Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
A-10
FireSIGHT eStreamer Integration Guide
Appendix A Data Structure Examples
Intrusion Event Data Structure Examples
Example of a Priority Record
The following example shows a sample priority record:
In the preceding example, the following event information appears:
5
This line indicates that the Classification ID is
35
.
6
The first two bytes of this line indicate that the classification name that follows it is
15
bytes
long. The second two bytes begin the classification name itself, which, in this case, is
“trojan-activity”.
“trojan-activity”.
7
The first byte in this line is a continuation of the classification name described in line 6. The
next two bytes in this line indicate that the classification description that follows it is
next two bytes in this line indicate that the classification description that follows it is
29
bytes long. The remaining byte begins the classification description, which, in this case, is
“A Network Trojan was Detected.”
8
This line indicates the classification ID number that acts as a unique identifier for the
classification.
classification.
9
This line indicates the classification revision ID number that acts as a unique identifier for
the classification revision, which is null because there are no revisions to the classification.
the classification revision, which is null because there are no revisions to the classification.
Number Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0
2
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0
3
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0
4
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0
5
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
6
0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 0 1 0 0 0 0 1 1 0 1 0 0 1
0 1 1 0 0 1 1 1 0 1 1 0 1 0 0 0
Number Description
1
The first two bytes in this line indicate the standard header value of
1
. The second two bytes
indicate that the message is a data message (message type four).
2
This line indicates that the message that follows is
16
bytes.
3
This line indicates a record type value of
4
, which represents a priority record.
4
This line indicates that the priority record that follows is
8
bytes long.