Cisco Cisco Firepower Management Center 4000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
126
Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Chapter 3
table describes the fields in the UUID
String Mapping data block.
Access Control Policy Rule ID Metadata Block
The eStreamer service uses the Access Control Policy Rule ID metadata block to
contain information about access control policy rule IDs. This data block has a
block type of 15 in series 2.
The following diagram shows the structure of the Access Control Policy Rule ID
The following diagram shows the structure of the Access Control Policy Rule ID
metadata block.
UUID String Mapping Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
UUID String
Mapping Block
Type
uint32
Initiates a UUID String Mapping block. This
value is always 14.
UUID String
Mapping Block
Length
uint32
Total number of bytes in the UUID String
Mapping block, including eight bytes for the
UUID String Mapping block type and length
fields, plus the number of bytes of data that
follows.
UUID
uint8[16]
The unique identifier for the event or other
object the UUID identifies.
String Block
Type
uint32
Initiates a String data block containing the
descriptive name associated with the UUID.
This value is always 0.
String Block
Length
uint32
The number of bytes included in the name
String data block, including eight bytes for the
block type and header fields plus the number
of bytes in the Name field.
Name
string
The descriptive name.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Access Control Policy Rule ID Metadata Block Type (15)
Access Control Policy Rule ID Metadata Block Length
Revision
Revision, continued