Cisco Cisco Firepower Management Center 2000 Guia Do Programador

The eStreamer service uses the File Event SHA Hash data block to contain metadata of the mapping of 
the SHA hash of a file to its filename. The block type is 26 in the series 2 list of data blocks. It can be 
requested if file log events have been requested in the extended requests—event code 111—and either 
bit 20 is set or metadata is requested with an event version of 4 and an event code of 21.

The following diagram shows the structure of a file event hash data block:

The following table describes the fields in the file event SHA hash data block.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

File Event SHA Hash Block Type (26)

File Event SHA Hash Block Length

SHA Hash

SHA Hash, continued

SHA Hash, continued

SHA Hash, continued

SHA Hash, continued

SHA Hash, continued

SHA Hash, continued

SHA Hash, continued

File Name

String Block Type (0)

String Block Length

File Name or Disposition...

File Event SHA 
Hash Block Type

uint32

Initiates a File Event SHA Hash block. This value is always 

26

.

File Event SHA 
Hash Block 
Length

uint32

Total number of bytes in the File Event SHA Hash block, including 
eight bytes for the File Event SHA Hash block type and length fields, 
plus the number of bytes of data that follows. 

SHA Hash

uint8[32]

The SHA-256 hash of the file in binary format. 

String Block Type

uint32

Initiates a String data block containing the descriptive name 
associated with the file. This value is always 

0

.