Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
623
Understanding Legacy Data Structures
Legacy File Event Data Structures
Appendix B
File Event for 5.2.x
The file event contains information on files that are sent over the network. This
includes the connection information, whether the file is malware, and specific
information to identify the file. The file event has a block type of 32 in the series 2
Direction
uint8
Value that indicates whether the file was
uploaded or downloaded. Can have the
following values:
•
•
1
— Download
•
2
— Upload
Currently the value depends on the protocol
(for example, if the connection is HTTP it is
a download).
Application ID
uint32
ID number that maps to the application
using the file transfer.
User ID
uint32
ID number for the user logged into the
destination host, as identified by the
system.
URI
string
Uniform Resource Identifier (URI) of the
connection.
Signature
string
SHA-256 hash of the file, in string format.
Source Port
uint16
Port number for the source of the
connection.
Destination
Port
uint16
Port number for the destination of the
connection.
Protocol
uint8
IANA protocol number specified by the user.
For example:
•
•
1
— ICMP
•
4
— IP
•
6
— TCP
•
17
— UDP
This is currently only TCP.
Access
Control Policy
UUID
uint8[16]
Unique identifier for the access control
policy that triggered the event.
File Event Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION