Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
99
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
Managed Device Record Metadata
The eStreamer service transmits metadata containing information on the
managed device associated with an intrusion event within a Managed Device
record, the format of which is shown below. Managed device metadata is sent
when the Version 4 metadata flag—bit 20 in the Request Flags field of a request
message—is set. See
on page 30.) Note that the Record Type
field, which appears after the Message Length field, has a value of 123, indicating
a Managed Device record.
String Block
Type
uint32
Initiates a String data block containing the
name of the access control rule. This value is
always 0.
String Block
Length
uint32
The number of bytes included in the String
data block, including eight bytes for the block
type and header fields plus the number of
bytes in the rule name.
Access Control
Rule Name
string
The access control rule name.
Access Control Rule ID Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (123)
Record Length
Device ID
Name Length
Name...