Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

98

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

Request Flags field of a request message—is set. See 

page 30.) Note that the Record Type field, which appears after the Message 

Length field, has a value of 119, indicating an Access Control Rule ID record.

The 

 table describes the fields in the 

Access Control Rule ID data block.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (119)

Record Length

Access Control Rule ID Data Block (15)

Access Control Rule ID Data Block Length

Access Control Rule UUID

Access Control Rule ID

String Block Type (0)

String Block Length

Access Control Rule Name...

Access Control Rule ID Data Block Fields 

Access Control 

Rule ID Data 

Block Type

uint32

Initiates an Access Control Rule ID data block. 

This value is always 15. The block type is a 

series 2 block.

Access Control 

Rule ID Data 

Block Length

uint32

Length of the data block. Includes the number 

of bytes of data plus the 8 bytes in the two 

data block header fields.

Access Control 

Rule UUID

uint8[16]

A rule ID that acts as the unique identifier for 

the rule in the access control policy associated 

with the connection event.

Access Control 

Rule ID

uint32

The internal identifier for the rule in the access 

control policy associated with the connection 

event.