Cisco Cisco Firepower Management Center 4000 开发者指南
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
79
Understanding Intrusion and Correlation Data Structures
Intrusion Event and Metadata Record Types
Chapter 3
The
table describes each data field in an impact event.
Impact Event Data Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Intrusion
Impact Alert
Block Type
uint32
Indicates that an intrusion impact alert data block
follows. This field will always have a value of 20.
See
Intrusion
Impact Alert
Block Length
uint32
Indicates the length of the intrusion impact alert
data block, including all data that follows and 8
bytes for the intrusion impact alert block type
and length.
Event ID
uint32
Indicates the event identification number.
Device ID
uint32
Indicates the managed device identification
number.
Event Second
uint32
Indicates the second (from 01/01/1970) that the
event was detected.