Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

383

Understanding Discovery & Connection Data Structures

Discovery and Connection Event Series 2 Data Blocks

Chapter 4

Access Control Rule Reason Data Block 5.1+

The eStreamer service uses the Access Control Rule Reason data block in Access 

Control Rule Reason metadata messages to map Access Control reasons to a 

descriptive string. The Access Control Rule Reason data block has a block type of 

21 in the series 2 group of blocks.
The following graphic shows the structure of the Access Control Rule Reason 

data block.:

Access Control 

Rule ID

uint32

The internal Sourcefire identifier for the access 

control rule.

String Block 

Type

uint32

Initiates a String data block containing the 

descriptive name associated with the access 

control rule UUID and access control rule ID. 

This value is always 0.

String Block 

Length

uint32

The number of bytes included in the name 

String data block, including eight bytes for the 

block type and header fields plus the number 

of bytes in the Name field.

Name

string

The descriptive name.

Access Control Rule Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Access Control Rule Reason Block Type (21)

Access Control Rule Block Length

Description

Access Control Rule Reason

String Block Type (0)

String Block Type (0), cont.

String Block Length

String Block Length, cont.

Description...