Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
B-87
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Connection Data Structures
Initiator IP
Address
Address
uint8[16]
IP address of the host that initiated the session described in the
connection event, in IP address octets.
connection event, in IP address octets.
Responder IP
Address
Address
uint8[16]
IP address of the host that responded to the initiating host, in IP
address octets.
address octets.
Policy Revision
uint8[16]
Revision number of the rule associated with the triggered
correlation event, if applicable.
correlation event, if applicable.
Rule ID
uint32
Internal identifier for the rule that triggered the event, if applicable.
Rule Action
uint16
The action selected in the user interface for that rule (allow, block,
and so forth).
and so forth).
Rule Reason
uint16
The reason the rule triggered the event.
Initiator Port
uint16
Port used by the initiating host.
Responder Port
uint16
Port used by the responding host.
TCP Flags
uint16
Indicates any TCP flags for the connection event.
Protocol
uint8
The IANA-specified protocol number.
NetFlow Source
uint8[16]
IP address of the NetFlow-enabled device that exported the data for
the connection.
the connection.
First Packet
Timestamp
Timestamp
uint32
UNIX timestamp of the date and time the first packet was exchanged
in the session.
in the session.
Last Packet
Timestamp
Timestamp
uint32
UNIX timestamp of the date and time the last packet was exchanged
in the session.
in the session.
Initiator
Transmitted
Packets
Transmitted
Packets
uint64
Number of packets transmitted by the initiating host.
Responder
Transmitted
Packets
Transmitted
Packets
uint64
Number of packets transmitted by the responding host.
Initiator
Transmitted Bytes
Transmitted Bytes
uint64
Number of bytes transmitted by the initiating host.
Responder
Transmitted Bytes
Transmitted Bytes
uint64
Number of bytes transmitted by the responding host.
User ID
uint32
Internal identification number for the user who last logged into the
host that generated the traffic.
host that generated the traffic.
Application
Protocol ID
Protocol ID
uint32
Application ID of the application protocol.
URL Category
uint32
The internal identification number of the URL category.
URL Reputation
uint32
The internal identification number for the URL reputation.
Client
Application ID
Application ID
uint32
The internal identification number of the detected client application,
if applicable.
if applicable.
Web Application
ID
ID
uint32
The internal identification number of the detected web application,
if applicable.
if applicable.
Table B-20
Connection Statistics Data Block 5.1 Fields (continued)
Field
Data Type
Description