Cisco Cisco Firepower Management Center 2000 Developer's Guide
3-3
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
127
14
2
Collective Security
Intelligence Cloud Name
Metadata (Version 5.1+)
Intelligence Cloud Name
Metadata (Version 5.1+)
Current
128
N/A
N/A
Malware Event Type
Metadata (Version 5.1+)
Metadata (Version 5.1+)
Current
129
N/A
N/A
Malware Event Subtype
Metadata (Version 5.1+)
Metadata (Version 5.1+)
Current
130
N/A
N/A
FireAMP Detector Type
Metadata (Version 5.1+)
Metadata (Version 5.1+)
Current
131
N/A
N/A
FireAMP File Type Metadata
(Version 5.1+)
(Version 5.1+)
Current
160
150
1
IOC State Data Block for
5.3+
5.3+
Current
161
39
2
IOC Name Data Block for
5.3+
5.3+
Current
207
N/A
N/A
Intrusion Event (IPv4)
Record 5.0.x - 5.1
Record 5.0.x - 5.1
Legacy
208
N/A
N/A
Intrusion Event (IPv6)
Record 5.0.x - 5.1
Record 5.0.x - 5.1
Legacy
260
19
2
ICMP Type Data Data Block Current
270
20
2
ICMP Code Data Block
Current
400
34
2
Intrusion Event Record 5.2.x Legacy
400
41
2
Intrusion Event Record 5.3
Legacy
400
42
2
Intrusion Event Record
5.3.1+
5.3.1+
Current
500
32
2
File Event (Version 5.2.x)
Legacy
500
38
2
File Event (Version 5.3)
Legacy
500
43
2
File Event (Version 5.3.1+)
Current
502
32
2
File Event (Version 5.2.x)
Legacy
502
38
2
File Event (Version 5.3)
Legacy
502
43
2
File Event (Version 5.3.1+)
Current
N/A
27
2
File Event SHA Hash for
5.3+
5.3+
Current
511
27
2
Rule Documentation Data
Block for 5.2+
Block for 5.2+
Current
520
28
2
Geolocation Data Block for
5.2+
5.2+
Current
Table 3-1
Intrusion Event and General Metadata Record Types (continued)
Record
Type
Type
Block
Type
Type
Series
Description
Record
Status
Status
Data Format Described in...