Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. Cisco Firepower Management Center 2000
  5. Guía Del Desarrollador

Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Descargar
Página de 726
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
647
Understanding Legacy Data Structures
Legacy Correlation Event Data Structures
Appendix B
You can request 5.0+ correlation events from eStreamer only by extended 
request, for which you request event type code 31 and version code 7 in the 
Stream Request message (see 
information about submitting extended requests). You can optionally enable bit 23 
in the flags field of the initial event stream request message, to include the 
extended event header. You can also enable bit 20 in the flags field to include user 
metadata.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
2
2
2
3
2
4
2
5
2
6
2
7
2
8
2
9
3
0
3
1
Header Version (1)
Message Type (4)
Message Length
Record Type (112)
Record Length
eStreamer Server Timestamp (in events, only if bit 23 is set)
Reserved for Future Use (in events, only if bit 23 is set)
Correlation Block Type (116)
Correlation Block Length
Device ID
(Correlation) Event Second
Event ID
Policy ID
Rule ID
Priority
String Block Type (0)
Ev
ent
String Block Length
Description...
Event Type
Event Device ID
Signature ID
Signature Generator ID
(Trigger) Event Second
(Trigger) Event Microsecond