Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

64

C

HAPTER

 3

U

NDERSTANDING

 I

NTRUSION

 

AND

 

C

ORRELATION

 D

ATA

 S

TRUCTURES

The eStreamer service transmits a number of data record types to deliver 

requested events and metadata to the client. This chapter describes the 

structures of data records for the following types of event data:

intrusion events data and event extra data generated by managed devices

correlation (compliance) events generated by the Defense Center

metadata records

The following sections in this chapter define the event message structures:

 below on page 106

For a general overview eStreamer’s message format for transmitting data 

records, see 

Intrusion Event and Metadata Record Types

The 

 table below lists all 

currently supported record types for intrusion events, intrusion event extra data, 

and metadata messages. The data for these record types is in fixed-length fields. 

By contrast, correlation event records contain one or more levels of nested data 

blocks with variable lengths. The table below provides a link to the chapter 

subsection that defines the associated data record structure.