Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
4-57
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
20
Intrusion Impact
Alert
Alert
Current
Contains intrusion impact alert information.
Intrusion impact alert events have slightly different
headers than other data blocks. See
Intrusion impact alert events have slightly different
headers than other data blocks. See
for more information.
31
Generic List
Current
Contains generic list information, for example, to
encapsulate lists of blocks, such as Client
Application blocks, in the Host Profile block. See
encapsulate lists of blocks, such as Client
Application blocks, in the Host Profile block. See
for more information.
35
String
Information
Information
Current
Contains string information. For example, when
used in the Scan Vulnerability data block, the String
Information data block contains the CVE
identification number data. See
used in the Scan Vulnerability data block, the String
Information data block contains the CVE
identification number data. See
37
Server Banner
Current
Contains server banner data. See
for more information.
38
Attribute
Address
Address
Legacy
Contains the host attribute address (as documented
in earlier versions of the product). The successor
block is 146.
in earlier versions of the product). The successor
block is 146.
39
Attribute List
Item
Item
Current
Contains a host attribute list item value. See
for more
information.
42
Host Client
Application
Application
Legacy
Contains client application information for New
Client Application events (as documented for earlier
versions of the product).
Client Application events (as documented for earlier
versions of the product).
47
Full Host Profile Legacy
Contains complete host profile information (as
documented in earlier versions of the product).
documented in earlier versions of the product).
48
Attribute Value
Current
Contains attribute identification numbers and values
for host attributes. See
for host attributes. See
for more information.
51
Full Sub-Server
Current
Contains information about a sub-server detected on
a server. Referenced in Full Server information
blocks and in full host profiles. Includes
vulnerability information for each sub-server. See
a server. Referenced in Full Server information
blocks and in full host profiles. Includes
vulnerability information for each sub-server. See
for more
information.
53
Operating
System
System
Current
Contains operating system information for Version
3.5+. See
3.5+. See
for more information.
54
Policy Engine
Control Message
Control Message
Current
Contains information on user policy control
changes. See
changes. See
for more information.
55
Attribute
Definition
Definition
Current
Contains information on attribute definitions. See
for more information.
Table 4-27
Host Discovery and Connection Data Block Types (continued)
Type
Content
Data Block Status
Description