Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
94
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
The
Security Zone Name Data Block Fields
table describes the fields in the
Security Zone Name data block.
Interface Name Record
The eStreamer service transmits metadata containing information on the name of
the interface associated with an intrusion event or connection event within an
Interface Name record, the format of which is shown below. (Interface name
information is sent when the Version 4 metadata flag—bit 20 in the Request Flags
Security Zone Name Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Security Zone
Name Data
Block Type
uint32
Initiates a Security Zone Name data block. This
value is always 14. The block type is a series 2
block.
Security Zone
Name Data
Block Length
uint32
Length of the data block. Includes the number
of bytes of data plus the 8 bytes in the two
data block header fields.
Security Zone
UUID
uint8[16]
The unique identifier for the security zone
associated with the connection event.
String Block
Type
uint32
Initiates a String data block containing the
name of the security zone. This value is always
0.
String Block
Length
uint32
The number of bytes included in the security
zone name String data block, including eight
bytes for the block type and header fields plus
the number of bytes in the name.
Security Zone
Name
string
The security zone name.