Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
511
Understanding Legacy Data Structures
Legacy Malware Event Data Structures
Appendix B
String Block Length
uint32
The number of bytes included in the
Event Description String data block,
including eight bytes for the block type
and header fields plus the number of
bytes in the Event Description field.
Event Description
string
The additional event information
associated with the event type.
Device ID
uint32
ID for the device that generated the
event.
Connection
Instance
uint16
Snort instance on the device that
generated the event. Used to link the
event with a connection or IDS event.
Connection
Counter
uint16
Value used to distinguish between
connection events that happen during
the same second.
Connection Event
Timestamp
uint32
Timestamp of the connection event.
Direction
uint8
Indicates whether the file was
uploaded or downloaded. Can have the
following values:
•
•
1
— Download
•
2
— Upload
Currently the value depends on the
protocol (for example, if the connection
is HTTP it is a download).
Source IP Address
uint8[16]
IPv4 or IPv6 address for the source of
the connection.
Destination IP
Address
uint8[16]
IPv4 or IPv6 address for the destination
of the connection.
Application ID
uint32
ID number that maps to the application
using the file transfer.
User ID
uint32
Identification number for the user
logged into the destination host, as
identified by the system.
Malware Event Data Block for 5.2.x Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION