Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

156

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

Geolocation Data Block for 5.2+

This is a data block that contains the mapping of a country code to a country 

name. The record type is 520, and a block type of 28 in series 2. It is exposed as 

metadata for any event that has geolocation information. If metadata is requested 

and there is a value for the country code(s) in the event, then this block is 

returned along with other metadata.

String Block 

Length

uint32

The number of bytes included in the name 

String data block, including eight bytes for the 

block type and header fields plus the number 

of bytes in the Corrective Action field.

Corrective 

Action

string

Information regarding patches, upgrades, or 

other means to remove or mitigate the 

vulnerability.

String Block 

Type

uint32

Initiates a String data block containing the 

contributors for the rule. This value is always 0.

String Block 

Length

uint32

The number of bytes included in the name 

String data block, including eight bytes for the 

block type and header fields plus the number 

of bytes in the Contributors field.

Contributors

string

Contact information for the author of the rule 

and other relevant documentation.

String Block 

Type

uint32

Initiates a String data block containing the 

additional references associated with the rule. 

This value is always 0.

String Block 

Length

uint32

The number of bytes included in the name 

String data block, including eight bytes for the 

block type and header fields plus the number 

of bytes in the Additional References field.

Additional 

References

string

Additional information and references.

Rule Documentation Data Block Fields (Continued)