Cisco Cisco Firepower Management Center 4000 Guia Do Programador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

117

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

In the

Series 2 Block Types

table below, the Data Block Status field indicates

whether the block is current (the latest version) or legacy (used in an older version

and can still be requested through eStreamer).

Series 2 Block Types

YPE

ONTENT

ATA

LOCK

TATUS

ESCRIPTION

String

Current

Encapsulates variable string data.

See

String Data Block

on page 121

for more information.

BLOB

Current

Encapsulates binary data and is used

specifically for banners. See

BLOB

Data Block

on page 122 for more

information.

List

Current

Encapsulates a list of other data

blocks. See

List Data Block

page 123 for more information.

Generic List

Current

Encapsulates a list of other data

blocks. For deserialization, it is the

equivalent of the List data block. See

Generic List Data Block

on page 124

for more information.

Event Extra

Data

Current

Contains intrusion event extra data.

See

Intrusion Event Extra Data

Record

on page 89 for more

information.

Extra Data Type

Current

Contains extra data metadata. See

Intrusion Event Extra Data Metadata

on page 91 for more information.

UUID String

Mapping

Current

Block used by various metadata

messages to map UUID values to

descriptive strings. See

UUID String

Mapping Data Block

on page 125.

Access Control

Policy Rule ID

Metadata

Current

Contains metadata for access

control rules. See

Access Control

Policy Rule ID Metadata Block

page 126.