Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
67
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
Packet Record 4.8.0.2+
The eStreamer service transmits the packet data associated with an event in a
Packet record, the format of which is shown below. Packet data is sent when the
Packet flag—bit 0 in the Request Flags field of a request message—is set. See
207
N/A
N/A
Intrusion Event (IPv4)
Record 5.0.x - 5.1
Legacy
208
N/A
N/A
Intrusion Event (IPv6)
Record 5.0.x - 5.1
Legacy
260
19
2
ICMP Type Data Data
Block
Current
270
20
2
ICMP Code Data Block
Current
400
34
2
Intrusion Event Record
5.2+
Current
500
32
2
File Event (Version 5.2+)
Legacy
500
38
2
File Event (Version 5.3+)
Current
502
33
2
Malware Event (Version
5.2x)
Legacy
502
35
2
Malware Event (Version
5.3+)
Current
511
26
2
File Event SHA Hash
(Version 5.1.1+)
Current
520
28
2
Geolocation Data Block
for 5.2+
Current
N/A
150
1
IOC State Data Block for
5.3+
Current
Intrusion Event and General Metadata Record Types (Continued)
R
ECORD
T
YPE
B
LOCK
T
YPE
S
ERIES
D
ESCRIPTION
R
ECORD
S
TATUS
D
ATA
F
ORMAT
D
ESCRIBED
IN
...