Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
161
Understanding Intrusion and Correlation Data Structures
IOC Name Data Block for 5.3+
Chapter 3
The
table describes the fields in the IOC Name data
block.
IOC Name Block Length
IOC ID Number
Category
String Block Type (0), cont.
String Block Length
String Block Length, cont.
Category...
Even
t T
ype
String Block Type (0), cont.
String Block Length
String Block Length, cont.
Event Type...
IOC Name Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
IOC Name Data
Block Type
uint32
Initiates an IOC Name data block. This value is
always 39.
IOC Name Data
Block Length
uint32
Total number of bytes in the IOC Name data
block, including eight bytes for the IOC Name
data block type and length fields, plus the
number of bytes of data that follows.
IOC ID Number
uint32
Unique ID number for the compromise.
String Block
Type
uint32
Initiates a String data block containing the
category associated with the compromise.
This value is always 0.
String Block
Length
uint32
The number of bytes included in the name
String data block, including eight bytes for the
block type and header fields plus the number
of bytes in the Category field.