Руководство Разработчика для Cisco Cisco Firepower Management Center 2000

Cisco

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

648

Understanding Legacy Data Structures

Legacy Correlation Event Data Structures

Appendix B

Event ID

Event Defined Mask

Event Impact Flags

IP Protocol

Network Protocol

Source IP

Source Host Type

Source VLAN ID

Source OS Fprt UUID

So

urce OS Fprt UUID

Source OS Fingerprint UUID, continued

Source OS Fingerprint UUID, continued

Source OS Fingerprint UUID, continued

Source OS Fingerprint UUID, continued

Source Criticality

Source Criticality, cont

Source User ID

Source User ID, cont

Source Port

Source Server ID

Source Server ID, continued

Destination IP

Destination IP, continued

Dest. Host Type

Dest. VLAN ID

Destination OS Fingerprint UUID

Dest OS Fingerprint UUID

Destination OS Fingerprint UUID, continued

Destination OS Fingerprint UUID, continued

Destination OS Fingerprint UUID, continued

Destination OS Fingerprint UUID, continued

Destination Criticality

Dest. User ID

Destination Port

Destination Server ID

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11

1

2

1

3

1

4

1

5

1

6

1

7

1

8

1

9

2

0

2

1

2

2

2

3

2

4

2

5

2

6

2

7

2

8

2

9

3

0

3

1