Cisco Cisco Firepower Management Center 4000 Guida Dello Sviluppatore

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

134

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

The following graphic shows the structure of the File Event data block.

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

File Event Block Type (38)

File Event Block Length

Device ID

Connection Instance

Connection Counter

Connection Timestamp

File Event Timestamp

Source IP Address

Source IP Address, continued

Destination IP Address

Destination IP Address, continued

Disposition

SPERO Disposition

File Storage Status

File Analysis Status

Archive File Status

Threat Score

Action

SHA Hash

SHA Hash, continued

File Type ID