Cisco Cisco Firepower Management Center 2000 Guia Do Programador
3-56
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
The following table describes the fields in the Access Control Policy Rule ID metadata block.
IP Reputation Category Data Block
The eStreamer service uses the IP Reputation Category Data block to contain information about rule
reputation categories. This data block has a block type of 22 in series 2.
reputation categories. This data block has a block type of 22 in series 2.
The following diagram shows the structure of the IP Reputation Category data block.
Table 3-35
Access Control Policy Rule Reason Data Block Fields
Field
Data Type
Description
Access Control
Policy Rule
Reason Data
Block Type
Policy Rule
Reason Data
Block Type
uint32
Initiates an Access Control Policy Rule Reason data block. This
value is always
value is always
21
.
Access Control
Policy Rule
Reason Data
Block Length
Policy Rule
Reason Data
Block Length
uint32
Total number of bytes in the Access Control Policy Rule Reason data
block, including eight bytes for the Access Control Policy Rule
Reason data block type and length fields, plus the number of bytes
of data that follows.
block, including eight bytes for the Access Control Policy Rule
Reason data block type and length fields, plus the number of bytes
of data that follows.
Reason
uint16
The number of the reason for the rule that triggered the event.
String Block Type
uint32
Initiates a String data block containing the description of the access
control policy rule reason. This value is always
control policy rule reason. This value is always
0
.
String Block
Length
Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus the
number of bytes in the Description field.
including eight bytes for the block type and header fields plus the
number of bytes in the Description field.
Description
string
Description of the reason for the rule.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
IP Reputation Category Data Block Type (22)
IP Reputation Category Data Block Length
Rule ID
Policy UUID
Policy UUID, continued
Policy UUID, continued
Policy UUID, continued