Cisco Cisco Firepower Management Center 4000 개발자 가이드

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

84

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

record for 4.6 and lower but also has new UUID and Revision UUID fields. 

(Classification information is sent when the Version 3 or Version 4 metadata 

flag—bit 15 or bit 20 in the Request Flags field of a request message—is set. See 

 on page 30.) Note that the Record Type field, which appears after 

the Message Length field, has a value of 67, indicating a Classification Version 2 

record.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (67)

Record Length

Classification ID

Name Length

Name...

Name, continued...

Description Length

Description...

Description, continued...

Cla

ssif

ica

tio

n

UU

ID

Classification UUID

Classification UUID, continued

Classification UUID, continued

Classification UUID, continued

Classification Revision UUID

Classification Revision UUID

Classification Revision UUID, continued

Classification Revision UUID, continued

Classification Revision UUID, continued