Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
3-35
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
The following table describes the fields in the FireAMP Detector Type record.
FireAMP File Type Metadata
The eStreamer service transmits metadata containing FireAMP file type information for an event within
a FireAMP File Type record, the format of which is shown below. (FireAMP file type information is sent
when one of the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is
set. See
a FireAMP File Type record, the format of which is shown below. (FireAMP file type information is sent
when one of the metadata flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is
set. See
.) Note that the Record Type field, which appears after the Message
Length field, has a value of
131
, indicating a FireAMP file type record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (130)
Record Length
FireAMP Detector Type ID
FireAMP Detector Type Length
FireAMP Detector Type...
Table 3-22
FireAMP Detector Type Record Fields
Field
Data Type
Description
FireAMP Detector Type ID
uint32
The FireAMP detector type ID number.
FireAMP Detector Type
Length
Length
uint32
The number of bytes included in the FireAMP detector
type.
type.
FireAMP Detector Type
string
The type of FireAMP detector.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (131)
Record Length