Cisco Cisco Firepower Management Center 2000 开发者指南
B-26
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Intrusion Data Structures
The following table describes each intrusion event record data field.
Interface Ingress UUID
Interface Ingress UUID, continued
Interface Ingress UUID, continued
Interface Ingress UUID, continued
Interface Egress UUID
Interface Egress UUID, continued
Interface Egress UUID, continued
Interface Egress UUID, continued
Security Zone Ingress UUID
Security Zone Ingress UUID, continued
Security Zone Ingress UUID, continued
Security Zone Ingress UUID, continued
Security Zone Egress UUID
Security Zone Egress UUID, continued
Security Zone Egress UUID, continued
Security Zone Egress UUID, continued
Connection Timestamp
Connection Instance ID
Connection Counter
Byt
e
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table B-5
Intrusion Event Record 5.1.1 Fields
Field
Data Type
Description
Block Type
unint32
Initiates an Intrusion Event data block. This value is always
25
.
Block Length
unint32
Total number of bytes in the Intrusion Event data block, including eight
bytes for the Intrusion Event block type and length fields, plus the
number of bytes of data that follows.
bytes for the Intrusion Event block type and length fields, plus the
number of bytes of data that follows.