Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
504
Understanding Legacy Data Structures
Legacy Malware Event Data Structures
Appendix B
Application ID
uint32
ID number that maps to the application
using the file transfer.
User ID
uint32
Identification number for the user
logged into the destination host, as
identified by the system.
Access Control
Policy UUID
uint8[16]
Identification number that acts as a
unique identifier for the access control
policy that triggered the event.
Disposition
uint8
The malware status of the file. Possible
values include:
•
•
1
— CLEAN — The file is clean and
does not contain malware.
•
2
— UNKNOWN — It is unknown
whether the file contains malware.
•
3
— MALWARE — The file contains
malware.
•
4
— CACHE_MISS — The software
was unable to send a request to the
Sourcefire cloud for a disposition.
•
5
— NO_CLOUD_RESP — The
Sourcefire cloud services did not
respond to the request.
Retrospective
Disposition
uint8
Disposition of the file if the disposition
is updated. If the disposition is not
updated, this field contains the same
value as the Disposition field. The
possible values are the same as the
Disposition field.
String Block Type
uint32
Initiates a String data block containing
the URI. This value is always 0.
String Block Length
uint32
The number of bytes included in the
URI data block, including eight bytes for
the block type and header fields plus
the number of bytes in the URI field.
URI
string
URI of the connection.
Malware Event Data Block for 5.1.1.x Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION