Cisco Cisco Firepower Management Center 2000 Guia Do Programador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

102

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

The 

 table describes the fields in the 

Sourcefire Cloud Name data block.

Malware Event Type Metadata

The eStreamer service transmits metadata containing malware event type 

information for an event within a malware event type record, the format of which 

is shown below. (Malware event type information is sent when the metadata flag, 

Sourcefire Cloud Name Data Block Fields 

Sourcefire 

Cloud Name 

Data Block Type

uint32

Initiates a Sourcefire Cloud Name data block. 

This value is always 14. The block type is a 

series 2 block.

Sourcefire 

Cloud Name 

Data Block 

Length

uint32

Length of the data block. Includes the number 

of bytes of data plus the 8 bytes in the two 

data block header fields.

Sourcefire 

Cloud UUID

uint8[16]

A Sourcefire cloud ID number that acts as a 

unique identifier for the Sourcefire Cloud 

associated with the connection event.

String Block 

Type

uint32

Initiates a String data block containing the 

name of the Sourcefire Cloud. This value is 

always 0.

String Block 

Length

uint32

The number of bytes included in the 

Sourcefire cloud name String data block, 

including eight bytes for the block type and 

header fields plus the number of bytes in the 

FireAMP cloud name.

Sourcefire 

Cloud Name

string

The Sourcefire cloud name.