Cisco Cisco Firepower Management Center 4000 开发者指南

Note that the block structure includes encapsulated String block types, one of several series 2 variable 
length data structures introduced in Version 4.10 of the FireSIGHT System.

The following table describes the fields in the Event Extra Data Metadata record.

eStreamer Server Timestamp (in events, only if bit 23 is set)

Reserved for Future Use (in events, only if bit 23 is set)

Event Extra Data Metadata Data Block Type (5)

Data Block Length

Type

String Block Type (0)

String Block Length

Name...

String Block Type (0)

String Block Length

Encoding

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Event Extra Data 
Metadata Data Block 
Type

uint32

Initiates an Event Extra Data Metadata data block. This value is 
always 

5

. This block type is a series 2 block.

Event Extra Data 
Metadata Data Block 
Length

uint32

Length of the data block. Includes the number of bytes of data plus 
the 8 bytes in the two data block header fields.

Type

uint32

The type of extra data. Matches the Type field in the associated 
Event Extra Data record.

String Block Type

uint32

Initiates a String data block for the client application version. This 
value is always 

0

. This block type is a series 2 block.

String Block Length

uint32

Number of bytes in the client application version String data block, 
including eight bytes for the string block type and length fields, 
plus the number of bytes in the version string.

Name

string

Name of the type of event extra data, for example, XFF client 
(IPv6), and HTTP URI.

String Block Type 

uint32

Initiates a string data block for the client application URL. This 
value is always 

0

. This block type is a series 2 block.