Cisco Cisco Firepower Management Center 2000 Guide Du Développeur
B-128
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Correlation Event Data Structures
Event Device ID uint32
Identification number of the device that generated the event that
triggered the correlation event. You can obtain device name by
requesting Version 3 metadata. See
triggered the correlation event. You can obtain device name by
requesting Version 3 metadata. See
for more information.
Signature ID
uint32
If the event was an intrusion event, indicates the rule identification
number that corresponds with the event. Otherwise, the value is
number that corresponds with the event. Otherwise, the value is
0
.
Signature
Generator ID
Generator ID
uint32
If the event was an intrusion event, indicates the ID number of the
FireSIGHT System preprocessor or rules engine that generated the
event.
FireSIGHT System preprocessor or rules engine that generated the
event.
(Trigger) Event
Second
Second
uint32
UNIX timestamp indicating the time of the event that triggered the
correlation policy rule (in seconds from 01/01/1970).
correlation policy rule (in seconds from 01/01/1970).
(Trigger) Event
Microsecond
Microsecond
uint32
Microsecond (one millionth of a second) increment that the event was
detected.
detected.
Event ID
uint32
Identification number of the event generated by the device.
Event Defined
Mask
Mask
bits[32]
Set bits in this field indicate which of the fields that follow in the
message are valid. See
message are valid. See
for a list of each bit
value.
Table B-29
Correlation Event 5.0 - 5.0.2 Data Fields (continued)
Field
Data Type
Description