Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
3-42
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Source VLAN
ID
ID
uint16
Source host’s VLAN identification number, if applicable.
Source OS
Fingerprint
UUID
Fingerprint
UUID
uint8[16]
A fingerprint ID number that acts a unique identifier for the source
host’s operating system.
host’s operating system.
for information about obtaining the
values that map to the fingerprint IDs.
Source
Criticality
Criticality
uint16
User-defined criticality value for the source host:
•
0
- None
•
1
- Low
•
2
- Medium
•
3
- High
Source User ID
uint32
Identification number for the user logged into the source host, as
identified by the system.
identified by the system.
Source Port
uint16
Source port in the event.
Source Server
ID
ID
uint32
Identification number for the server running on the source host.
Destination IP
Address
Address
uint8[4]
This field is reserved but no longer populated. The Destination IPv4
address is stored in the Destination IPv6 Address field. See
address is stored in the Destination IPv6 Address field. See
for more information.
Destination
Host Type
Host Type
uint8
Destination host’s type:
•
0
- Host
•
1
- Router
•
2
- Bridge
Destination
VLAN ID
VLAN ID
uint16
Destination host’s VLAN identification number, if applicable.
Destination OS
Fingerprint
UUID
Fingerprint
UUID
uint8[16]
A fingerprint ID number that acts as a unique identifier for the
destination host’s operating system.
destination host’s operating system.
for information about obtaining the
values that map to the fingerprint IDs.
Destination
Criticality
Criticality
uint16
User-defined criticality value for the destination host:
•
0
- None
•
1
- Low
•
2
- Medium
•
3
- High
Destination
User ID
User ID
uint32
Identification number for the user logged into the destination host, as
identified by the system.
identified by the system.
Destination Port uint16
Destination port in the event.
Destination
Service ID
Service ID
uint32
Identification number for the server running on the source host.
Table 3-24
Correlation Event 5.1+ Data Fields (continued)
Field
Data Type
Description