Cisco Cisco Firepower Management Center 2000 Developer's Guide

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

464

Understanding Legacy Data Structures

Legacy Intrusion Data Structures

Appendix B

Rule ID

(Signature ID)

uint32

Rule identification number that corresponds with

the event.

Generator ID

uint32

Identification number of the Sourcefire 3D

System preprocessor that generated the event.

Rule Revision

uint32

Rule revision number.

Classification

uint32

Identification number of the event classification

message.

Priority ID

uint32

Identification number of the priority associated

with the event.

Source IPv6

Address

uint16[8]

Source IPv6 address used in the event, in

address octets.

Destination

IPv6 Address

uint16[8]

Destination IPv6 address used in the event, in

address octets.

Source Port/

ICMP Type

uint16

If the event protocol type is TCP or UDP, this

indicates the source port number. If the protocol

type is ICMP, this indicates the ICMP type.

Destination

Port/ICMP

Code

uint16

If the event protocol type is TCP or UDP, this

indicates the destination port number. If the

protocol type is ICMP, this indicates the ICMP

code.

IP Protocol

Number

uint8

IANA-specified protocol number. For example:
• 0 — IP

• 1 — ICMP

• 6 — TCP

• 17 — UDP
and so on.

Intrusion Event (IPv6) Record 4.10.2.3+ Fields (Continued)

IELD

ATA

YPE

ESCRIPTION