Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
459
Understanding Legacy Data Structures
Legacy Intrusion Data Structures
Appendix B
table describes each intrusion
event record data field.
Priority ID
Source IPv4 Address
Destination IPv4 Address
Source Port/ICMP Type
Destination Port/ICMP Code
IP Protocol ID
Impact Flags
Impact
Blocked
Reserved
VLAN ID
Pad
Intrusion Event (IPv4) Record 4.9 - 4.10.x Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Detection
Engine ID
unit32
Contains the detection engine identification
number.
Event ID
uint32
Event identification number.
Event Second
uint32
UNIX timestamp (seconds since 01/01/1970) of
the event’s detection.
Event
Microsecond
uint32
Microsecond (one millionth of a second)
increment of the timestamp of the event’s
detection.
Rule ID
(Signature ID)
uint32
Rule identification number that corresponds with
the event.
Generator ID
uint32
Identification number of the Sourcefire 3D
System preprocessor that generated the event.
Rule Revision
uint32
Rule revision number.
Classification
ID
uint32
Identification number of the event classification
message.
Priority ID
uint32
Identification number of the priority associated
with the event.
Source IPv4
Address
uint8[4]
Source IPv4 address used in the event, in
address octets.