Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Guía Del Desarrollador

Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Descargar
Página de 726
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
197
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
Security Intelligence Source/Destination Record
The eStreamer service transmits metadata containing whether a Security 
Intelligence-detected IP address is a source IP address or destination IP address 
within a Security Intelligence Source/Destination record, the format of which is 
shown below. (The source/destination IP information is sent when one of the 
metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a request 
message—is set. See 
 on page 30.) Note that the Record Type 
field, which appears after the Message Length field, has a value of 281, indicating 
a Security Intelligence Source/Destination record.
Security Intelligence Category Metadata Fields 
F
IELD
D
ATA
 T
YPE
D
ESCRIPTION
Security 
Intelligence 
Category Block 
Type
uint32
Initiates an Security Intelligence Category data 
block. This value is always 22. This is a series 2 
data block.
Security 
Intelligence 
Category Block 
Length
uint32
Total number of bytes in the Security 
Intelligence Category block, including eight 
bytes for the Security Intelligence Category 
block type and length fields, plus the number 
of bytes of data that follows.
Security 
Intelligence List 
ID
uint32
The ID of the IP blacklist or whitelist triggered 
by the connection.
Access Control 
Policy UUID
uint8[16]
The UUID of the access control policy 
configured for Security Intelligence.
String Block 
Type
uint32
Initiates a String data block containing the 
descriptive name associated with the access 
control rule reason. This value is always 0.
String Block 
Length
uint32
The number of bytes included in the name 
String data block, including eight bytes for the 
block type and header fields plus the number 
of bytes in the Security Intelligence List Name 
field.
Security 
Intelligence List 
Name
string
The name of the IP category blacklist or 
whitelist triggered by the connection.