Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-34
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Sample Extended Request Messages
Sample Extended Request Messages
The following samples show how eStreamer advertises services, and how the client requests services
from the eStreamer server.
from the eStreamer server.
Streaming Information Message
In the sample below, the server advertises two services, the first type
6667
(eStreamer) and the second
type
5000
. In Streaming Information messages from the server, the flags field and initial timestamp fields
are zero, and the message specifies no event types.
user events
1
- 4.7 - 4.10.x
2
- 5.0.x
3
- 5.1-5.1.x
4
- 5.2+
91
malware events
1
- 5.1.0.x
2
- 5.1.1.x
3
- 5.2.x
4
- 5.3
5
- 5.3.1+
101
file events
1
- 5.1.1 - 5.1.x
2
- 5.2.x
3
- 5.3
4
- 5.3.1+
111
impact correlation events
1
- 5.2.x and earlier
2
- 5.3+
131
terminating event type in a list
0
0
Table 2-20
Event Types and Versions for Extended Request (continued)
To request...
Use this event version number...
And this event code
Table 2-21
Header Version:
1
/*always
1
*/
Message Type:
2051
/*streaming info msg*/
Message Length
32
/*bytes of msg content*/
Service[1].Type
6667
/*eStreamer service ID*/
Service[1].Length
8
Service[1].Flags
0
/*no flags from server*/
Service[1].Initial Timestamp
0
/*always
0
*/
Service[2].Type
5000
/*service-2 ID*/