Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

157

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

The following diagram shows the structure of a geolocation data block:

The 

 table describes the fields in the Geolocation 

data block.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (520)

Geolocation Block Type (28)

Geolocation Block Length

Country Code

String Block Type (0)

File Name

String Block Type (0), cont.

String Block Length

String Block Length, cont.

Country Name...

Geolocation Data Block Fields 

Geolocation 

Data Block Type

uint32

Initiates a Geolocation data block. This value is 

always 28.

Geolocation 

Data Block 

Length

uint32

Total number of bytes in the Geolocation data 

block, including eight bytes for the Geolocation 

data block type and length fields, plus the 

number of bytes of data that follows. 

Country Code

uint16

The country code.

String Block 

Type

uint32

Initiates a String data block containing the 

country name associated with the country 

code. This value is always 0.

String Block 

Length

uint32

The number of bytes included in the name 

String data block, including eight bytes for the 

block type and header fields plus the number 

of bytes in the Country Name field.

Country Name

string

The name of the country associated with the 

country code.