Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
644
Understanding Legacy Data Structures
Legacy Correlation Event Data Structures
Appendix B
Source Host
Type
uint8
Source host’s type:
• 0 — Host
• 0 — Host
• 1 — Router
• 2 — Bridge
Source VLAN
ID
uint16
Source host’s VLAN identification number, if
applicable.
Source OS
Fingerprint
UUID
uint8[16]
A fingerprint ID number that acts a unique
identifier for the source host’s operating system.
See
See
on page 182 for information
about obtaining the values that map to the
fingerprint IDs.
Source
Criticality
uint16
User-defined criticality value for the source host:
• 0 — None
• 0 — None
• 1 — Low
• 2 — Medium
• 3 — High
Source User
ID
uint32
Identification number for the user logged into the
source host, as identified by the system.
Source Port
uint16
Source port in the event.
Source
Server ID
uint32
Identification number for the server running on
the source host.
Destination IP
Address
uint8[4]
IP address of the destination host associated
with the policy violation (if applicable). This value
will be 0 if there is no destination IP address.
Destination
Host Type
uint8
Destination host’s type:
• 0 — Host
• 0 — Host
• 1 — Router
• 2 — Bridge
Destination
VLAN ID
uint16
Destination host’s VLAN identification number, if
applicable.
Correlation Event 4.10.x Data Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION