Cisco Cisco Firepower Management Center 2000 Developer's Guide
3-19
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
The following table describes the fields in the Correlation Policy record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (69)
Record Length
Correlation Policy ID
Name Length
Name...
Description Length
Description...
Correlation
Policy
UUID
Correlation Policy UUID
Correlation Policy UUID, continued
Correlation Policy UUID, continued
Correlation Policy UUID, continued
Correlation
Policy
Revision UUID
Correlation Policy Revision UUID
Correlation Policy Revision UUID, continued
Correlation Policy Revision UUID, continued
Correlation Policy Revision UUID, continued
Table 3-9
Correlation Policy Record Fields
Field
Data Type
Description
Correlation Policy ID
uint32
The correlation policy ID number.
Name Length
uint16
The number of bytes included in the correlation policy name.
Name
string
The name of the correlation policy that triggered the event.
Description Length
uint16
The number of bytes included in the correlation policy
description.
description.
Description
string
The description of the correlation policy that triggered the event.