Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
4-174
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Discovery and Connection Event Series 2 Data Blocks
Discovery and Connection Event Series 2 Data Blocks
In the following table, the Data Block Status field indicates whether the block is current (the latest
version) or legacy (used in an older version and can still be requested through eStreamer).
version) or legacy (used in an older version and can still be requested through eStreamer).
Access Control Rule Data Block
The eStreamer service uses the Access Control Rule data block in access control rule metadata messages
to map policy UUID and rule ID combinations to a descriptive string. The Access Control Rule data
block has a block type of 15 in the series 2 group of blocks.
to map policy UUID and rule ID combinations to a descriptive string. The Access Control Rule data
block has a block type of 15 in the series 2 group of blocks.
The following graphic shows the structure of the Access Control Rule data block.
String Block Type
uint32
Initiates a String data block containing the Reported By value.
This value is always
This value is always
0
.
String Block Length
uint32
Number of bytes in the Reported By String data block, including
eight bytes for the block type and length fields, plus the number
of bytes in the Reported By field.
eight bytes for the block type and length fields, plus the number
of bytes in the Reported By field.
Reported By
string
The name of the Active Directory server reporting a login.
Table 4-86
User Login Information Data Block Fields (continued)
Field
Data Type
Description
Table 4-87
Discovery and Connection Event Series 2 Block Types
Type
Content
Data Block
Status
Status
Description
15
Access Control
Rule
Rule
Current
Used by access control rule metadata messages to map
policy UUID and rule ID values to a descriptive string.
See
policy UUID and rule ID values to a descriptive string.
See
.
21
Access Control
Rule Reason
Rule Reason
Current
Used by access control rule metadata messages to map
access control rule reasons to a descriptive string. See
access control rule reasons to a descriptive string. See
22
Security
Intelligence
Category
Intelligence
Category
Current
Used to store Security Intelligence information. See
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Access Control Rule Block Type (15)
Access Control Rule Block Length
Access Control Rule UUID