Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Cisco

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

504

Understanding Legacy Data Structures

Legacy Malware Event Data Structures

Appendix B

Application ID

uint32

ID number that maps to the application

using the file transfer.

User ID

uint32

Identification number for the user

logged into the destination host, as

identified by the system.

Access Control

Policy UUID

uint8[16]

Identification number that acts as a

unique identifier for the access control

policy that triggered the event.

Disposition

uint8

The malware status of the file. Possible

values include:
•

1

— CLEAN — The file is clean and

does not contain malware.

•

2

— UNKNOWN — It is unknown

whether the file contains malware.

•

3

— MALWARE — The file contains

malware.

•

4

— CACHE_MISS — The software

was unable to send a request to the

Sourcefire cloud for a disposition.

•

5

— NO_CLOUD_RESP — The

Sourcefire cloud services did not

respond to the request.

Retrospective

Disposition

uint8

Disposition of the file if the disposition

is updated. If the disposition is not

updated, this field contains the same

value as the Disposition field. The

possible values are the same as the

Disposition field.

String Block Type

uint32

Initiates a String data block containing

the URI. This value is always 0.

String Block Length

uint32

The number of bytes included in the

URI data block, including eight bytes for

the block type and header fields plus

the number of bytes in the URI field.

URI

string

URI of the connection.

Malware Event Data Block for 5.1.1.x Fields (Continued)

F

IELD

D

ATA

T

YPE

D

ESCRIPTION