Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

96

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

Access Control Policy Name Record

The eStreamer service transmits metadata on the name of the access control 

policy that triggered an intrusion event or connection event within an Access 

Control Policy Name record, the format of which is shown below. (Access control 

policy name information is sent when the Version 4 metadata flag—bit 20 in the 

Request Flags field of a request message—is set. See 

page 30.) Note that the Record Type field, which appears after the Message 

Length field, has a value of 117, indicating an Access Control Policy Name record.

String Block 

Length

uint32

The number of bytes included in the interface 

name String data block, including eight bytes 

for the block type and header fields plus the 

number of bytes in the interface name.

Interface Name

string

The interface name.

Interface Name Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (117)

Record Length

Access Control Policy Name Data Block (14)

Access Control Policy Name Data Block Length

Access Control Policy UUID

String Block Type (0)

String Block Length

Access Control Policy Name...