Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
4-7
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
•
•
•
•
•
•
•
For metadata records for intrusion and correlation events, see
.
Fingerprint Record
The eStreamer service transmits the fingerprint metadata for an event within a Fingerprint record, the
format of which is shown below. (Fingerprint metadata is sent when one of the metadata flags—bits 1,
14, 15, or 20 in the Request Flags field of a request message—is set. See
format of which is shown below. (Fingerprint metadata is sent when one of the metadata flags—bits 1,
14, 15, or 20 in the Request Flags field of a request message—is set. See
.) Note
that the Record Type field, which appears after the Message Length field, has a value of
54
, indicating
a Fingerprint record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (54)
Record Length
Fingerprint
UUID
Fingerprint UUID
Fingerprint UUID cont.
Fingerprint UUID cont.
Fingerprint UUID cont.
OS Name Length
OS Name...
OS Vendor Length
OS Vendor...
OS Version Length
OS Version...