Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
4-140
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
User Vulnerability Data Block 5.0+
The User Vulnerability data block describes a vulnerability and is used within User Vulnerability Change
data blocks. These in turn are used in User Set Valid Vulnerabilities events and User Set Invalid
Vulnerabilities events. The User Vulnerability data block for 5.0+ has a block type of 124 in the series
1 group of blocks. It supersedes block type 79. For more information on User Vulnerability Change data
blocks, see
data blocks. These in turn are used in User Set Valid Vulnerabilities events and User Set Invalid
Vulnerabilities events. The User Vulnerability data block for 5.0+ has a block type of 124 in the series
1 group of blocks. It supersedes block type 79. For more information on User Vulnerability Change data
blocks, see
.
The following diagram shows the format of a User Vulnerability data block:
String Block
Length
Length
uint32
Number of bytes in the String data block for the client application
version, including eight bytes for the string block type and length,
plus the number of bytes in the client application version.
version, including eight bytes for the string block type and length,
plus the number of bytes in the client application version.
Version
string
Client application version.
Generic List Block
Type
Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and encapsulated Web
Application data blocks. This number includes the eight bytes of the
generic list block header fields, plus the number of bytes in all of the
encapsulated data blocks.
Application data blocks. This number includes the eight bytes of the
generic list block header fields, plus the number of bytes in all of the
encapsulated data blocks.
Web Application
Data Blocks
Data Blocks
variable
Encapsulated Web Application data blocks up to the maximum
number of bytes in the list block length. See
number of bytes in the list block length. See
for information on the encapsulated data
blocks (block type 123).
Table 4-77
Host Client Application Data Block Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
User Vulnerability Block Type (124)
User Vulnerability Block Length
IP Range
Spec Blocks
Generic List Block Type (31)
Generic List Block Length
IP Range Specification Data Blocks...*
Port
Protocol
Vulnerability ID