Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

SHA Hash

uint8[32]

SHA-256 hash of the file, in binary format.

File Type ID

uint32

ID number that maps to the file type. The meaning of this 
field is transmitted in the metadata with this event. See 

information.

File Name

string

Name of the file.

File Size

uint64

Size of the file in bytes.

Direction

uint8

Value that indicates whether the file was uploaded or 
downloaded. Can have the following values:

1

 - Download

2

 - Upload

Currently the value depends on the protocol (for example, 
if the connection is HTTP it is a download).

Application ID

uint32

ID number that maps to the application using the file 
transfer.

User ID

uint32

ID number for the user logged into the destination host, 
as identified by the system.

URI

string

Uniform Resource Identifier (URI) of the connection.

Signature

string

SHA-256 hash of the file, in string format.

Source Port

uint16

Port number for the source of the connection.

Destination Port

uint16

Port number for the destination of the connection.

Protocol

uint8

IANA protocol number specified by the user. For 
example:

1

 - ICMP

4

 - IP

6

 - TCP

17

 - UDP

This is currently only TCP.

Access Control Policy 
UUID

uint8[16]

Unique identifier for the access control policy that 
triggered the event.

Source Country

uint16

Code for the country of the source host.

Destination Country

uint16

Code for the country of the destination host.

Web Application ID

uint32

The internal identification number for the web 
application, if applicable.

Client Application ID

uint32

The internal identification number for the client 
application, if applicable.

Security Context

uint8(16)

ID number for the security context (virtual firewall) that 
the traffic passed through. Note that the system only 
populates this field for ASA FirePOWER devices in 
multi-context mode.