Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

126

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

The 

 table describes the fields in the UUID 

String Mapping data block.

Access Control Policy Rule ID Metadata Block

The eStreamer service uses the Access Control Policy Rule ID metadata block to 

contain information about access control policy rule IDs. This data block has a 

block type of 15 in series 2.
The following diagram shows the structure of the Access Control Policy Rule ID 

metadata block.

UUID String Mapping Data Block Fields 

UUID String 

Mapping Block 

Type

uint32

Initiates a UUID String Mapping block. This 

value is always 14.

UUID String 

Mapping Block 

Length

uint32

Total number of bytes in the UUID String 

Mapping block, including eight bytes for the 

UUID String Mapping block type and length 

fields, plus the number of bytes of data that 

follows. 

UUID

uint8[16]

The unique identifier for the event or other 

object the UUID identifies.

String Block 

Type

uint32

Initiates a String data block containing the 

descriptive name associated with the UUID. 

This value is always 0.

String Block 

Length

uint32

The number of bytes included in the name 

String data block, including eight bytes for the 

block type and header fields plus the number 

of bytes in the Name field.

Name

string

The descriptive name.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Access Control Policy Rule ID Metadata Block Type (15)

Access Control Policy Rule ID Metadata Block Length

Revision

Revision, continued