Cisco Cisco Firepower Management Center 2000 開発者ガイド
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
439
Data Structure Examples
Intrusion Event Data Structure Examples
Appendix A
In the preceding example, the following information appears:
A. The first two bytes of this line indicate the standard header value of 1. The
second two bytes indicate that the message is a data message (message
type four).
B. This line indicates that the message that follows is 137 bytes long.
C. This line indicates a record type value of 36, which represents a correlation
policy violation record for Sourcefire 3D System 4.0.
D. This line indicates that the data that follows is 129 bytes long.
E. This line contains a value of 33, indicating that a correlation policy violation
data block follows.
F. This line indicates that the length of the policy violation block, including the
policy violation block header, is 129 bytes.
G. The first byte line indicates that the detection engine ID is 0, indicating that
the correlation event was generated on the Defense Center. The last three
bytes of this line and the first byte of the next line contains the policy event
timestamp, 1,098,911,301, which is Wed, 27 Oct 2004 21:08:21 GMT.
H. The last three bytes of this line and first byte of the next line indicate that the
policy event ID number is 10.
I.
The last three bytes of this line and first byte of the next line indicate a policy
ID of 4, which, in this case, maps to a custom correlation policy on the
Defense Center.
J. The last three bytes of this line and first byte of the next line indicate rule ID
of 29, which, in this case, maps to a custom correlation policy rule on the
Defense Center.
K. The last three bytes of this line and first byte of the next line indicate a policy
priority of 1.
L. The last three bytes of this line and first byte of the next line contain a value
of 0, which indicates the beginning of a string block for the policy violation
event description.
AE
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
AF
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 1
AG
0 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
AH
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
AI
0 0 0 0 1 0 0 0
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31