Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
190
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
Intrusion Policy Name Record
The eStreamer service transmits metadata containing intrusion policy name
information for a connection event within an Intrusion Policy Name record, the
format of which is shown below. (Intrusion policy name information is sent when
one of the metadata flags—version 4 metadata bit 20 in the Request Flags field
of a request message—is set. See
on page 30.) Note that the
Intrusion Policy Name record field, which appears after the Message Length field,
has a value of 118, indicating an Intrusion Policy Name record.
Web Application Record Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Application ID
uint32
Application ID number of the web application.
Name Length
uint32
The number of bytes included in the name.
Name
string
The web application content name.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (118)
Record Length
Intrusion Policy Name Data Block (14)
Intrusion Policy Name Data Block Length
Intrusion Policy UUID
Intrusion Policy UUID, continued
Intrusion Policy UUID, continued
Intrusion Policy UUID, continued
String Block Type (0)
String Block Length
Intrusion Policy Name...