Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

642

Understanding Legacy Data Structures

Legacy Correlation Event Data Structures

Appendix B

Event

Detection

Engine ID

uint32

Identification number of the detection engine

that generated the intrusion or discovery event

that triggered the correlation event. You can

obtain detection engine IDs and the detection

engine UUIDs that correlate to them by

requesting Version 3 metadata. See

Detection

Engine Record for 4.6.1 - 4.10.x

on page 719 for

more information.

Signature ID

uint32

If the event was an intrusion event, indicates the

rule identification number that corresponds with

the event. Otherwise, the value is 0.

Signature

Generator ID

uint32

If the event was an intrusion event, indicates the

ID number of the Sourcefire 3D System

preprocessor or rules engine that generated the

event.

Event Second

uint32

UNIX timestamp indicating the time that the

event was detected (in seconds from 01/01/

1970).

Event

Microsecond

uint32

Microsecond (one millionth of a second)

increment that the event was detected.

Event ID

uint32

Identification number of the event generated by

the device.

Event

Defined Mask

bits[32]

Set bits in this field indicate which of the fields

that follow in the message are valid. See the

Event Defined Values table

on page 645 for a list

of each bit value.

Correlation Event 4.10.x Data Fields (Continued)

IELD

ATA

YPE

ESCRIPTION