Cisco Cisco Firepower Management Center 4000 Guia Do Programador

Cisco

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

118

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

16

Malware Event

Legacy

Contains information on malware

events, such as the malware

detected or quarantined within a

FireAMP cloud, the detection

method, and hosts and users

affected by the malware. See

Malware Event Data Block 5.1

page 492. Deprecated by block 24,

Malware Event Data Block 5.3+

19

ICMP Type Data

Block

Current

Contains metadata describing ICMP

types. See

ICMP Type Data Block

20

ICMP Code

Data Block

Current

Contains metadata describing ICMP

codes. See

ICMP Code Data Block

21

Access Control

Policy Rule

Reason Data

Block

Current

Contains information explaining

access control policy rule reasons.

See

Access Control Policy Rule

Reason Data Block

22

IP Reputation

Category Data

Block

Current

Contains information on IP

reputation categories explaining why

an IP address was blocked. See

Reputation Category Data Block

23

File Event

Legacy

Contains information on file events,

such as the source, SHA hash, and

the disposition of the file. See

Event for 5.1.1.x

on page 619. It is

superseded by block 32,

Control Policy Rule ID Metadata

Series 2 Block Types (Continued)

T

YPE

C

ONTENT

D

ATA

B

LOCK

S

TATUS

D

ESCRIPTION