Cisco Cisco Firepower Management Center 2000

a network layer decoder, such as the IP decoder

a transport layer decoder such, as the TCP decoder

an application layer decoder or preprocessor, such as the HTTP Inspect preprocessor

the rules engine

Events include such information as:

the date and time the event was generated

the event priority

when you use network discovery, the impact flag associated with the event

whether the packet that caused the event was dropped or would have been dropped in an inline, 
switched, or routed deployment

the name of the device that generated the event

the protocol of the packet that caused the event

the source IP address and port for the event

the destination IP address and port for the event

the name of the user logged into the source host

the ICMP type and code (for ICMP traffic)

the FireSIGHT System component that generated the event (for example, the rule, decoder, or 
preprocessor)

a brief description of the event

the classification of the rule that generated the event

the VLAN where the host is a member

For a complete list and descriptions of the information included in intrusion events, see 

.

For events generated by shared object rules, the rule itself is not available.

The following sections describe more about how the system acquires and processes information:

Protection

Before packets can be inspected, the packets must be captured from the network. The following 
illustration shows how the system sniffs packets, then decodes them before any further analysis.