Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
97
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
The
table describes the fields in
the Access Control Policy Name data block.
Access Control Rule ID Record Metadata
The eStreamer service transmits metadata containing information about the
access control rule that triggered an intrusion event or connection event within an
Access Control Rule ID record, the format of which is shown below. Access
control rule metadata is sent when the Version 4 metadata flag—bit 20 in the
Access Control Policy Name Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Access Control
Policy Name
Data Block Type
uint32
Initiates an Access Control Policy Name data
block. This value is always 14. The block type is
a series 2 block.
Access Control
Policy Name
Data Block
Length
uint32
Length of the data block. Includes the number
of bytes of data plus the 8 bytes in the two
data block header fields.
Access Control
Policy UUID
uint8[16]
An ID number that acts as a unique identifier
for the access control policy associated with
the intrusion event or connection event
String Block
Type
uint32
Initiates a String data block containing the
name of the access control policy. This value is
always 0.
String Block
Length
uint32
The number of bytes included in the access
control policy name String data block, including
eight bytes for the block type and header fields
plus the number of bytes in the access control
policy name.
Access Control
Policy Name
string
The access control policy name.