Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

190

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

Intrusion Policy Name Record

The eStreamer service transmits metadata containing intrusion policy name 

information for a connection event within an Intrusion Policy Name record, the 

format of which is shown below. (Intrusion policy name information is sent when 

one of the metadata flags—version 4 metadata bit 20 in the Request Flags field 

of a request message—is set. See 

 on page 30.) Note that the 

Intrusion Policy Name record field, which appears after the Message Length field, 

has a value of 118, indicating an Intrusion Policy Name record.

Web Application Record Fields 

Application ID

uint32

Application ID number of the web application.

Name Length

uint32

The number of bytes included in the name.

Name

string

The web application content name.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (118)

Record Length

Intrusion Policy Name Data Block (14)

Intrusion Policy Name Data Block Length

Intrusion Policy UUID

Intrusion Policy UUID, continued

Intrusion Policy UUID, continued

Intrusion Policy UUID, continued

String Block Type (0)

String Block Length

Intrusion Policy Name...