Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

4-102

FireSIGHT eStreamer Integration Guide

Chapter 4 Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

User Criticality Change Data Block 4.7+

The User Criticality data block is used to contain a list of IP address range specifications for hosts where
the host criticality changed, the identification number for the user who updated the criticality value,
information about the source that supplied the criticality value, and the criticality value. The User
Criticality data block has a block type of 81 in the series 1 group of blocks. Changes from the previous
User Criticality data block include a new source type field and the use of the Generic list data block
instead of the List data block to store IP addresses.

The User Criticality data block is used in user set host criticality messages as documented in

User Set

Host Criticality Messages, page 4-49

The following diagram shows the basic structure of a User Criticality data block:

Generic List Block
Length

uint32

Number of bytes in the Generic List block and encapsulated data
blocks. This number includes the eight bytes of the generic list block
header fields, plus the number of bytes in all of the encapsulated
data blocks.

User Vulnerability
Data Blocks

variable

Encapsulated User Vulnerability data blocks up to the maximum
number of bytes in the list block length. For more information, see

User Vulnerability Data Block 5.0+, page 4-140

Table 4-59

User Vulnerability Change Data Block Fields (continued)

Field

Number of
Bytes

Description

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

User Criticality Data Block Type (81)

User Criticality Block Length

IP Address

Range Blocks

Generic List Block Type (31)

Generic List Block Length

IP Address Range Specification Data Blocks...

Source ID

Source Type

Criticality Value...