Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

In the following table, the Data Block Status field indicates whether the block is current (the latest 
version) or legacy (used in an older version and can still be requested through eStreamer).

The eStreamer service uses the Access Control Rule data block in access control rule metadata messages 
to map policy UUID and rule ID combinations to a descriptive string. The Access Control Rule data 
block has a block type of 15 in the series 2 group of blocks.

The following graphic shows the structure of the Access Control Rule data block.

String Block Type

uint32

Initiates a String data block containing the Reported By value. 
This value is always 

0

.

String Block Length

uint32

Number of bytes in the Reported By String data block, including 
eight bytes for the block type and length fields, plus the number 
of bytes in the Reported By field.

Reported By

string

The name of the Active Directory server reporting a login.

15

Access Control 
Rule

Current

Used by access control rule metadata messages to map 
policy UUID and rule ID values to a descriptive string. 
See 

.

21

Access Control 
Rule Reason

Current

Used by access control rule metadata messages to map 
access control rule reasons to a descriptive string. See 

22

Security 
Intelligence 
Category

Current

Used to store Security Intelligence information. See 

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Access Control Rule Block Type (15)

Access Control Rule Block Length

Access Control Rule UUID