Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
3-62
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
File Analysis Status
uint8
Indicates whether the file was sent for dynamic analysis.
Possible values are:
Possible values are:
•
1
- Sent for Analysis
•
2
- Sent for Analysis
•
4
- Sent for Analysis
•
5
- Failed to Send
•
6
- Failed to Send
•
7
- Failed to Send
•
8
- Failed to Send
•
9
- File Size is Too Small
•
10
- File Size is Too Large
•
11
- Sent for Analysis
•
12
- Analysis Complete
•
13
- Failure (Network Issue)
•
14
- Failure (Rate Limit)
•
15
- Failure (File Too Large)
•
16
- Failure (File Read Error)
•
17
- Failure (Internal Library Error)
•
19
- File Not Sent, Disposition Unavailable
•
20
- Failure (Cannot Run File)
•
21
- Failure (Analysis Timeout)
•
22
- Sent for Analysis
•
23
- File Not Supported
Archive File Status
uint8
This is always
0
.
Threat Score
uint8
A numeric value from
0
to
100
based on the potentially
malicious behaviors observed during dynamic analysis.
Action
uint8
The action taken on the file based on the file type. Can
have the following values:
have the following values:
•
1
- Detect
•
2
- Block
•
3
- Malware Cloud Lookup
•
4
- Malware Block
•
5
- Malware Whitelist
•
6
- Cloud Lookup Timeout
•
7
- Custom Detection
•
8
- Custom Detection Block
Table 3-37
File Event Data Block for 5.3.1+ Fields (continued)
Field
Data Type
Description