Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
512
Understanding Legacy Data Structures
Legacy Malware Event Data Structures
Appendix B
Access Control
Policy UUID
uint8[16]
Identification number that acts as a
unique identifier for the access control
policy that triggered the event.
Disposition
uint8
The malware status of the file. Possible
values include:
•
•
1
— CLEAN — The file is clean and
does not contain malware.
•
2
— NEUTRAL — It is unknown
whether the file contains malware.
•
3
— MALWARE — The file contains
malware.
•
4
— CACHE_MISS — The software
was unable to send a request to the
Sourcefire cloud for a disposition, or
the Sourcefire cloud services did not
respond to the request.
Retrospective
Disposition
uint8
Disposition of the file if the disposition
is updated. If the disposition is not
updated, this field contains the same
value as the Disposition field. The
possible values are the same as the
Disposition field.
String Block Type
uint32
Initiates a String data block containing
the URI. This value is always 0.
String Block Length
uint32
The number of bytes included in the
URI data block, including eight bytes for
the block type and header fields plus
the number of bytes in the URI field.
URI
string
URI of the connection.
Source Port
uint16
Port number for the source of the
connection.
Destination Port
uint16
Port number for the destination of the
connection.
Source Country
uint16
Code for the country of the source
host.
Destination
Country
uint 16
Code for the country of the destination
host.
Malware Event Data Block for 5.2.x Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION