Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

69

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

Priority Record

The eStreamer service transmits the priority associated with an event in a Priority 

record, the format of which is shown below. (Priority information is sent when 

one of the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a 

request message—is set. See 

 on page 30.) Note that the Record 

Type field, which appears after the Message Length field, has a value of 4, 

indicating a Priority record.

Packet Second

uint32

The second (from 01/01/1970) that the packet 

was captured.

Packet 

Microsecond

uint32

Microsecond (one millionth of a second) 

increment that the packet was captured.

Link Type

uint32

Link layer type. Currently, the value will always 

be 1 (signifying the Ethernet layer).

Packet Length

uint32

Number of bytes included in the packet data.

Packet Data

variable

Actual captured packet data (header and 

payload).

Packet Record Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (4)

Record Length

Priority ID

Name Length

Priority Name...