Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

B-57

FireSIGHT eStreamer Integration Guide

Appendix B Understanding Legacy Data Structures

Legacy Discovery Data Structures

Legacy Server Data Blocks

For more information, see the following section:

•

Attribute Address Data Block for 5.0 - 5.1.1.x, page B-57

Attribute Address Data Block for 5.0 - 5.1.1.x

The Attribute Address data block contains an attribute list item and is used within an Attribute Definition
data block. It has a block type of 38.

The following diagram shows the basic structure of an Attribute Address data block:

Event Type

uint32

Event type (

1000

for new events,

1001

for change events,

1002

for

user input events, 1050 for full host profile). See

Host Discovery

Structures by Event Type, page 4-36

for a list of available event

types.

Event Subtype

uint32

Event subtype. See

Host Discovery Structures by Event Type,

page 4-36

for a list of available event subtypes.

File Number

byte[4]

Serial file number. This field is for Cisco internal use and can be
disregarded.

File Position

byte[4]

Event’s position in the serial file. This field is for Cisco internal use
and can be disregarded.

Table B-11

Discovery Event Header Fields (continued)

Field

Data Types

Description

Byt

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Attribute Address Block Type (38)

Attribute Address Block Length

Attribute ID

IP Address

Bits