Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
98
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
Request Flags field of a request message—is set. See
page 30.) Note that the Record Type field, which appears after the Message
Length field, has a value of 119, indicating an Access Control Rule ID record.
The
table describes the fields in the
Access Control Rule ID data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (119)
Record Length
Access Control Rule ID Data Block (15)
Access Control Rule ID Data Block Length
Access Control Rule UUID
Access Control Rule ID
String Block Type (0)
String Block Length
Access Control Rule Name...
Access Control Rule ID Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Access Control
Rule ID Data
Block Type
uint32
Initiates an Access Control Rule ID data block.
This value is always 15. The block type is a
series 2 block.
Access Control
Rule ID Data
Block Length
uint32
Length of the data block. Includes the number
of bytes of data plus the 8 bytes in the two
data block header fields.
Access Control
Rule UUID
uint8[16]
A rule ID that acts as the unique identifier for
the rule in the access control policy associated
with the connection event.
Access Control
Rule ID
uint32
The internal identifier for the rule in the access
control policy associated with the connection
event.