Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

472

Understanding Legacy Data Structures

Legacy Intrusion Data Structures

Appendix B

Intrusion Event (IPv6) Record 5.0.x - 5.1

The fields in the intrusion event (IPv6) record are shaded in the following graphic. 

The record type is 208.
You request intrusion event records by setting the intrusion event flag or the 

extended requests flag in the request message. See 

 on page 30 

For version 5.0.x - 5.1 intrusion events, the event ID, the managed device ID, and 

the event second form a unique identifier.

Ingress 

Security Zone 

UUID

uint8[16]

A zone ID number that acts as a unique identifier 

for the ingress security zone.

Egress 

Security Zone 

UUID

uint8[16]

A zone ID number that acts as a unique identifier 

for the egress security zone.

Intrusion Event (IPv4) Record Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (208)

Record Length

eStreamer Server Timestamp (in events, only if bit 23 is set)

Reserved for Future Use (in events, only if bit 23 is set)

 Device ID

Event ID

Event Second

Event Microsecond

Rule ID (Signature ID)

Generator ID

Rule Revision