eStreamer
Cisco's event streaming protocol used by Firepower Management Center (FMC) to send events to export security event data, intrusion alerts, connection logs, and other network telemetry in real-time. It enables integration with external SIEMs and analytics platforms, providing deep visibility into network security events.
| Field | Description |
|---|---|
eventType | Type of event (e.g., intrusion, connection, malware) |
timestamp | Time the event occurred |
sourceIP | Source IP address |
destinationIP | Destination IP address |
sourcePort | Source port number |
destinationPort | Destination port number |
protocol | Transport protocol (TCP, UDP, etc.) |
userIdentity | Associated user (if available) |
deviceUUID | Unique identifier for the source device |
application | Detected application (e.g., HTTP, SSH) |
threatScore | Severity or risk rating of the event |
signatureID | Identifier for the security rule triggered |
signatureName | Description of the triggered security rule |
malwareSHA256 | Hash of detected malware (if applicable) |
fileName | Name of the file involved in the event |
eStreamer provides detailed security telemetry and integrates with SIEMs for real-time threat monitoring and forensic analysis.