Cisco Cisco Firepower Management Center 2000 Guia Do Programador
B-27
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Intrusion Data Structures
Device ID
unit32
Contains the identification number of the detecting managed device.
You can obtain the managed device name by requesting Version 3 or 4
metadata. See
You can obtain the managed device name by requesting Version 3 or 4
metadata. See
for more
information.
Event ID
uint32
Event identification number.
Event Second
uint32
UNIX timestamp (seconds since 01/01/1970) of the event’s detection.
Event
Microsecond
Microsecond
uint32
Microsecond (one millionth of a second) increment of the timestamp of
the event’s detection.
the event’s detection.
Rule ID
(Signature ID)
(Signature ID)
uint32
Rule identification number that corresponds with the event.
Generator ID
uint32
Identification number of the FireSIGHT System preprocessor that
generated the event.
generated the event.
Rule Revision
uint32
Rule revision number.
Classification
ID
ID
uint32
Identification number of the event classification message.
Priority ID
uint32
Identification number of the priority associated with the event.
Source IP
Address
Address
uint8[16]
Source IPv4 or IPv6 address used in the event.
Destination IP
Address
Address
uint8[16]
Destination IPv4 or IPv6 address used in the event.
Source
Port/ICMP Type
Port/ICMP Type
uint16
The source port number if the event protocol type is TCP or UDP, or
the ICMP type if the event is caused by ICMP traffic.
the ICMP type if the event is caused by ICMP traffic.
Destination
Port/ICMP
Code
Port/ICMP
Code
uint16
The destination port number if the event protocol type is TCP or UDP,
or the ICMP code if the event is caused by ICMP traffic.
or the ICMP code if the event is caused by ICMP traffic.
IP Protocol
Number
Number
uint8
IANA-specified protocol number. For example:
•
0
- IP
•
1
- ICMP
•
6
- TCP
•
17
- UDP
Table B-5
Intrusion Event Record 5.1.1 Fields (continued)
Field
Data Type
Description