Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
78
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
You can request that eStreamer only transmit intrusion impact events by setting
bit 5 in the Flags field of the request message. See
on page 28 for more information about request messages.
Version 1 of these alerts only handles IPv4. Version 2, introduced in 5.3, handles
IPv6 events in addition to IPv4.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (9)
Record Length
Intrusion Impact Alert Block Type (20)
Intrusion Impact Alert Block Length
Event ID
Device ID
Event Second
Impact
Source IP Address
Destination IP Address
Impact
Des
cr
iption
String Block Type (0)
String Block Length
Description...