Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
4-121
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Host Server Data Block 4.10.0+
The Host Server data block conveys information about the detected servers on a host. It contains a block
for each detected server, and also includes a list of web application data blocks for the web applications
the server is running. Host Server data blocks are contained in messages for new and changed TCP and
UDP servers. For more information, see
for each detected server, and also includes a list of web application data blocks for the web applications
the server is running. Host Server data blocks are contained in messages for new and changed TCP and
UDP servers. For more information, see
. The Host Server data block has a
block type of 103 in the series 1 group of blocks.
List Block Type uint32
Initiates a List data block comprising Scan Vulnerability data blocks
conveying transport Scan Vulnerability data. This value is always
conveying transport Scan Vulnerability data. This value is always
11
.
List Block
Length
Length
uint32
Number of bytes in the list. This number includes the eight bytes of the
list block type and length fields, plus all encapsulated Scan
Vulnerability data blocks.
list block type and length fields, plus all encapsulated Scan
Vulnerability data blocks.
This field is followed by zero or more Scan Vulnerability data blocks.
Scan
Vulnerability
Block Type
Vulnerability
Block Type
uint32
Initiates a Scan Vulnerability data block describing a vulnerability
detected during a scan. This value is always
detected during a scan. This value is always
109
.
Scan
Vulnerability
Block Length
Vulnerability
Block Length
uint32
Number of bytes in the Scan Vulnerability data block, including eight
bytes for the scan vulnerability block type and length fields, plus the
number of bytes in the scan vulnerability data that follows.
bytes for the scan vulnerability block type and length fields, plus the
number of bytes in the scan vulnerability data that follows.
Vulnerability
Data
Data
string
Information relating to each vulnerability.
List Block Type uint32
Initiates a List data block comprising Scan Vulnerability data blocks
conveying transport Scan Vulnerability data. This value is always
conveying transport Scan Vulnerability data. This value is always
11
.
List Block
Length
Length
uint32
Number of bytes in the list. This number includes the eight bytes of the
list block type and length fields, plus all encapsulated Scan
Vulnerability data blocks.
list block type and length fields, plus all encapsulated Scan
Vulnerability data blocks.
This field is followed by zero or more Scan Vulnerability data blocks.
Generic Scan
Results Block
Type
Results Block
Type
uint32
Initiates a Generic Scan Results data block describing server and
operating system data detected during a scan. This value is always
operating system data detected during a scan. This value is always
108
.
Generic Scan
Results Block
Length
Results Block
Length
uint32
Number of bytes in the Generic Scan Results data block, including
eight bytes for the generic scan results block type and length fields,
plus the number of bytes in the scan result data that follows.
eight bytes for the generic scan results block type and length fields,
plus the number of bytes in the scan result data that follows.
Generic Scan
Results Data
Results Data
string
Information relating to each scan result.
Generic List
Block Type
Block Type
uint32
Initiates a Generic List data block comprising User Product data blocks
conveying host input data from a third-party application. This value is
always
conveying host input data from a third-party application. This value is
always
31
.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic List data block, including the list
header and all encapsulated User Product data blocks.
header and all encapsulated User Product data blocks.
User Product
Data Blocks *
Data Blocks *
variable
User Product data blocks containing host input data. See
for a description of this data block.
Table 4-69
Scan Result Data Block Fields (continued)
Field
Data Type
Description