Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
4-21
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
The following table describes the fields in the Intrusion Policy Name data block.
Access Control Rule Action Record Metadata
The eStreamer service transmits metadata containing the action associated with a triggered access
control rule within an Access Control Rule Action record, the format of which is shown below. (Access
Control Rule Action information is sent when the version 4 metadata flag—bit 20 in the Request Flags
field of a request message—is set. See
control rule within an Access Control Rule Action record, the format of which is shown below. (Access
Control Rule Action information is sent when the version 4 metadata flag—bit 20 in the Request Flags
field of a request message—is set. See
.) Note that the Access Control Rule
Action record field, which appears after the Message Length field, has a value of
120
, indicating an
Access Control Rule Action record.
Intrusion Policy UUID, continued
Intrusion Policy UUID, continued
Intrusion Policy UUID, continued
String Block Type (0)
String Block Length
Intrusion Policy Name...
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table 4-16
Intrusion Policy Name Data Block Fields
Field
Data Type
Description
Intrusion Policy Name
Data Block Type
Data Block Type
uint32
Initiates an Intrusion Policy Name data block. This value is
always
always
14
. The block type is a series 2 block.
Intrusion Policy Name
Data Block Length
Data Block Length
uint32
Length of the data block. Includes the number of bytes of data
plus the 8 bytes in the two data block header fields.
plus the 8 bytes in the two data block header fields.
Intrusion Policy UUID
uint8[16]
The unique identifier for the intrusion policy associated with
the connection event.
the connection event.
String Block Type
uint32
Initiates a String data block containing the name of the
intrusion policy. This value is always
intrusion policy. This value is always
0
.
String Block Length
uint32
The number of bytes included in the intrusion policy name
String data block, including eight bytes for the block type and
header fields plus the number of bytes in the intrusion policy
name.
String data block, including eight bytes for the block type and
header fields plus the number of bytes in the intrusion policy
name.
Intrusion Policy Name
string
The intrusion policy name.