Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
162
Understanding Intrusion and Correlation Data Structures
IOC Name Data Block for 5.3+
Chapter 3
Category
string
The category for the compromise. Possible
values include:
• CnC Connected
• CnC Connected
• Exploit Kit
• High Impact Attack
• Low Impact Attack
• Malware Detected
• Malware Executed
• Dropper Infection
• Java Compromise
• Word Compromise
• Adobe Reader Compromise
• Excel Compromise
• PowerPoint Compromise
• QuickTime Compromise
String Block
Type
uint32
Initiates a String data block containing the
event type associated with the compromise.
This value is always 0.
IOC Name Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION