Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
2-19
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Event Data Message Format
Discovery Event Message Format
The graphic below shows the structure of discovery event messages. The standard eStreamer message
header and event record header are followed by a discovery event header used only in discovery and user
event messages. The discovery event header section of the message contains the discovery event type
and subtype fields, which together form a key to the data block that follows. For the current discovery
event types and subtypes, see
header and event record header are followed by a discovery event header used only in discovery and user
event messages. The discovery event header section of the message contains the discovery event type
and subtype fields, which together form a key to the data block that follows. For the current discovery
event types and subtypes, see
.
Discovery Event Message Headers
The shaded section in the following graphic shows the fields of the record header in the discovery event
data message format, and shows the location of the event header that follows it. The following table
defines the fields of the discovery event message headers.
data message format, and shows the location of the event header that follows it. The following table
defines the fields of the discovery event message headers.
eStreamer
Server
Timestamp
Server
Timestamp
uint32
Indicates the timestamp applied when the event was archived by the
eStreamer server. Also called the archival timestamp.
eStreamer server. Also called the archival timestamp.
Field present only if bit 23 is set in the request message flags.
Reserved for
future use
future use
uint32
Reserved for future use.
Field present only if bit 23 is set in the request message flags.
Table 2-8
Intrusion Event and Metadata Record Header Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Message Header
Discovery Event Record Header
for field details.
Discovery Event Header
See
for field details.
Series 1 Data Block
See
...
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (3)
Message Length
Record Type
See
Record Length