Cisco Cisco Firepower Management Center 2000 Developer's Guide

The following table describes the fields in the rule documentation data block.

Corrective 

Action

String Block Type (0)

String Block Length

Corrective Action...

Contributors

String Block Type (0)

String Block Length

Contributors...

Additional 

References

String Block Type (0)

String Block Length

Additional References...

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Rule Documentation 
Data Block Type

uint32

Initiates a Rule Documentation data block. This value is always 

27

.

Rule Documentation 
Data Block Length

uint32

Total number of bytes in the Rule Documentation data block, 
including eight bytes for the Rule Documentation data block 
type and length fields, plus the number of bytes of data that 
follows. 

Rule ID (Signature ID)

uint32

Rule identification number that corresponds with the event.

Generator ID

uint32

Identification number of the FireSIGHT System preprocessor 
that generated the event.

Rule Revision

uint32

Rule revision number.

String Block Type

uint32

Initiates a String data block containing the summary associated 
with the rule. This value is always 

0

.

String Block Length

uint32

The number of bytes included in the name String data block, 
including eight bytes for the block type and header fields plus 
the number of bytes in the Summary field.

Summary

string

Explanation of the threat or vulnerability.

String Block Type

uint32

Initiates a String data block containing the impact associated 
with the rule. This value is always 

0

.

String Block Length

uint32

The number of bytes included in the name String data block, 
including eight bytes for the block type and header fields plus 
the number of bytes in the Impact field.