Event Streamer Integration Guide Index

Index

Access Control Policy Name data block 3-77

Access Control Policy Name record 3-31

Access Control Policy Rule ID Mapping data block 3-63

Access Control Policy Rule ID Metadata Block 3-63

Access Control Policy Rule Reason data block B-303

Access Control Policy Rule Reason Data Block for 6.0+ 3-75

Access Control Rule Action record 4-23

Access Control Rule data block 4-195, 4-199

Access Control Rule ID record 3-32

Access Control Rule Reason data block 5.1+ 4-196, 4-200

Access Control Rule Reason record 4-25, 4-27, 4-29, 4-30

Add Client Application message 4-58

Add Host Attribute message 4-56

Additional MAC Detected for Host message 4-51

Add Protocol message 4-58

Address Specification data block 4-99

Add Scan Result message 4-59

Attribute Address data block 4-79

Attribute Definition data block

4.7+ 4-87

Attribute List Item data block 4-81

Attribute record 4-13

Attribute Specification data block 4-96

Attribute Value data block 4-82

BLOB data block

series 1 4-72

series 2 3-58

Change NetBIOS Name message 4-52

Classification record

4.6.1+ 3-21

Client Application messages 4-47

Client Application record 4-9

Collective Security Intelligence Cloud Name record 3-35

Connection Chunk data block for 5.0-5.1 B-141

Connection Chunk data block for 5.1.1+ 4-100, B-142

Connection Chunk message 4-54

Connection Event message format 2-21

Connection Statistics data block

5.0-5.0.2 B-125

5.1.1.x B-144

5.1+ B-129

5.2.x B-135

5.3 B-150

5.3.1 B-156

5.4 B-163

5.4.1 B-176

6.0+ 4-118, B-189, B-204

Connection Statistics Data message 4-53

Correlation Event message format 2-21

Correlation Event record

5.0 - 5.0.2 B-252

5.1-5.3.x B-260

5.4+ 3-41

Correlation Policy record 3-22

Correlation record header format 2-21

Correlation Rule record 3-24

Criticality record data structure 4-12

Data Block header format 2-24

Delete Client Application message 4-58

Delete Host Attribute message 4-56

Delete Protocol message 4-58

Discovery Event header 5.0-5.1.1.x B-87

Discovery Event header 5.2+ 4-40

Discovery Event message format 2-19

Discovery Event message header 2-20

Endpoint Profile data block 3-68

Error message format 2-8

eStreamer message header format 2-7

Event Data message format 2-17

Event Extra Data message format 2-23

Event Stream Request message format 2-10

example

Classification record A-9

Error message format 2-9

Intrusion Event record 5.4+ A-1, A-14

Intrusion Impact Alert record A-6

New Network Protocol message A-30

New TCP Server message A-31

Null message format 2-8

Packet record A-8

Priority record A-11

Rule Message record A-12

Streaming Information message format 2-38

Streaming Service Request message 2-38

User Event record 5.1+ A-27

File Event for 5.3 B-229

Fingerprint record 4-7

Fix List data block 4-102

Full Host Client Application data block

5.0+ 4-152

Full Host Client Application data block 5.0+ 4-152

Full Host Profile data block

5.0 - 5.0.2 B-268

5.1.1 B-277

5.2.x B-285

5.3+ 5-1

Full Host Server data block 4.10.0+ 4-138

Full Server Information data block 4-144

Full Sub-Server data block 4-84

Generic List data block

series 1 4-73

series 2 3-60

Generic Scan Results data block

4.10.0+ 4-147

Hops Change message 4-50

Host Attribute messages 4-56

Host Attribute Value messages 4-57

Host Client Application data block

5.0+ 4-153

Host Data message format 2-30

Host Deleted: Host Limit Reached message 4-49

Host Dropped: Host Limit Reached message 4-50

Host Identified as a Bridge/Router message 4-51

Host IP Address Changed message 4-48

Host IP Address data block 4-97

Host IP Address Reused message 4-49

Host Last Seen message 4-45

Host MAC Address data block 4.9+ 4-115

Host Profile data block 5.2+ 4-160

Host Profile data block for 5.1.x B-297

Host Request message format 2-25

Host Server data block

4.10.0+ 4-136

Host Timeout message 4-49

Host Vulnerability data block

4.9.0+ 4-112

ICMP Code data block 3-65

ICMP Type data block 3-64

Identity Conflict message 4-60

Identity data block 4-113

Identity Timeout message 4-60

Integer (INT32) data block 4-76

Interface Name record 3-30

Intrusion Event Extra Data Metadata record 3-27

Intrusion Event Extra Data record 3-25

Intrusion Event Message Format 2-18

Intrusion Event record

5.0.w.x B-12

5.0.x - 5.1 (IPv6) B-6

5.0x-5.1 (IPv4) B-2

5.1.1.x B-23

5.3 B-17

5.3.1 B-29

5.4.x B-36

Intrusion Event Record 5.2.x B-12

Intrusion Event Record 5.3 B-17

Intrusion Event Record 5.3.1 B-29

Intrusion Event Record 6.0+ 3-7

Intrusion Impact Alert record B-44

Intrusion Impact Alert record 5.3+ 3-16

Intrusion Policy Name record 4-22

IP Address Change message 4-48

IP Range Specification data block for 5.0-5.1.1.x B-303

IP Range Specification data block for 5.2+ 4-95

IP Reputation Category data block 3-78

List data block

series 1 4-72

series 2 3-59

MAC Address messages 4-51

MAC Address Specification data block 4-98

MAC Information Change message 4-51

Malware Event data block 5.1 B-46

Malware Event data block 5.1.1.x B-50

Malware Event data block 5.2.x B-56

Malware Event data block 5.3 B-63

Malware Event data block 5.3.1 B-70

Malware Event data block 5.4.x B-77

Malware Event Data Block 6.0+ 3-89

Malware Event Record 5.1.1+ 3-34

Managed Device Record Metadata 3-34

Message bundle format 2-39

Metadata message format 2-18

Mobile Device Information data block 5.1+ 4-159

Multiple Host Data message format 2-30

Name Description Mapping data block 3-61

Network Protocol record 4-12

New Host message 4-45

New IP to IP Traffic message 4-48

New Network Protocol message 4-47

New TCP Server message 4-46

New UDP Server message 4-46

Null message format 2-7

Operating System data block 3.5+ 4-86

Operating System Fingerprint data block

5.0-5.0.2 B-123

5.1+ 4-157

Operating System Fingerprint data block 5.1+ 4-157

OS Confidence Update message 4-49

OS Information Update message 4-49

Packet record data structure

4.8.0.2+ 3-5

Policy Control message 4-53

Policy Engine Control Message data block 4-86

Priority record 3-6

Protocol data block 4-75

Request Flags format 2-11

Rule Documentation Data Block for 5.2+ 3-102

Rule Message record data structure 4.6.1+ 3-20

Scan Result data block

5.0-5.1.1.x B-92

5.2+ 4-134

Scan Type record 4-14

Scan Vulnerability data block

4.10.0+ 4-149

Secondary Host Update data block 4-116

Security Intelligence Category data block 5.1+ 4-198

Security Intelligence Category record 4-32

Security Intelligence Source/Destination Record 4-33

Security Zone Name record 3-28

Server Banner data block 4-77

Server Information data block

4.10.x,5.0 - 5.0.2 4-142

Server messages 4-46

Server record 4-15

Source Application record 4-16

Source Detector record 4-17

Source Type record 4-16

Streaming Event Type 2-35

Streaming Information message format 2-31

Streaming Request message format 2-32

Streaming Service Request 2-33

Streaming Service Request data structure 2-33

String data block

series 1 4-71

series 2 3-57

String Information data block 4-78

Sub-Server data block 4-74

TCP Port Closed message 4-50

TCP Port Timeout message 4-50

TCP Server Confidence Update message 4-46

TCP Server Information Update message 4-46

Third Party Scanner Vulnerability record 4-18

UDP Port Closed message 4-50

UDP Port Timeout message 4-50

UDP Server Confidence Update message 4-46

UDP Server Information Update message 4-46

Update Banner message 4-53

Update Host Attribute message 4-56

URL Category record 4-24

URL Reputation record 4-24

User Account Update message data block 4-176

User Add Hosts message 4-55

User Attribute Value data block 4.7+ 4-109

User Client Application data block for 5.0-5.1 B-90

User Client Application data block for 5.1.1+ 4-92

User Client Application List data block 4-93

User Criticality Change data block 4.7+ 4-108

User data blocks 4-174

User Delete Address message 4-55

User Delete Server message 4-55

User Hosts data block 4.7+ 4-105

User Information data block for 5.x B-114

User Information data block for 6.0+ 4-185

User Information Update message 4-62

User Login Information data block

5.0-5.0.2 B-100

5.1-5.4.x B-102

6.0+ 4-190, B-104, B-107, B-110

User Modification message 4-61

User Product data block

5.0.x B-94

5.1+ 4-168

User Protocol data block 4-90

User Protocol List data block 4.7+ 4-111

User record 3-19, 4-19

User Server data block 4-102

User Server List data block 4-104

User Set Host Criticality message 4-56

User Set Invalid Vulnerabilities message 4.6.1+ 4-54

User Set Valid Vulnerabilities message 4.6.1+ 4-54

User Vulnerability Change data block 4.7+ 4-106

User Vulnerability data block

5.0+ 4-155

User Vulnerability Qualification message 4.6.1+ 4-54

UUID String Mapping data block 3-60

VLAN data block 4-76

VLAN Tag Information Update message 4-52

Vulnerability record 4-9

Web Application data block

5.0+ 4-117

Web Application record 4-21

Index

A

Access Control Policy Name data block 3-77

Access Control Policy Name record 3-31

Access Control Policy Rule ID Mapping data block 3-63

Access Control Policy Rule ID Metadata Block 3-63

Access Control Policy Rule Reason data block B-303

Access Control Policy Rule Reason Data Block for 6.0+ 3-75

Access Control Rule Action record 4-23

Access Control Rule data block 4-195, 4-199

Access Control Rule ID record 3-32

Access Control Rule Reason data block 5.1+ 4-196, 4-200

Access Control Rule Reason record 4-25, 4-27, 4-29, 4-30

Add Client Application message 4-58

Add Host Attribute message 4-56

Additional MAC Detected for Host message 4-51

Add Protocol message 4-58

Address Specification data block 4-99

Add Scan Result message 4-59

Attribute Address data block 4-79

Attribute Definition data block

4.7+ 4-87

Attribute List Item data block 4-81

Attribute record 4-13

Attribute Specification data block 4-96

Attribute Value data block 4-82

B

BLOB data block

series 1 4-72

series 2 3-58

C

Change NetBIOS Name message 4-52

Classification record

4.6.1+ 3-21

Client Application messages 4-47

Client Application record 4-9

Collective Security Intelligence Cloud Name record 3-35

Connection Chunk data block for 5.0-5.1 B-141

Connection Chunk data block for 5.1.1+ 4-100, B-142

Connection Chunk message 4-54

Connection Event message format 2-21

Connection Statistics data block

5.0-5.0.2 B-125

5.1.1.x B-144

5.1+ B-129

5.2.x B-135

5.3 B-150

5.3.1 B-156

5.4 B-163

5.4.1 B-176

6.0+ 4-118, B-189, B-204

Connection Statistics Data message 4-53

Correlation Event message format 2-21

Correlation Event record

5.0 - 5.0.2 B-252

5.1-5.3.x B-260

5.4+ 3-41

Correlation Policy record 3-22

Correlation record header format 2-21

Correlation Rule record 3-24

Criticality record data structure 4-12

D

Data Block header format 2-24

Delete Client Application message 4-58

Delete Host Attribute message 4-56

Delete Protocol message 4-58

Discovery Event header 5.0-5.1.1.x B-87

Discovery Event header 5.2+ 4-40

Discovery Event message format 2-19

Discovery Event message header 2-20

E

Endpoint Profile data block 3-68

Error message format 2-8

eStreamer message header format 2-7

Event Data message format 2-17

Event Extra Data message format 2-23

Event Stream Request message format 2-10

example

Classification record A-9

Error message format 2-9

Intrusion Event record 5.4+ A-1, A-14

Intrusion Impact Alert record A-6

New Network Protocol message A-30

New TCP Server message A-31

Null message format 2-8

Packet record A-8

Priority record A-11

Rule Message record A-12

Streaming Information message format 2-38

Streaming Service Request message 2-38

User Event record 5.1+ A-27

F

File Event for 5.3 B-229

Fingerprint record 4-7

Fix List data block 4-102

Full Host Client Application data block

5.0+ 4-152

Full Host Client Application data block 5.0+ 4-152

Full Host Profile data block

5.0 - 5.0.2 B-268

5.1.1 B-277

5.2.x B-285

5.3+ 5-1

Full Host Server data block 4.10.0+ 4-138

Full Server Information data block 4-144

Full Sub-Server data block 4-84

G

Generic List data block

series 1 4-73

series 2 3-60

Generic Scan Results data block

4.10.0+ 4-147

H

Hops Change message 4-50

Host Attribute messages 4-56

Host Attribute Value messages 4-57

Host Client Application data block

5.0+ 4-153

Host Data message format 2-30

Host Deleted: Host Limit Reached message 4-49

Host Dropped: Host Limit Reached message 4-50

Host Identified as a Bridge/Router message 4-51

Host IP Address Changed message 4-48

Host IP Address data block 4-97

Host IP Address Reused message 4-49

Host Last Seen message 4-45

Host MAC Address data block 4.9+ 4-115

Host Profile data block 5.2+ 4-160

Host Profile data block for 5.1.x B-297

Host Request message format 2-25

Host Server data block

4.10.0+ 4-136

Host Timeout message 4-49

Host Vulnerability data block

4.9.0+ 4-112

I

ICMP Code data block 3-65

ICMP Type data block 3-64

Identity Conflict message 4-60

Identity data block 4-113

Identity Timeout message 4-60

Integer (INT32) data block 4-76

Interface Name record 3-30

Intrusion Event Extra Data Metadata record 3-27

Intrusion Event Extra Data record 3-25

Intrusion Event Message Format 2-18

Intrusion Event record

5.0.w.x B-12

5.0.x - 5.1 (IPv6) B-6

5.0x-5.1 (IPv4) B-2

5.1.1.x B-23

5.3 B-17

5.3.1 B-29

5.4.x B-36

Intrusion Event Record 5.2.x B-12

Intrusion Event Record 5.3 B-17

Intrusion Event Record 5.3.1 B-29

Intrusion Event Record 6.0+ 3-7

Intrusion Impact Alert record B-44

Intrusion Impact Alert record 5.3+ 3-16

Intrusion Policy Name record 4-22

IP Address Change message 4-48

IP Range Specification data block for 5.0-5.1.1.x B-303

IP Range Specification data block for 5.2+ 4-95

IP Reputation Category data block 3-78

L

List data block

series 1 4-72

series 2 3-59

M

MAC Address messages 4-51

MAC Address Specification data block 4-98

MAC Information Change message 4-51

Malware Event data block 5.1 B-46

Malware Event data block 5.1.1.x B-50

Malware Event data block 5.2.x B-56

Malware Event data block 5.3 B-63

Malware Event data block 5.3.1 B-70

Malware Event data block 5.4.x B-77

Malware Event Data Block 6.0+ 3-89

Malware Event Record 5.1.1+ 3-34

Managed Device Record Metadata 3-34

Message bundle format 2-39

Metadata message format 2-18

Mobile Device Information data block 5.1+ 4-159

Multiple Host Data message format 2-30

N

Name Description Mapping data block 3-61

Network Protocol record 4-12

New Host message 4-45

New IP to IP Traffic message 4-48

New Network Protocol message 4-47

New TCP Server message 4-46

New UDP Server message 4-46

Null message format 2-7

O

Operating System data block 3.5+ 4-86

Operating System Fingerprint data block

5.0-5.0.2 B-123

5.1+ 4-157

Operating System Fingerprint data block 5.1+ 4-157

OS Confidence Update message 4-49

OS Information Update message 4-49

P

Packet record data structure

4.8.0.2+ 3-5

Policy Control message 4-53

Policy Engine Control Message data block 4-86

Priority record 3-6

Protocol data block 4-75

R

Request Flags format 2-11

Rule Documentation Data Block for 5.2+ 3-102

Rule Message record data structure 4.6.1+ 3-20

S

Scan Result data block

5.0-5.1.1.x B-92

5.2+ 4-134

Scan Type record 4-14

Scan Vulnerability data block

4.10.0+ 4-149

Secondary Host Update data block 4-116

Security Intelligence Category data block 5.1+ 4-198

Security Intelligence Category record 4-32

Security Intelligence Source/Destination Record 4-33

Security Zone Name record 3-28

Server Banner data block 4-77

Server Information data block

4.10.x,5.0 - 5.0.2 4-142

Server messages 4-46

Server record 4-15

Source Application record 4-16

Source Detector record 4-17

Source Type record 4-16

Streaming Event Type 2-35

Streaming Information message format 2-31

Streaming Request message format 2-32

Streaming Service Request 2-33

Streaming Service Request data structure 2-33

String data block

series 1 4-71

series 2 3-57

String Information data block 4-78

Sub-Server data block 4-74

T

TCP Port Closed message 4-50

TCP Port Timeout message 4-50

TCP Server Confidence Update message 4-46

TCP Server Information Update message 4-46

Third Party Scanner Vulnerability record 4-18

U

UDP Port Closed message 4-50

UDP Port Timeout message 4-50

UDP Server Confidence Update message 4-46

UDP Server Information Update message 4-46

Update Banner message 4-53

Update Host Attribute message 4-56

URL Category record 4-24

URL Reputation record 4-24

User Account Update message data block 4-176

User Add Hosts message 4-55

User Attribute Value data block 4.7+ 4-109

User Client Application data block for 5.0-5.1 B-90

User Client Application data block for 5.1.1+ 4-92

User Client Application List data block 4-93

User Criticality Change data block 4.7+ 4-108

User data blocks 4-174

User Delete Address message 4-55

User Delete Server message 4-55

User Hosts data block 4.7+ 4-105

User Information data block for 5.x B-114

User Information data block for 6.0+ 4-185

User Information Update message 4-62

User Login Information data block

5.0-5.0.2 B-100

5.1-5.4.x B-102

6.0+ 4-190, B-104, B-107, B-110

User Modification message 4-61

User Product data block

5.0.x B-94

5.1+ 4-168

User Protocol data block 4-90

User Protocol List data block 4.7+ 4-111

User record 3-19, 4-19

User Server data block 4-102

User Server List data block 4-104

User Set Host Criticality message 4-56

User Set Invalid Vulnerabilities message 4.6.1+ 4-54

User Set Valid Vulnerabilities message 4.6.1+ 4-54

User Vulnerability Change data block 4.7+ 4-106

User Vulnerability data block

5.0+ 4-155

User Vulnerability Qualification message 4.6.1+ 4-54

UUID String Mapping data block 3-60

V

VLAN data block 4-76

VLAN Tag Information Update message 4-52

Vulnerability record 4-9

W

Web Application data block

5.0+ 4-117

Web Application record 4-21

Firepower System Event Streamer Integration Guide, Version 6.6.0

Bias-Free Language

Book Title

Firepower System Event Streamer Integration Guide, Version 6.6.0

Chapter Title