event not dropped
• 1 — Intrusion event was dropped (inline
mode, drop when inline is set)
• 2 — The packet that triggered the event would
have been dropped, if the intrusion policy had
been applied to a detection engine using an
inline interface set.
Correlation Event 4.10.x Data Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Event Defined Values
D
ESCRIPTION
M
ASK
V
ALUE
Event Impact Flags
0x00000001
IP Protocol
0x00000002