Cisco Cisco Firepower Management Center 4000 開発者ガイド

Cisco

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

5

Table of Contents

Malware Event Subtype Metadata ...................................................... 103

FireAMP Detector Type Metadata ....................................................... 104

FireAMP File Type Metadata ............................................................... 105

Correlation Event for 5.1+.................................................................... 106

Un derstanding Series 2 Data Blocks ................................................... 116

Series 2 Primitive Data Blocks ............................................................. 121

String Data Block ................................................................................. 121

BLOB Data Block ................................................................................. 122

List Data Block..................................................................................... 123

Generic List Data Block ....................................................................... 124

UUID String Mapping Data Block......................................................... 125

Access Control Policy Rule ID Metadata Block.................................... 126

ICMP Type Data Block ......................................................................... 128

ICMP Code Data Block ........................................................................ 129

Access Control Policy Rule Reason Data Block ................................... 131

IP Reputation Category Data Block...................................................... 132

File Event for 5.3+ ............................................................................... 133

Malware Event Data Block 5.3+ .......................................................... 140

File Event SHA Hash for 5.3+ .............................................................. 149

Rule Documentation Data Block for 5.2+ ............................................ 151

Geolocation Data Block for 5.2+ .......................................................... 156

IOC State Data Block for 5.3+ ............................................................. 158

IOC Name Data Block for 5.3+ ............................................................ 160

Understanding Discovery &

Connection Data Structures .................................................. 164

Discovery and Connection Event Data Messages............................................ 165

Discovery and Connection Event Record Types .................................. 166

Metadata for Discovery Events ........................................................................ 172

Discovery Event Header 5.2+.............................................................. 198

Discovery and Connection Event Types and Subtypes........................ 201

Host Discovery Structures by Event Type............................................ 205

Identity Conflict and Identity Timeout System Messages................... 222

User Data Structures by Event Type .................................................... 222

Understanding Discovery (Series 1) Blocks ...................................................... 224

Series 1 Data Block Header ................................................................. 224

Series 1 Primitive Data Blocks ............................................................. 225