Cisco Cisco Firepower Management Center 2000 開発者ガイド
B-130
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Correlation Event Data Structures
Source OS
Fingerprint
UUID
Fingerprint
UUID
uint8[16]
A fingerprint ID number that acts a unique identifier for the source
host’s operating system.
host’s operating system.
for information about obtaining the
values that map to the fingerprint IDs.
Source
Criticality
Criticality
uint16
User-defined criticality value for the source host:
•
0
- None
•
1
- Low
•
2
- Medium
•
3
- High
Source User ID
uint32
Identification number for the user logged into the source host, as
identified by the system.
identified by the system.
Source Port
uint16
Source port in the event.
Source Server
ID
ID
uint32
Identification number for the server running on the source host.
Destination IP
Address
Address
uint8[4]
IP address of the destination host associated with the policy violation
(if applicable). This value will be 0 if there is no destination IP address.
(if applicable). This value will be 0 if there is no destination IP address.
Destination
Host Type
Host Type
uint8
Destination host’s type:
•
0
- Host
•
1
- Router
•
2
- Bridge
Destination
VLAN ID
VLAN ID
uint16
Destination host’s VLAN identification number, if applicable.
Destination OS
Fingerprint
UUID
Fingerprint
UUID
uint8[16]
A fingerprint ID number that acts as a unique identifier for the
destination host’s operating system.
destination host’s operating system.
for information about obtaining the
values that map to the fingerprint IDs.
Destination
Criticality
Criticality
uint16
User-defined criticality value for the destination host:
•
0
- None
•
1
- Low
•
2
- Medium
•
3
- High
Destination
User ID
User ID
uint32
Identification number for the user logged into the destination host, as
identified by the system.
identified by the system.
Destination Port uint16
Destination port in the event.
Destination
Service ID
Service ID
uint32
Identification number for the server running on the source host.
Table B-29
Correlation Event 5.0 - 5.0.2 Data Fields (continued)
Field
Data Type
Description