Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
4-19
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
The following table describes the fields in the User record.
Web Application Record
The system detects the content of HTTP traffic from websites, if available. Web application metadata for
a host discovery event may include the specific type of content (for example, WMV or QuickTime).
a host discovery event may include the specific type of content (for example, WMV or QuickTime).
The eStreamer service transmits the web application metadata for an event within a Web Application
record, the format of which is shown below. (Web application metadata is sent when one of the metadata
flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is set. See
record, the format of which is shown below. (Web application metadata is sent when one of the metadata
flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is set. See
.) Note that the Record Type field, which appears after the Message Length field, has a value
of
109
, indicating a Web Application record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (98)
Record Length
User ID
Protocol
Name Length
Name...
Table 4-14
User Record Fields
Field
Data Type
Description
User ID
uint32
The ID string for the user.
Protocol
uint32
The protocol for the traffic where the user was detected.
Name Length
uint32
The number of bytes included in the user name.
Name
string
The name of the user.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length