Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
4-20
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
The following table describes the fields in the Web Application record.
Intrusion Policy Name Record
The eStreamer service transmits metadata containing intrusion policy name information for a connection
event within an Intrusion Policy Name record, the format of which is shown below. (Intrusion policy
name information is sent when one of the metadata flags—version 4 metadata bit 20 in the Request Flags
field of a request message—is set. See
event within an Intrusion Policy Name record, the format of which is shown below. (Intrusion policy
name information is sent when one of the metadata flags—version 4 metadata bit 20 in the Request Flags
field of a request message—is set. See
.) Note that the Intrusion Policy Name
record field, which appears after the Message Length field, has a value of
118
, indicating an Intrusion
Policy Name record. It contains a UUID String data block, block type 14 in the series 2 set of data blocks.
Record Type (109)
Record Length
Application ID
Name Length
Name...
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table 4-15
Web Application Record Fields
Field
Data Type
Description
Application ID
uint32
Application ID number of the web application.
Name Length
uint32
The number of bytes included in the name.
Name
string
The web application content name.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (118)
Record Length
Intrusion Policy Name Data Block (14)
Intrusion Policy Name Data Block Length
Intrusion Policy UUID