Руководство Разработчика для Cisco Cisco Firepower Management Center 2000

A-1

FireSIGHT eStreamer Integration Guide

A P P E N D I X

Data Structure Examples

This appendix contains data structure examples for selected intrusion, correlation, and discovery events.
Each example is displayed in binary format to clearly display how each bit is set.

See the following sections for more information:

•

Intrusion Event Data Structure Examples

•

Discovery Data Structure Examples, page A-16

Intrusion Event Data Structure Examples

This section contains examples of data structures that may be transmitted by eStreamer for intrusion
events. The following examples are provided:

•

Example of an Intrusion Event for the Defense Center 5.3 +, page A-1

•

Example of an Intrusion Impact Alert, page A-6

•

Example of a Packet Record, page A-7

•

Example of a Classification Record, page A-8

•

Example of a Priority Record, page A-10

•

Example of a Rule Message Record, page A-11

•

Example of a Version 5.1+ User Event, page A-13

Example of an Intrusion Event for the Defense Center 5.3 +

The following diagram shows an example event record:

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 1 1 0

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0