Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
3-31
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
The following table describes each malware event record data field.
Collective Security Intelligence Cloud Name Metadata
The eStreamer service transmits metadata containing information on the name of the Collective Security
Intelligence Cloud (referred to as the Cisco cloud or simply cloud) associated with an intrusion event or
connection event within a Collective Security Intelligence Cloud Name record, the format of which is
shown below. (Cisco cloud name information is sent when the Version 4 metadata flag—bit 20 in the
Request Flags field of a request message—is set. See
Intelligence Cloud (referred to as the Cisco cloud or simply cloud) associated with an intrusion event or
connection event within a Collective Security Intelligence Cloud Name record, the format of which is
shown below. (Cisco cloud name information is sent when the Version 4 metadata flag—bit 20 in the
Request Flags field of a request message—is set. See
.) Note that the Record
Type field, which appears after the Message Length field, has a value of
127
, indicating a Collective
Security Intelligence Cloud Name record. It contains a UUID String data block, block type 14 in the
series 2 set of data blocks.
series 2 set of data blocks.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (125)
Record Length
eStreamer Server Timestamp (in events, only if bit 23 is set)
Reserved for Future Use (in events, only if bit 23 is set)
Malware Event Data Block
Table 3-18
Malware Event Record Fields
Field
Data Type
Description
Malware Event
Data Block
Data Block
variable
Indicates a malware event data block. See
for more
information.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (127)
Record Length