Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
3-27
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
The following table describes the fields in the Interface Name data block.
Access Control Policy Name Record
The eStreamer service transmits metadata on the name of the access control policy that triggered an
intrusion event or connection event within an Access Control Policy Name record, the format of which
is shown below. (Access control policy name information is sent when the Version 4 metadata flag—bit
20 in the Request Flags field of a request message—is set. See
intrusion event or connection event within an Access Control Policy Name record, the format of which
is shown below. (Access control policy name information is sent when the Version 4 metadata flag—bit
20 in the Request Flags field of a request message—is set. See
.) Note that the
Record Type field, which appears after the Message Length field, has a value of
117
, indicating an
Access Control Policy Name record. It contains a UUID String data block, block type 14 in the series 2
set of data blocks.
set of data blocks.
String Block Length
Interface Name...
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table 3-14
Interface Name Data Block Fields
Field
Data Type
Description
Interface Name Data
Block Type
Block Type
uint32
Initiates an Interface Name data block. This value is always
14
.
The block type is a series 2 block.
Interface Name Data
Block Length
Block Length
uint32
Length of the data block. Includes the number of bytes of data plus
the 8 bytes in the two data block header fields.
the 8 bytes in the two data block header fields.
Interface UUID
uint8[16]
An interface ID number that acts as a unique identifier for the
interface associated with the connection event.
interface associated with the connection event.
String Block Type
uint32
Initiates a String data block containing the name of the interface.
This value is always
This value is always
0
.
String Block Length uint32
The number of bytes included in the interface name String data
block, including eight bytes for the block type and header fields
plus the number of bytes in the interface name.
block, including eight bytes for the block type and header fields
plus the number of bytes in the interface name.
Interface Name
string
The interface name.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (117)
Record Length