Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
4-88
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the User Client Application List data block.
IP Address Range Data Block for 5.2+
The IP Address Range data block for 5.2+ conveys a range of IP addresses. IP Address Range data blocks
are used in User Protocol, User Client Application, Address Specification, User Product, User Server,
User Hosts, User Vulnerability, User Criticality, and User Attribute Value data blocks. The IP Address
Range data block has a block type of 141 in the series 1 group of blocks.
are used in User Protocol, User Client Application, Address Specification, User Product, User Server,
User Hosts, User Vulnerability, User Criticality, and User Attribute Value data blocks. The IP Address
Range data block has a block type of 141 in the series 1 group of blocks.
Table 4-48
User Client Application List Data Block Fields
Field
Number of
Bytes
Bytes
Description
User Client
Application List
Block Type
Application List
Block Type
uint32
Initiates a User Client Application List data block. This value is
always
always
60
.
User Client
Application List
Block Length
Application List
Block Length
uint32
Total number of bytes in the User Client Application List data block,
including eight bytes for the user client application list block type
and length fields, plus the number of bytes of user client application
list data that follows.
including eight bytes for the user client application list block type
and length fields, plus the number of bytes of user client application
list data that follows.
Source Type
uint32
Number that maps to the type of data source:
•
0
if the client data was detected by RNA
•
1
if the client data was provided by a user
•
2
if the client data was detected by a third-party scanner
•
3
if the client data was provided by a command line tool such as
nmimport.pl
or the Host Input API client
Source ID
uint32
Identification number that maps to the source that added the affected
client application. Depending on the source type, this may map to
RNA, a user, a scanner, or a third-party application.
client application. Depending on the source type, this may map to
RNA, a user, a scanner, or a third-party application.
Generic List Block
Type
Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and encapsulated data
blocks. This number includes the eight bytes of the generic list block
header fields, plus the number of bytes in all of the encapsulated
data blocks.
blocks. This number includes the eight bytes of the generic list block
header fields, plus the number of bytes in all of the encapsulated
data blocks.
User Client
Application
Blocks
Application
Blocks
variable
Encapsulated User Client Application data blocks up to the
maximum number of bytes in the list block length. For more
information on the User Client Application data block, see
maximum number of bytes in the list block length. For more
information on the User Client Application data block, see