Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Cisco

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

494

Understanding Legacy Data Structures

Legacy Malware Event Data Structures

Appendix B

The

Malware Event Data Block Fields

table describes the fields in the malware

event data block.

Parent File

Name

File Timestamp, cont.

String Block Type (0)

String Block Type (0),

cont.

String Block Length

String Block Length,

cont.

Parent File Name...

Parent File SH

A H

ash

String Block Type (0)

String Block Length

Parent File SHA Hash...

Event

Description

String Block Type (0)

String Block Length

Event Description...

Malware Event Data Block Fields

F

IELD

D

ATA

T

YPE

D

ESCRIPTION

Malware Event

Block Type

uint32

Initiates a malware event data block.

This value is always 16.

Malware Event

Block Length

uint32

Total number of bytes in the malware

event data block, including eight bytes

for the malware event block type and

length fields, plus the number of bytes

of data that follows.

Agent UUID

uint8[16]

The internal unique ID of the FireAMP

agent reporting the malware event.

Cloud UUID

uint8[16]

The internal unique ID of the malware

awareness network from which the

malware event originated.

Timestamp

uint32

The malware event generation

timestamp.

Event Type ID

uint32

The internal ID of the malware event

type.

Event Subtype ID

uint8

The internal ID of the action that led to

malware detection.