Cisco Cisco Firepower Management Center 2000 开发者指南
3-5
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Priority Record
The eStreamer service transmits the priority associated with an event in a Priority record, the format of
which is shown below. (Priority information is sent when one of the metadata flags—bits 1, 14, 15, or
20 in the Request Flags field of a request message—is set. See
which is shown below. (Priority information is sent when one of the metadata flags—bits 1, 14, 15, or
20 in the Request Flags field of a request message—is set. See
.) Note that the
Record Type field, which appears after the Message Length field, has a value of
4
, indicating a Priority
record.
The following table describes each priority-specific field.
Packet
Microsecond
Microsecond
uint32
Microsecond (one millionth of a second) increment that the packet
was captured.
was captured.
Link Type
uint32
Link layer type. Currently, the value will always be
1
(signifying the
Ethernet layer).
Packet Length
uint32
Number of bytes included in the packet data.
Packet Data
variable
Actual captured packet data (header and payload).
Table 3-2
Packet Record Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (4)
Record Length
Priority ID
Name Length
Priority Name...
Table 3-3
Priority Record Fields
Field
Data Type
Description
Priority ID
uint32
Indicates the priority identification number.
Name Length
uint16
Number of bytes included in the priority name.
Priority Name
variable
Priority name that corresponds with the priority ID (1 - high, 2 -
medium, 3 - low).
medium, 3 - low).