Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

92

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

Note that the block structure includes encapsulated String block types, one of 

several series 2 variable length data structures introduced in Version 4.10 of the 

Sourcefire 3D System.
The 

 table describes the fields in the 

Event Extra Data Metadata record.

String Block Type (0)

String Block Length

Name...

String Block Type (0)

String Block Length

Encoding

Event Extra Data Metadata Data Block Fields 

Event Extra 

Data 

Metadata 

Data Block 

Type

uint32

Initiates an Event Extra Data Metadata data 

block. This value is always 5. This block type is a 

series 2 block.

Event Extra 

Data 

Metadata 

Data Block 

Length

uint32

Length of the data block. Includes the number of 

bytes of data plus the 8 bytes in the two data 

block header fields.

Type

uint32

The type of extra data. Matches the Type field in 

the associated Event Extra Data record.

String Block 

Type

uint32

Initiates a String data block for the client 

application version. This value is always 0. This 

block type is a series 2 block.

String Block 

Length

uint32

Number of bytes in the client application version 

String data block, including eight bytes for the 

string block type and length fields, plus the 

number of bytes in the version string.

Name

string

Name of the type of event extra data, for 

example, XFF client (IPv6), and HTTP URI.