Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
494
Understanding Legacy Data Structures
Legacy Malware Event Data Structures
Appendix B
The
Malware Event Data Block Fields
table describes the fields in the malware
event data block.
Parent File
Name
File Timestamp, cont.
String Block Type (0)
String Block Type (0),
cont.
String Block Length
String Block Length,
cont.
Parent File Name...
Parent File SH
A H
ash
String Block Type (0)
String Block Length
Parent File SHA Hash...
Event
Description
String Block Type (0)
String Block Length
Event Description...
Malware Event Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Malware Event
Block Type
uint32
Initiates a malware event data block.
This value is always 16.
Malware Event
Block Length
uint32
Total number of bytes in the malware
event data block, including eight bytes
for the malware event block type and
length fields, plus the number of bytes
of data that follows.
Agent UUID
uint8[16]
The internal unique ID of the FireAMP
agent reporting the malware event.
Cloud UUID
uint8[16]
The internal unique ID of the malware
awareness network from which the
malware event originated.
Timestamp
uint32
The malware event generation
timestamp.
Event Type ID
uint32
The internal ID of the malware event
type.
Event Subtype ID
uint8
The internal ID of the action that led to
malware detection.