Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
4-107
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following diagram shows the format of the Host Vulnerability data block:
The following table describes the components of the Host Vulnerability data block.
Identity Data Block
The identity data block has a block type of 94 in the series 1 group of blocks. Identity data blocks are
used in identity conflict and identity timeout messages, which indicate when the identities of an
operating system or server fingerprint source conflict or time out. The data block describes reported
identities that have been identified as being in conflict with active source identities (user, scanner, or
application). For more information, see
used in identity conflict and identity timeout messages, which indicate when the identities of an
operating system or server fingerprint source conflict or time out. The data block describes reported
identities that have been identified as being in conflict with active source identities (user, scanner, or
application). For more information, see
.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Host Vulnerability Block Type (85)
Host Vulnerability Block Length
Host Vulnerability ID
Invalid Flags
Type
Type (cont.)
Table 4-63
Host Vulnerability Data Block Fields
Field
Data Type
Description
Host Vulnerability
Block Type
Block Type
uint32
Initiates an Host Vulnerability data block. This value is always
85
.
Host Vulnerability
Block Length
Block Length
uint32
Total number of bytes in the Host Vulnerability data block,
including eight bytes for the host vulnerability block type and
length fields, plus the number of bytes of host vulnerability data
that follows.
including eight bytes for the host vulnerability block type and
length fields, plus the number of bytes of host vulnerability data
that follows.
Host Vulnerability ID uint32
The identification number for the vulnerability.
Invalid Flags
uint8
A value indicating whether the vulnerability is valid for the host.
Type
uint32
The type of vulnerability.