Cisco Cisco Firepower Management Center 2000 Guide Du Développeur

B-130

FireSIGHT eStreamer Integration Guide

Appendix B Understanding Legacy Data Structures

Legacy Correlation Event Data Structures

Source OS
Fingerprint
UUID

uint8[16]

A fingerprint ID number that acts a unique identifier for the source
host’s operating system.

See

Server Record, page 4-14

for information about obtaining the

values that map to the fingerprint IDs.

Source
Criticality

uint16

User-defined criticality value for the source host:

•

- None

•

- Low

•

- Medium

•

- High

Source User ID

uint32

Identification number for the user logged into the source host, as
identified by the system.

Source Port

uint16

Source port in the event.

Source Server
ID

uint32

Identification number for the server running on the source host.

Destination IP
Address

uint8[4]

IP address of the destination host associated with the policy violation
(if applicable). This value will be 0 if there is no destination IP address.

Destination
Host Type

uint8

Destination host’s type:

•

- Host

•

- Router

•

- Bridge

Destination
VLAN ID

uint16

Destination host’s VLAN identification number, if applicable.

Destination OS
Fingerprint
UUID

uint8[16]

A fingerprint ID number that acts as a unique identifier for the
destination host’s operating system.

See

Server Record, page 4-14

for information about obtaining the

values that map to the fingerprint IDs.

Destination
Criticality

uint16

User-defined criticality value for the destination host:

•

- None

•

- Low

•

- Medium

•

- High

Destination
User ID

uint32

Identification number for the user logged into the destination host, as
identified by the system.

Destination Port uint16

Destination port in the event.

Destination
Service ID

uint32

Identification number for the server running on the source host.

Table B-29

Correlation Event 5.0 - 5.0.2 Data Fields (continued)

Field

Data Type

Description