Cisco Cisco Firepower Management Center 4000 开发者指南
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
471
Understanding Legacy Data Structures
Legacy Intrusion Data Structures
Appendix B
Blocked
uint8
Value indicating whether the event was blocked.
• 0 — not blocked
• 0 — not blocked
• 1 — blocked
• 2 — would be blocked (but not permitted by
configuration)
MPLS Label
uint32
MPLS label.
VLAN ID
uint16
Indicates the ID of the VLAN where the packet
originated.
Pad
uint16
Reserved for future use.
Policy UUID
uint8[16]
A policy ID number that acts as a unique
identifier for the intrusion policy.
User ID
uint32
The internal identification number for the user, if
applicable.
Web
Application ID
uint32
The internal identification number for the web
application, if applicable.
Client
Application ID
uint32
The internal identification number for the client
application, if applicable.
Application
Protocol ID
uint32
The internal identification number for the
application protocol, if applicable.
Access
Control Rule
ID
uint32
A rule ID number that acts as a unique identifier
for the access control rule.
Access
Control Policy
UUID
uint8[16]
A policy ID number that acts as a unique
identifier for the access control policy.
Ingress
Interface
UUID
uint8[16]
An interface ID number that acts as a unique
identifier for the ingress interface.
Egress
Interface
UUID
uint8[16]
An interface ID number that acts as a unique
identifier for the egress interface.
Intrusion Event (IPv4) Record Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION