Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

191

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

The 

 table describes the fields in the 

Intrusion Policy Name data block.

Access Control Rule Action Record Metadata

The eStreamer service transmits metadata containing the action associated with 

a triggered access control rule within an Access Control Rule Action record, the 

format of which is shown below. (Access Control Rule Action information is sent 

when the version 4 metadata flag—bit 20 in the Request Flags field of a request 

message—is set. See 

 on page 30.) Note that the Access Control 

Rule Action record field, which appears after the Message Length field, has a 

value of 120, indicating an Access Control Rule Action record.

Intrusion Policy Name Data Block Fields 

Intrusion Policy 

Name Data 

Block Type

uint32

Initiates an Intrusion Policy Name data block. 

This value is always 14. The block type is a 

series 2 block.

Intrusion Policy 

Name Data 

Block Length

uint32

Length of the data block. Includes the number 

of bytes of data plus the 8 bytes in the two 

data block header fields.

Intrusion Policy 

UUID

uint8[16]

The unique identifier for the intrusion policy 

associated with the connection event.

String Block 

Type

uint32

Initiates a String data block containing the 

name of the intrusion policy. This value is 

always 0.

String Block 

Length

uint32

The number of bytes included in the intrusion 

policy name String data block, including eight 

bytes for the block type and header fields plus 

the number of bytes in the intrusion policy 

name.

Intrusion Policy 

Name

string

The intrusion policy name.