Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

B-83

FireSIGHT eStreamer Integration Guide

Appendix B Understanding Legacy Data Structures

Legacy Connection Data Structures

Connection Statistics Data Block 5.1

The Connection Statistics data block is used in Connection Data messages. Changes to the Connection
data block between 5.0.2 and 5.1 include the addition of new fields with configuration parameters
introduced in 5.1 (rule action reason, monitor rules, Security Intelligence source/destination, Security
Intelligence layer). The Connection Statistics data block for version 5.1 has a block type of 126.

For more information on the Connection Statistics Data message, see

Connection Statistics Data

Message, page 4-46

The following diagram shows the format of a Connection Statistics data block for 5.1:

String Block
Type

uint32

Initiates a String data block for the host NetBIOS name. This value is
always

String Block
Length

uint32

Number of bytes in the String data block, including eight bytes for the
string block type and length fields, plus the number of bytes in the
NetBIOS name string.

NetBIOS Name

string

Host NetBIOS name string.

String Block
Type

uint32

Initiates a String data block for the client application version. This
value is always

String Block
Length

uint32

Number of bytes in the String data block for the client application
version, including eight bytes for the string block type and length, plus
the number of bytes in the version.

Client
Application
Version

string

Client application version.

Table B-19

Connection Statistics Data Block 5.0 - 5.0.2 Fields (continued)

Field

Data Type

Description

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Connection Data Block Type (126)

Connection Data Block Length

Device ID

Ingress Zone

Ingress Zone, continued

Egress Zone