Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
196
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
Security Intelligence Category Metadata
The eStreamer service transmits metadata containing information about the
Security Intelligence category within a Security Intelligence Category record, the
format of which is shown below. Access control rule reason metadata is sent
when the Version 4 metadata flag—bit 20 in the Request Flags field of a request
message—is set. See
on page 30. Note that the Record Type field,
which appears after the Message Length field, has a value of 280, indicating a
Security Intelligence Category record.
The
table describes the fields in
the Security Intelligence Category record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (280)
Record Length
Security Intelligence Category Block Type (22)
Security Intelligence Category Block Length
Security Intelligence List ID
Access Control Policy UUID
Access Control Policy UUID, continued
Access Control Policy UUID, continued
Access Control Policy UUID, continued
String Block Type (0)
String Block Length
Security Intelligence List Name...