At the highest level, the eStreamer service is a mechanism for streaming data from the FireSIGHT
System to a requesting client. The service can stream the following categories of data:

•

Intrusion event data and event extra data

•

Correlation (compliance) event data

•

Discovery event data

•

User event data

•

Metadata for events

•

Host information

•

Malware event data

Descriptions of the data structures returned by eStreamer make up the majority of this book. The
chapters in the book are:

•

Understanding the eStreamer Application Protocol, page 2-1

, which provides an overview of

eStreamer communications, details some of the requirements for writing eStreamer client
applications, and describes the four types of messages used to send commands to and receive data
from the eStreamer service.

•

Understanding Intrusion and Correlation Data Structures, page 3-1

, which documents the data

formats used to return event data generated by the intrusion detection and correlation components
and the data formats used to represent the intrusion and correlation events.

•

Understanding Discovery & Connection Data Structures, page 4-1

, which documents the data

formats used to return discovery, user, and connection event data.

•

Understanding Host Data Structures, page 5-1

, which documents the data formats that eStreamer

uses to return full host information data when it receives a host information request message.

•

Configuring eStreamer, page 6-1

, which documents how to configure the eStreamer on a Defense

Center or managed device. The chapter also documents the eStreamer command-line switches and
provides instructions for manually starting and stopping the eStreamer service and for configuring
the Defense Center or managed device to start eStreamer automatically.

•

Data Structure Examples, page A-1

, which provides examples of eStreamer message packets in

binary format.