Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
4-31
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Security Intelligence Source/Destination Record
The eStreamer service transmits metadata containing whether a Security Intelligence-detected IP
address is a source IP address or destination IP address within a Security Intelligence Source/Destination
record, the format of which is shown below. (The source/destination IP information is sent when one of
the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is set. See
address is a source IP address or destination IP address within a Security Intelligence Source/Destination
record, the format of which is shown below. (The source/destination IP information is sent when one of
the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is set. See
.) Note that the Record Type field, which appears after the Message Length
field, has a value of
281
, indicating a Security Intelligence Source/Destination record.
String Block Type
uint32
Initiates a String data block containing the descriptive name
associated with the access control rule reason. This value is
always
associated with the access control rule reason. This value is
always
0
.
String Block Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus the
number of bytes in the Security Intelligence List Name field.
including eight bytes for the block type and header fields plus the
number of bytes in the Security Intelligence List Name field.
Security Intelligence
List Name
List Name
string
The name of the IP category blacklist or whitelist triggered by the
connection.
connection.
Table 4-23
Security Intelligence Category Metadata Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (281)
Record Length
Security Intelligence Source/Destination ID
Security Intelligence Source/Destination Length
Security Intelligence Source/Destination...