Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

97

Understanding Intrusion and Correlation Data Structures

Intrusion Event and Metadata Record Types

Chapter 3

The 

 table describes the fields in 

the Access Control Policy Name data block.

Access Control Rule ID Record Metadata

The eStreamer service transmits metadata containing information about the 

access control rule that triggered an intrusion event or connection event within an 

Access Control Rule ID record, the format of which is shown below. Access 

control rule metadata is sent when the Version 4 metadata flag—bit 20 in the 

Access Control Policy Name Data Block Fields 

Access Control 

Policy Name 

Data Block Type

uint32

Initiates an Access Control Policy Name data 

block. This value is always 14. The block type is 

a series 2 block.

Access Control 

Policy Name 

Data Block 

Length

uint32

Length of the data block. Includes the number 

of bytes of data plus the 8 bytes in the two 

data block header fields.

Access Control 

Policy UUID

uint8[16]

An ID number that acts as a unique identifier 

for the access control policy associated with 

the intrusion event or connection event

String Block 

Type

uint32

Initiates a String data block containing the 

name of the access control policy. This value is 

always 0.

String Block 

Length

uint32

The number of bytes included in the access 

control policy name String data block, including 

eight bytes for the block type and header fields 

plus the number of bytes in the access control 

policy name.

Access Control 

Policy Name

string

The access control policy name.