Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

99

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

Managed Device Record Metadata

The eStreamer service transmits metadata containing information on the 

managed device associated with an intrusion event within a Managed Device 

record, the format of which is shown below. Managed device metadata is sent 

when the Version 4 metadata flag—bit 20 in the Request Flags field of a request 

message—is set. See 

 on page 30.) Note that the Record Type 

field, which appears after the Message Length field, has a value of 123, indicating 

a Managed Device record.

String Block 

Type

uint32

Initiates a String data block containing the 

name of the access control rule. This value is 

always 0.

String Block 

Length

uint32

The number of bytes included in the String 

data block, including eight bytes for the block 

type and header fields plus the number of 

bytes in the rule name.

Access Control 

Rule Name

string

The access control rule name.

Access Control Rule ID Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (123)

Record Length

Device ID

Name Length

Name...