Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Guía Del Desarrollador

Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Descargar
Página de 726
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
78
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
You can request that eStreamer only transmit intrusion impact events by setting 
bit 5 in the Flags field of the request message. See 
 on page 28 for more information about request messages. 
Version 1 of these alerts only handles IPv4. Version 2, introduced in 5.3, handles 
IPv6 events in addition to IPv4.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (9)
Record Length
Intrusion Impact Alert Block Type (20)
Intrusion Impact Alert Block Length
Event ID
Device ID
Event Second
Impact
Source IP Address
Destination IP Address
Impact
Des
cr
iption
String Block Type (0)
String Block Length
Description...