Cisco Cisco Firepower Management Center 2000 Guia Do Programador

3-31

FireSIGHT eStreamer Integration Guide

Chapter 3 Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

The following table describes each malware event record data field.

Collective Security Intelligence Cloud Name Metadata

The eStreamer service transmits metadata containing information on the name of the Collective Security
Intelligence Cloud (referred to as the Cisco cloud or simply cloud) associated with an intrusion event or
connection event within a Collective Security Intelligence Cloud Name record, the format of which is
shown below. (Cisco cloud name information is sent when the Version 4 metadata flag—bit 20 in the
Request Flags field of a request message—is set. See

Request Flags, page 2-11

.) Note that the Record

Type field, which appears after the Message Length field, has a value of

127

, indicating a Collective

Security Intelligence Cloud Name record. It contains a UUID String data block, block type 14 in the
series 2 set of data blocks.

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (125)

Record Length

eStreamer Server Timestamp (in events, only if bit 23 is set)

Reserved for Future Use (in events, only if bit 23 is set)

Malware Event Data Block

Table 3-18

Malware Event Record Fields

Field

Data Type

Description

Malware Event
Data Block

variable

Indicates a malware event data block. See

Malware

Event Data Block 5.3.1+, page 3-64

for more

information.