Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
206
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
New Host and Host Last Seen Messages
New Host and Host Last Seen event messages have a standard discovery event
header and a Host Profile data block (as documented in
Note that the Host Last Seen message includes server information only for
servers on the host that have changed within the Update Interval set in the
discovery detection policy. In other words, only servers that have changed since
the system last reported information will be included in the Host Last Seen
message.
IMPORTANT!
The Host Profile data block differs depending on which system
version created the message. For information on legacy versions of the Host
Profile data block, see
Server Messages
The following TCP and UDP server event messages have a standard discovery
event header (as documented in
followed by a Server data block (as documented in
•
New TCP Server
•
New UDP Server
•
TCP Server Information Update
•
UDP Server Information Update
•
TCP Server Confidence Update
•
UDP Server Confidence Update
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
Host Profile Data Block