Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
628
Understanding Legacy Data Structures
Legacy File Event Data Structures
Appendix B
File Event SHA Hash for 5.1.1-5.2.x
The eStreamer service uses the File Event SHA Hash data block to contain
metadata of the mapping of the SHA hash of a file to its filename. The block type
is 26 in the series 2 list of data blocks. It can be requested if file log events have
been requested in the extended requests—event code 111—and either bit 20 is
set or metadata is requested with an event version of 4 and an event code of 21.
URI
string
Uniform Resource Identifier (URI) of the
connection.
Signature
string
SHA-256 hash of the file, in string format.
Source Port
uint16
Port number for the source of the
connection.
Destination
Port
uint16
Port number for the destination of the
connection.
Protocol
uint8
IANA protocol number specified by the user.
For example:
•
•
1
— ICMP
•
4
— IP
•
6
— TCP
•
17
— UDP
This is currently only TCP.
Access
Control Policy
UUID
uint8[16]
Unique identifier for the access control
policy that triggered the event.
Source
Country
uint16
Code for the country of the source host.
Destination
Country
uint16
Code for the country of the destination
host.
Web
Application ID
uint32
The internal identification number for the
web application, if applicable.
Client
Application ID
uint32
The internal identification number for the
client application, if applicable.
File Event Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION