Cisco Cisco Firepower Management Center 4000 開発者ガイド
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
632
Understanding Legacy Data Structures
Legacy Correlation Event Data Structures
Appendix B
The
table describes each data field
in a correlation event.
Source IP, continued
Source Host Type
Source VLAN ID
Source OS Fingerprint UUID
Sourc
e OS Fingerprint
Source OS Fingerprint UUID, continued
Source OS Fingerprint UUID, continued
Source OS Fingerprint UUID, continued
Source OS Fingerprint UUID, continued
Source Criticality
Source User ID
Source Port
Source Server ID
Source Server ID
Destination IP
Destination IP
Dest. Host Type
Dest VLAN ID
Destination OS Fingerprint
Dest. VLAN ID
Dest. Fingerprint UUID
Destination OS Fingerprint UUID, continued
Destination OS Fingerprint UUID, continued
Destination OS Fingerprint UUID, continued
Fprt UUID, cont
Dest. Criticality
Dest. User ID
Dest. User ID, cont.
Destination Port
Dest. Port cont.
Dest. Server ID
Dest. Serv. ID cont.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
2
2
2
3
2
4
2
5
2
6
2
7
2
8
2
9
3
0
3
1
Correlation Event Data 4.8.0.2 - 4.9.1.x Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Correlation
Block Type
uint32
Indicates a correlation event data block follows.
This field always has a value of 84.
Correlation
Block Length
uint32
Length of the correlation data block, that
includes 8 bytes for the correlation block type
and length plus the correlation data that follows.