Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
3-25
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Security Zone Name Record
The eStreamer service transmits metadata containing information on the name of the security zone
associated with an intrusion event or connection event within a Security Zone Name record, the format
of which is shown below. (Security zone information is sent when the Version 4 metadata flag—bit 20
in the Request Flags field of a request message—is set. See
associated with an intrusion event or connection event within a Security Zone Name record, the format
of which is shown below. (Security zone information is sent when the Version 4 metadata flag—bit 20
in the Request Flags field of a request message—is set. See
.) Note that the
Record Type field, which appears after the Message Length field, has a value of
115
, indicating a
Security Zone Name record. It contains a UUID String data block, block type 14 in the series 2 set of
data blocks.
data blocks.
String Block Length
uint32
Number of bytes in the client application URL String data block,
including eight bytes for the string block type and length fields,
plus the number of bytes in the URL string.
including eight bytes for the string block type and length fields,
plus the number of bytes in the URL string.
Encoding
string
Encoding used for the event extra data, for example, IPv4, IPv6, or
string.
string.
Table 3-12
Event Extra Data Metadata Data Block Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (115)
Record Length
Security Zone Name Data Block (14)
Security Zone Name Data Block Length
Security Zone UUID
String Block Type (0)
String Block Length
Security Zone Name...