Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
88
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
The
table describes the fields in the Correlation Rule
record.
Correlation Rule Re
vision UUID
Correlation Rule Revision UUID, continued
Correlation Rule Revision UUID, continued
Correlation Rule Revision UUID, continued
Correlation Rule Revision UUID, continued.
Whitelist Rule UUID
Whte
list Rule UU
ID
Whitelist Rule UUID, continued
Whitelist Rule UUID, continued
Whitelist Rule UUID, continued
Whitelist Rule UUID, continued
Correlation Rule Record Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Correlation Rule
ID
uint32
The correlation rule ID number.
Name Length
uint16
The number of bytes included in the
correlation rule name.
Name
string
The name of the correlation rule that triggered
the event.
Description
Length
uint16
The number of bytes included in the
correlation rule description.
Description
string
The description of the correlation rule that
triggered the event.
Event Type
Length
uint16
The number of bytes included in the event
type description.
Event Type
string
The description of the event that triggered the
correlation rule.
UUID
uint8[16]
A correlation rule ID number that acts as a
unique identifier for the correlation rule.