Cisco Cisco Firepower Management Center 2000 開発者ガイド
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
443
Data Structure Examples
Intrusion Event Data Structure Examples
Appendix A
In the preceding example, the following information appears:
A. The first two bytes of this line indicate the standard header value of 1. The
second two bytes indicate that the message is a data message (message
type four).
B. This line indicates that the message that follows is 153 bytes long.
C. This line indicates a record type value of 65, which represents a correlation
event record for Sourcefire 3D System 4.5.
D. This line indicates that the data that follows is 145 bytes long.
E. This line contains a value of 52, indicating that a correlation event data block
follows.
F. This line indicates that the length of the correlation event block, including the
correlation event block header, is 145 bytes.
G. This line indicates that the detection engine ID is 0, indicating that the
correlation event was generated on the Defense Center.
H. This line contains the event timestamp, 1,098,911,301, which is Wed, 27 Oct
2004 21:08:21 GMT.
I.
This line indicates that the event ID number is 10.
J. This line indicates a policy ID of 4, which, in this case, maps to a custom
correlation policy on the Defense Center.
K. This line indicates a rule ID of 29, which, in this case, maps to a custom
correlation policy rule on the Defense Center.
L. This line indicates a policy priority of 1.
M. This line contains a value of 0, which indicates the beginning of a string block
for the policy violation event description.
N. This line indicates the length of the description. In this example, the length is
19 bytes, including the string block header and the 11 bytes in the event
description. In an actual event, the length is typically much longer.
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
AE
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
AF
0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 1 0 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0
AG
0 0 0 0 0 0 0 0
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 1
0
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31