Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
64
C
HAPTER
3
U
NDERSTANDING
I
NTRUSION
AND
C
ORRELATION
D
ATA
S
TRUCTURES
The eStreamer service transmits a number of data record types to deliver
requested events and metadata to the client. This chapter describes the
structures of data records for the following types of event data:
•
intrusion events data and event extra data generated by managed devices
•
correlation (compliance) events generated by the Defense Center
•
metadata records
The following sections in this chapter define the event message structures:
•
For a general overview eStreamer’s message format for transmitting data
records, see
Intrusion Event and Metadata Record Types
The
table below lists all
currently supported record types for intrusion events, intrusion event extra data,
and metadata messages. The data for these record types is in fixed-length fields.
By contrast, correlation event records contain one or more levels of nested data
blocks with variable lengths. The table below provides a link to the chapter
subsection that defines the associated data record structure.