Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
4-119
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Scan Result Data Block 5.2+
The Scan Result data block describes a vulnerability and is used within Add Scan Result events (event
type 1002, subtype 11). The Scan Result data block has a block type of 142 in the series 1 group of
blocks. It supersedes block type 102. The IP address field was increased to 16 bytes for version 5.2.
type 1002, subtype 11). The Scan Result data block has a block type of 142 in the series 1 group of
blocks. It supersedes block type 102. The IP address field was increased to 16 bytes for version 5.2.
The following diagram shows the format of a Scan Result data block:
Destination Mask
uint8
Destination address prefix mask.
Security Context
uint8(16)
ID number for the security context (virtual firewall) that the traffic
passed through. Note that the system only populates this field for
ASA FirePOWER devices in multi-context mode.
passed through. Note that the system only populates this field for
ASA FirePOWER devices in multi-context mode.
Table 4-68
Connection Statistics Data Block 5.3.1+ Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Scan Result Block Type (142)
Scan Result Block Length
User ID
Scan Type
IP Address
IP Address, continued
IP Address, continued
IP Address, continued
Port
Protocol
Flag
List Block Type (11)
Scan
Vulnerability
List
List Block Type (11)
List Block Length
Vulnerability
List
List Block Length
Scan Vulnerability Block Type (109)
Scan Vulnerability Block Type (109)
Scan Vulnerability Block Length
Scan Vulnerability Block Length
Vulnerability Data...