Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

645

Understanding Legacy Data Structures

Legacy Correlation Event Data Structures

Appendix B

Event Data Mask Field Values

The 

 table describes each value in the Event Defined Mask.

Destination 

OS 

Fingerprint 

UUID

uint8[16]

A fingerprint ID number that acts as a unique 

identifier for the destination host’s operating 

system.
See 

 on page 182 for information 

about obtaining the values that map to the 

fingerprint IDs.

Destination 

Criticality

uint16

User-defined criticality value for the destination 

host:
• 0 — None

• 1 — Low

• 2 — Medium

• 3 — High

Destination 

User ID

uint32

Identification number for the user logged into the 

destination host, as identified by the system.

Destination 

Port

uint16

Destination port in the event.

Destination 

Server ID

uint32

Identification number for the server running on 

the source host.

Blocked

uint8

Value indicating what happened to the packet 

that triggered the intrusion event.
• 0 — Intrusion event not dropped

• 1 — Intrusion event was dropped (inline 

mode, drop when inline is set)

• 2 — The packet that triggered the event would 

have been dropped, if the intrusion policy had 

been applied to a detection engine using an 

inline interface set.

Correlation Event 4.10.x Data Fields (Continued)

Event Defined Values 

Event Impact Flags

0x00000001

IP Protocol

0x00000002