Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
93
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
Security Zone Name Record
The eStreamer service transmits metadata containing information on the name of
the security zone associated with an intrusion event or connection event within a
Security Zone Name record, the format of which is shown below. (Security zone
information is sent when the Version 4 metadata flag—bit 20 in the Request Flags
field of a request message—is set. See
on page 30.) Note that the
Record Type field, which appears after the Message Length field, has a value of
115, indicating a Security Zone Name record.
String Block
Type
uint32
Initiates a string data block for the client
application URL. This value is always 0. This
block type is a series 2 block.
String Block
Length
uint32
Number of bytes in the client application URL
String data block, including eight bytes for the
string block type and length fields, plus the
number of bytes in the URL string.
Encoding
string
Encoding used for the event extra data, for
example, IPv4, IPv6, or string.
Event Extra Data Metadata Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (115)
Record Length
Security Zone Name Data Block (14)
Security Zone Name Data Block Length
Security Zone UUID
String Block Type (0)
String Block Length
Security Zone Name...