Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

194

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

The 

 table describes the fields in the URL 

Reputation record.

Access Control Rule Reason Metadata

The eStreamer service transmits metadata containing information about the 

reason an access control rule triggered an intrusion event or connection event 

within an Access Control Rule Reason record, the format of which is shown 

below. Access control rule reason metadata is sent when the Version 4 metadata 

flag—bit 20 in the Request Flags field of a request message—is set. See 

 on page 30. Note that the Record Type field, which appears after the 

Message Length field, has a value of 124, indicating an Access Control Rule 

Reason record.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (122)

Record Length

URL Reputation ID

Name Length

Name...

URL Reputation Record Fields 

URL Reputation 

ID

uint32

ID number of the URL reputation.

Name Length

uint32

The number of bytes included in the name.

Name

string

The URL reputation name.