Cisco Cisco Firepower Management Center 2000 开发者指南

The following table describes the fields in the IP Reputation Category Data 

Block.

The file event contains information on files that are sent over the network. This includes the connection 
information, whether the file is malware, and specific information to identify the file. The file event has 
a block type of 43 in the series 2 group of blocks. It supersedes block type 38. A security context field 
has been added.

You request file event records by setting the file event flag—bit 30 in the Request Flags field—in the 
request message with an event version of 4 and an event code of 111. See 

. If 

you enable bit 23, an extended event header is included in the record.

The following graphic shows the structure of the File Event data block.

Description

String Block Type (0)

String Block Length

Category Name...

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

IP Reputation 
Category Data 
Block Type

uint32

Initiates a IP Reputation Category data block. This value is always 

22

.

IP Reputation 
Category Data 
Block Length

uint32

Total number of bytes in the IP Reputation Category data block, 
including eight bytes for the IP Reputation Category data block type 
and length fields, plus the number of bytes of data that follows. 

Rule ID

uint32

Internal identifier for the rule that triggered the event.

Policy UUID

uint8[16]

UUID of the policy that triggered the event.

String Block Type

uint32

Initiates a String data block containing the description of the IP 
Reputation Category. This value is always 

0

.

String Block 
Length

uint32

The number of bytes included in the Category Name String data 
block, including eight bytes for the block type and header fields plus 
the number of bytes in the Category Name field.

Category Name

string

Name of the category for the rule.