Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
289
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
User Attribute Value Data Block 4.7+
The User Attribute Value data block contains a list of IP address ranges that
indicate the hosts where the attribute value has changed, together with the
identification number for the user who added the attribute value, information
about the source that supplied the attribute value, and the BLOB data block
containing the attribute value. The User Attribute Value data block has a block
type of 82 in the series 1 group of blocks. Changes from the previous User
Attribute Value data block include a new source type field and the use of the
Generic list data block instead of the List data block to store IP addresses.
The following diagram shows the structure of a User Attribute Value data block:
The following diagram shows the structure of a User Attribute Value data block:
Source Type
uint32
Number that maps to the type of data source:
•
•
0
if the user criticality value was provided by
RNA
•
1
if the user criticality value was provided by a
user
•
2
if the user criticality value was provided by a
third-party scanner
•
3
if the user criticality value was provided by a
command line tool such as nmimport.pl or the
Host Input API client
Criticality
Value
uint32
User criticality value.
User Criticality Data Block Fields (Continued)
F
IELD
N
UMBER
OF
B
YTES
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
User Attribute Value Data Block Type (82)
User Attribute Value Block Length
IP Address Range Bloc
ks
Generic List Block Type (31)
Generic List Block Length
IP Address Range Specification Data Blocks...