Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
4-80
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the v3.5 operating system data block.
Policy Engine Control Message Data Block
The Policy Engine Control Message data block conveys the control message content for policy types.
The Policy Engine Control Message data block has a block type of 54 in the series 1 group of blocks.
The Policy Engine Control Message data block has a block type of 54 in the series 1 group of blocks.
The following diagram shows the format of the Policy Engine Control Message data block:
Table 4-43
Operating System Data Block 3.5+ Fields
Field
Data Type
Description
Operating System
Data Block Type
Data Block Type
uint32
Initiates the operating system data block. This value is always
53
.
Operating System
Data Block Length
Data Block Length
uint32
Number of bytes in the Operating System data block. This value
should always be
should always be
28
: eight bytes for the data block type and length
fields, plus four bytes for the confidence value and sixteen bytes
for the fingerprint UUID value.
for the fingerprint UUID value.
Confidence
uint32
Confidence percentage value.
Fingerprint UUID
uint8[16]
Fingerprint identification number, in octets, that acts as a unique
identifier for the operating system. The fingerprint UUID maps to
the operating system name, vendor, and version in the Cisco
database.
identifier for the operating system. The fingerprint UUID maps to
the operating system name, vendor, and version in the Cisco
database.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Policy Engine Control Message Block Type (54)
Policy Engine Control Message Block Length
Type
Control
Message
String Block Type (0)
String Block Length
Control Message...