Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
3-49
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
The following diagram shows the format of the BLOB data block:
The following table describes the fields of the BLOB data block.
List Data Block
The eStreamer service uses the List data block to encapsulate a list of data blocks. For example,
eStreamer can use the List data block to send a list of TCP servers, each of which is itself a data block.
The List data block has a block type of 2 in the series 2 group of blocks.
eStreamer can use the List data block to send a list of TCP servers, each of which is itself a data block.
The List data block has a block type of 2 in the series 2 group of blocks.
The following diagram shows the basic format of a List data block:
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Data Block Type (1)
Data Block Length
Binary Data...
Table 3-28
BLOB Data Block Fields
Field
Data Type
Description
Data Block Type
uint32
Initiates a BLOB data block. This value is always
1
.
Data Block
Length
Length
uint32
Number of bytes in the BLOB data block, including eight bytes for the
BLOB block type and length fields, plus the length of the binary data
that follows.
BLOB block type and length fields, plus the length of the binary data
that follows.
Binary Data
variable
Contains binary data such as a server banner.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Block Type (2)
Block Length
Encapsulated Data Blocks...