Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
103
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
on page 30.) Note that the record type field, which appears after the message
length field, has a value of 128, indicating a malware event type record.
The
table describes the fields in the malware
event type record.
Malware Event Subtype Metadata
The eStreamer service transmits metadata containing malware event subtype
information for an event within a malware event subtype record, the format of
which is shown below. (Malware event type information is sent when the
metadata flag, bit 20 in the request flags field of a request message, is set. See
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (128)
Record Length
Malware Event Type ID
Malware Event Type Length
Malware Event Type...
Malware Event Type Record Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Malware Event
Type ID
uint32
The malware event type ID number.
Malware Event
Type Length
uint32
The number of bytes included in the malware
event type.
Malware Event
Type
string
The type of malware event.