Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

458

Understanding Legacy Data Structures

Legacy Intrusion Data Structures

Appendix B

Legacy Intrusion Data Structures

•

Intrusion Event (IPv4) Record for 4.9 - 4.10.x

on page 458

•

Intrusion Event (IPv6) Record for 4.10.2.3

on page 462

•

Intrusion Event (IPv4) Record 5.0.x - 5.1

on page 466

•

Intrusion Event (IPv6) Record 5.0.x - 5.1

on page 472

•

Intrusion Event Record 5.2.x

on page 478

•

Intrusion Event Record 5.1.1.x

on page 485

Intrusion Event (IPv4) Record for 4.9 - 4.10.x

The fields in the intrusion event (IPv4) record are shaded in the following graphic.

The record type is 104 for version 4.9+, where VLAN IDs are included. The table

following the graphic includes details on the fields.
You request intrusion event records by setting the intrusion event flag—bit 6 in

the Request Flags field—in the request message. If you enable bit 23, an

extended event header is included in the record.
Events are uniquely identified by event ID, detection device ID, and event second.

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (104)

Record Length

eStreamer Server Timestamp (in events, only if bit 23 is set)

Reserved for Future Use (in events, only if bit 23 is set)

Detection Engine ID

Event ID

Event Second

Event Microsecond

Rule ID (Signature ID)

Generator ID

Rule Revision

Classification ID