Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

94

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

The 

 table describes the fields in the 

Security Zone Name data block.

Interface Name Record

The eStreamer service transmits metadata containing information on the name of 

the interface associated with an intrusion event or connection event within an 

Interface Name record, the format of which is shown below. (Interface name 

information is sent when the Version 4 metadata flag—bit 20 in the Request Flags 

Security Zone Name Data Block Fields 

Security Zone 

Name Data 

Block Type

uint32

Initiates a Security Zone Name data block. This 

value is always 14. The block type is a series 2 

block.

Security Zone 

Name Data 

Block Length

uint32

Length of the data block. Includes the number 

of bytes of data plus the 8 bytes in the two 

data block header fields.

Security Zone 

UUID

uint8[16]

The unique identifier for the security zone 

associated with the connection event.

String Block 

Type

uint32

Initiates a String data block containing the 

name of the security zone. This value is always 

0.

String Block 

Length

uint32

The number of bytes included in the security 

zone name String data block, including eight 

bytes for the block type and header fields plus 

the number of bytes in the name.

Security Zone 

Name

string

The security zone name.