Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

646

Understanding Legacy Data Structures

Legacy Correlation Event Data Structures

Appendix B

Correlation Event for 5.0 - 5.0.2

Correlation events (called compliance events in pre-5.0 versions) contain 

information about correlation policy violations. This message uses the standard 

eStreamer message header and specifies a record type of 112, followed by a 

correlation data block of type 116. Data block type 116 differs from its predecessor 

(block type 107) in including additional information about the associated security 

zone and interface.

Network Protocol

0x00000004

Source IP

0x00000008

Source Host Type

0x00000010

Source VLAN ID

0x00000020

Source Fingerprint ID

0x00000040

Source Criticality

0x00000080

Source Port

0x00000100

Source Server

0x00000200

Destination IP

0x00000400

Destination Host Type

0x00000800

Destination VLAN ID

0x00001000

Destination Fingerprint ID

0x00002000

Destination Criticality

0x00004000

Destination Port

0x00008000

Destination Server

0x00010000

Source User

0x00020000

Destination User

0x00040000

Event Defined Values (Continued)