Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
381
Understanding Discovery & Connection Data Structures
Discovery and Connection Event Series 2 Data Blocks
Chapter 4
Discovery and Connection Event Series 2 Data Blocks
In the
Discovery and Connection Event Series 2 Block Types
table below, the
Data Block Status field indicates whether the block is current (the latest version)
or legacy (used in an older version and can still be requested through eStreamer).
IPv6 Address
uint8[16]
IPv6 address from the host where the user
was detected logging in, in IP address octets.
Login Type
uint8
The type of user login detected.
String Block
Type
uint32
Initiates a String data block containing the
Reported By value. This value is always 0.
String Block
Length
uint32
Number of bytes in the Reported By String data
block, including eight bytes for the block type
and length fields, plus the number of bytes in
the Reported By field.
Reported By
string
The name of the Active Directory server
reporting a login.
User Login Information Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Discovery and Connection Event Series 2 Block Types
T
YPE
C
ONTENT
D
ATA
B
LOCK
S
TATUS
D
ESCRIPTION
15
Access
Control Rule
Current
Used by access control rule
metadata messages to map policy
UUID and rule ID values to a
descriptive string. See
21
Access
Control Rule
Reason
Current
Used by access control rule
metadata messages to map access
control rule reasons to a descriptive
string. See
22
Security
Intelligence
Category
Current
Used to store Security Intelligence
information. See