Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

381

Understanding Discovery & Connection Data Structures

Discovery and Connection Event Series 2 Data Blocks

Chapter 4

Discovery and Connection Event Series 2 Data Blocks

In the 

 table below, the 

Data Block Status field indicates whether the block is current (the latest version) 

or legacy (used in an older version and can still be requested through eStreamer).

IPv6 Address

uint8[16]

IPv6 address from the host where the user 

was detected logging in, in IP address octets.

Login Type

uint8

The type of user login detected.

String Block 

Type

uint32

Initiates a String data block containing the 

Reported By value. This value is always 0.

String Block 

Length

uint32

Number of bytes in the Reported By String data 

block, including eight bytes for the block type 

and length fields, plus the number of bytes in 

the Reported By field.

Reported By

string

The name of the Active Directory server 

reporting a login.

User Login Information Data Block Fields (Continued)

Discovery and Connection Event Series 2 Block Types 

15

Access 

Control Rule

Current

Used by access control rule 

metadata messages to map policy 

UUID and rule ID values to a 

descriptive string. See 

21

Access 

Control Rule 

Reason

Current

Used by access control rule 

metadata messages to map access 

control rule reasons to a descriptive 

string. See 

22

Security 

Intelligence 

Category

Current

Used to store Security Intelligence 

information. See