Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
4-142
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Operating System Fingerprint Data Block 5.1+
The Operating System Fingerprint data block has a block type of 130 in the series 1 group of blocks. The
block includes a fingerprint Universally Unique Identifier (UUID), as well as the fingerprint type, the
fingerprint source type, and the fingerprint source ID.
block includes a fingerprint Universally Unique Identifier (UUID), as well as the fingerprint type, the
fingerprint source type, and the fingerprint source ID.
Protocol
uint16
IANA protocol number or Ethertype for the protocol used by the
server affected by the vulnerability. This is handled differently for
Transport and Network layer protocols.
server affected by the vulnerability. This is handled differently for
Transport and Network layer protocols.
Transport layer protocols are identified by the IANA protocol
number. For example:
number. For example:
•
6
- TCP
•
17
- UDP
Network layer protocols are identified by the decimal form of the
IEEE Registration Authority Ethertype. For example:
IEEE Registration Authority Ethertype. For example:
•
2048
- IP
For client application vulnerabilities, the value is
0
.
Vulnerability ID
uint32
The Cisco vulnerability ID.
Third-Party
Vulnerability
UUID
Vulnerability
UUID
uint8 [16]
A unique ID number for the third-party vulnerability, if one exists.
Otherwise, the value is
Otherwise, the value is
0
.
String Block Type
uint32
Initiates a String data block for the vulnerability name. The value
is always
is always
0
.
String Block
Length
Length
uint32
The number of bytes in the String data block for the vulnerability
name, including eight bytes for the string block type and length,
plus the number of bytes in the vulnerability name.
name, including eight bytes for the string block type and length,
plus the number of bytes in the vulnerability name.
Vulnerability
Name
Name
string
The vulnerability name.
Client Application
ID
ID
uint32
The application ID of the client application. For server
vulnerabilities, the value is
vulnerabilities, the value is
0
.
Application
Protocol ID
Protocol ID
uint32
The application ID of the application protocol used by client
application. For server vulnerabilities, the value is
application. For server vulnerabilities, the value is
0
.
String Block Type
uint32
Initiates a String data block for the version string. The value is
always
always
0
.
String Block
Length
Length
uint32
The number of bytes in the String data block for the version,
including eight bytes for the string block type and length, plus the
number of bytes in the client application version string.
including eight bytes for the string block type and length, plus the
number of bytes in the client application version string.
Version
string
The client application version. For server vulnerabilities, the value
is
is
0
.
Table 4-78
User Vulnerability Data Block Fields (continued)
Field
Data Type
Description