Cisco Cisco Firepower Management Center 4000 Guida Dello Sviluppatore
B-82
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Connection Data Structures
Responder IP
Address
Address
uint8[16]
IP address of the host that responded to the initiating host, in IP address
octets.
octets.
Policy Revision
uint8[16]
Revision number of the rule associated with the triggered correlation
event, if applicable.
event, if applicable.
Rule ID
uint32
Internal identifier for the rule that triggered the event, if applicable.
Rule Action
uint32
The action selected in the user interface for that rule (allow, block, and
so forth).
so forth).
Initiator Port
uint16
Port used by the initiating host.
Responder Port
uint16
Port used by the responding host.
TCP Flags
uint16
Indicates any TCP flags for the connection event.
Protocol
uint8
The IANA-specified protocol number.
NetFlow Source uint8[16]
IP address of the NetFlow-enabled device that exported the data for the
connection
connection
First Packet
Timestamp
Timestamp
uint32
UNIX timestamp of the date and time the first packet was exchanged
in the session.
in the session.
Last Packet
Timestamp
Timestamp
uint32
UNIX timestamp of the date and time the last packet was exchanged in
the session.
the session.
Packets Sent
uint64
Number of packets transmitted by the initiating host.
Packets
Received
Received
uint64
Number of packets transmitted by the responding host.
Bytes Sent
uint64
Number of bytes transmitted by the initiating host.
Bytes Received
uint64
Number of bytes transmitted by the responding host.
User ID
uint32
Internal identification number for the user who last logged into the host
that generated the traffic.
that generated the traffic.
Application
Protocol ID
Protocol ID
uint32
Application ID of the application protocol.
URL Category
uint32
The internal identification number of the URL category.
URL Reputation uint32
The internal identification number for the URL reputation.
Client
Application ID
Application ID
uint32
The internal identification number of the detected client application, if
applicable.
applicable.
Web
Application ID
Application ID
uint32
The internal identification number of the detected web application, if
applicable.
applicable.
String Block
Type
Type
uint32
Initiates a String data block for the client application URL. This value
is always
is always
0
.
String Block
Length
Length
uint32
Number of bytes in the client application URL String data block,
including eight bytes for the string block type and length fields, plus
the number of bytes in the client application URL string.
including eight bytes for the string block type and length fields, plus
the number of bytes in the client application URL string.
Client
Application
URL
Application
URL
string
URL the client application accessed, if applicable
(
/files/index.html
, for example).
Table B-19
Connection Statistics Data Block 5.0 - 5.0.2 Fields (continued)
Field
Data Type
Description