Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
82
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
The
table describes the fields in the User record.
Rule Message Record for 4.6.1+
Rule message information for an event is transmitted within a Rule Message
record, the format of which is shown below. The eStreamer service transmits the
Rule Message record for 4.6.1+ when you request Version 2 or Version 3
metadata. The Rule Message record for 4.6.1+ contains the same fields as the
Rule Message record for 4.6 and lower but also has new UUID and Revision
UUID fields. (Version 2, Version 3, or Version 4 metadata information is sent when
the appropriate metadata flag—bit 14 for Version 2, bit 15 for Version 3, or bit 20
for Version 4 in the Request Flags field of a request message—is set. See
on page 30.) Note that the Record Type field, which appears after
the Message Length field, has a value of 66, indicating a Rule Message Version 2
record.
User Record Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
User ID
uint32
The user ID number.
Name Length
uint32
The number of bytes included in the user
name.
Name
string
The name of the user.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (66)
Record Length
Signature
Key
Generator ID
Rule ID
Revision Number
Rendered Signature ID
Message Length
Rule UUID