Cisco Cisco Firepower Management Center 2000 Developer's Guide
3-75
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Impact
string
How a compromise that uses this vulnerability may impact
various systems.
various systems.
String Block Type
uint32
Initiates a String data block containing the detailed information
associated with the rule. This value is always
associated with the rule. This value is always
0
.
String Block Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus
the number of bytes in the Detailed Information field.
including eight bytes for the block type and header fields plus
the number of bytes in the Detailed Information field.
Detailed Information
string
Information regarding the underlying vulnerability, what the
rule actually looks for, and what systems are affected.
rule actually looks for, and what systems are affected.
String Block Type
uint32
Initiates a String data block containing the list of affected
systems associated with the rule. This value is always
systems associated with the rule. This value is always
0
.
String Block Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus
the number of bytes in the Affected Systems field.
including eight bytes for the block type and header fields plus
the number of bytes in the Affected Systems field.
Affected Systems
string
Systems affected by the vulnerability.
String Block Type
uint32
Initiates a String data block containing the possible attack
scenarios associated with the rule. This value is always
scenarios associated with the rule. This value is always
0
.
String Block Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus
the number of bytes in the Attack Scenarios field.
including eight bytes for the block type and header fields plus
the number of bytes in the Attack Scenarios field.
Attack Scenarios
string
Examples of possible attacks.
String Block Type
uint32
Initiates a String data block containing the ease of attack
associated with the rule. This value is always
associated with the rule. This value is always
0
.
String Block Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus
the number of bytes in the Ease of Attack field.
including eight bytes for the block type and header fields plus
the number of bytes in the Ease of Attack field.
Ease of Attack
string
Whether the attack is considered simple, medium, hard, or
difficult, and whether or not is can be performed using a script.
difficult, and whether or not is can be performed using a script.
String Block Type
uint32
Initiates a String data block containing the possible false
positives associated with the rule. This value is always 0.
positives associated with the rule. This value is always 0.
String Block Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus
the number of bytes in the False Positives field.
including eight bytes for the block type and header fields plus
the number of bytes in the False Positives field.
False Positives
string
Examples that may result in a false positive. The default value
is
is
None Known
.
String Block Type
uint32
Initiates a String data block containing the possible false
negatives associated with the rule. This value is always
negatives associated with the rule. This value is always
0
.
String Block Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus
the number of bytes in the False Negatives field.
including eight bytes for the block type and header fields plus
the number of bytes in the False Negatives field.
False Negatives
string
Examples that may result in a false negative. The default value
is
is
None Known
.
Table 3-40
Rule Documentation Data Block Fields (continued)
Field
Data Type
Description