Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

644

Understanding Legacy Data Structures

Legacy Correlation Event Data Structures

Appendix B

Source Host

Type

uint8

Source host’s type:
• 0 — Host

• 1 — Router

• 2 — Bridge

Source VLAN

uint16

Source host’s VLAN identification number, if

applicable.

Source OS

Fingerprint

UUID

uint8[16]

A fingerprint ID number that acts a unique

identifier for the source host’s operating system.
See

Server Record

on page 182 for information

about obtaining the values that map to the

fingerprint IDs.

Source

Criticality

uint16

User-defined criticality value for the source host:
• 0 — None

• 1 — Low

• 2 — Medium

• 3 — High

Source User

uint32

Identification number for the user logged into the

source host, as identified by the system.

Source Port

uint16

Source port in the event.

Source

Server ID

uint32

Identification number for the server running on

the source host.

Destination IP

Address

uint8[4]

IP address of the destination host associated

with the policy violation (if applicable). This value

will be 0 if there is no destination IP address.

Destination

Host Type

uint8

Destination host’s type:
• 0 — Host

• 1 — Router

• 2 — Bridge

Destination

VLAN ID

uint16

Destination host’s VLAN identification number, if

applicable.

Correlation Event 4.10.x Data Fields (Continued)

IELD

ATA

YPE

ESCRIPTION