Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
138
Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Chapter 3
File Analysis
Status
uint8
Indicates whether the file was sent for
dynamic analysis. Possible values are:
•
1
— Sent for Analysis
•
2
— Sent for Analysis
•
4
— Sent for Analysis
•
5
— Failed to Send
•
6
— Failed to Send
•
7
— Failed to Send
•
8
— Failed to Send
•
9
— File Size is Too Small
•
10
— File Size is Too Large
•
11
— Sent for Analysis
•
12
— Analysis Complete
•
13
— Failure (Network Issue)
•
14
— Failure (Rate Limit)
•
15
— Failure (File Too Large)
•
16
— Failure (File Read Error)
•
17
— Failure (Internal Library Error)
•
19
— File Not Sent, Disposition
Unavailable
•
20
— Failure (Cannot Run File)
•
21
— Failure (Analysis Timeout)
•
22
— Sent for Analysis
•
23
— File Not Supported
Archive File
Status
uint8
This is always
0
.
Threat Score
uint8
A numeric value from 0 to 100 based on the
potentially malicious behaviors observed
during dynamic analysis.
File Event Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION