Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

105

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

message—is set. See 

 on page 30.) Note that the Record Type 

field, which appears after the Message Length field, has a value of 130, indicating 

a FireAMP detector type record.

The 

 table describes the fields in the 

FireAMP Detector Type record.

FireAMP File Type Metadata

The eStreamer service transmits metadata containing FireAMP file type 

information for an event within a FireAMP File Type record, the format of which is 

shown below. (FireAMP file type information is sent when one of the metadata 

flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is 

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (130)

Record Length

FireAMP Detector Type ID

FireAMP Detector Type Length

FireAMP Detector Type...

FireAMP Detector Type Record Fields 

FireAMP 

Detector Type ID

uint32

The FireAMP detector type ID number.

FireAMP 

Detector Type 

Length

uint32

The number of bytes included in the FireAMP 

detector type.

FireAMP 

Detector Type

string

The type of FireAMP detector.