Cisco Cisco Firepower Management Center 2000 Guia Do Programador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

100

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

The 

 table describes the fields in the Managed 

Device record.

Malware Event Record 5.1.1+

The fields in the malware event record are shaded in the following graphic. The 

record type is 125.
You request malware event records by setting the malware event flag—bit 30 in 

the Request Flags field—in the request message with an event version of 2 and 

an event code of 101. See 

 on page 30. If you enable bit 23, an 

extended event header is included in the record.

Managed Device Record Fields 

Device ID

uint32

ID number of the managed device.

Name Length

uint32

The number of bytes included in the name.

Name

string

The managed device name.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (125)

Record Length

eStreamer Server Timestamp (in events, only if bit 23 is set)

Reserved for Future Use (in events, only if bit 23 is set)

Malware Event Data Block