Cisco Cisco Firepower Management Center 2000 Guia Do Programador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
102
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
The
table describes the fields in the
Sourcefire Cloud Name data block.
Malware Event Type Metadata
The eStreamer service transmits metadata containing malware event type
information for an event within a malware event type record, the format of which
is shown below. (Malware event type information is sent when the metadata flag,
Sourcefire Cloud Name Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Sourcefire
Cloud Name
Data Block Type
uint32
Initiates a Sourcefire Cloud Name data block.
This value is always 14. The block type is a
series 2 block.
Sourcefire
Cloud Name
Data Block
Length
uint32
Length of the data block. Includes the number
of bytes of data plus the 8 bytes in the two
data block header fields.
Sourcefire
Cloud UUID
uint8[16]
A Sourcefire cloud ID number that acts as a
unique identifier for the Sourcefire Cloud
associated with the connection event.
String Block
Type
uint32
Initiates a String data block containing the
name of the Sourcefire Cloud. This value is
always 0.
String Block
Length
uint32
The number of bytes included in the
Sourcefire cloud name String data block,
including eight bytes for the block type and
header fields plus the number of bytes in the
FireAMP cloud name.
Sourcefire
Cloud Name
string
The Sourcefire cloud name.