Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

83

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

The 

 table describes each rule-specific field.

Classification Record for 4.6.1+

The eStreamer service transmits the classification information for an event in a 

Classification record for 4.6.1+, the format of which is shown below. The 

Classification record for 4.6.1+ contains the same fields as the Classification 

Rul

e

UU

ID

Rule UUID cont.

Rule UUID cont.

Rule UUID cont.

Rule UUID cont.

Rule Revision UUID

Rule R

evision

UU

ID

Rule Revision UUID cont.

Rule Revision UUID cont.

Rule Revision UUID cont.

Rule Revision UUID cont.

Message...

Rule Message Record Fields 

Generator ID

uint32

The generator identification number.

Rule ID

uint32

The rule identification number for the local 

computer.

Rule 

Revision

uint32

The rule revision number. This is currently set to 

zero for all rule messages.

Rendered 

Signature ID

uint32

The rule identification number rendered to the 

Sourcefire 3D System interface.

Message 

Length

uint16

The number of bytes included in the rule text.

UUID

uint8[16]

A rule ID number that acts as a unique identifier 

for the rule.

Revision 

UUID

uint8[16]

A rule revision ID number that acts as a unique 

identifier for the revision.

Message

variable

Rule message that triggered the event.